NSClient++ Help (#1) - New eventlog %message% option error (#86) - Message List

New eventlog %message% option error

I am trying to use the new %message% option but all I get is an error. Here is the check I'm using (from the command line): ./check_nrpe -H 192.168.7.3 -p 5666 -c checkEventLog -a filter=new file=system MaxWarn=1 MaxCrit=1 syntax=%message% filter+generated=\<4d filter.eventSource=eventlog filter+eventID==6013 truncate=1024 descriptions=true unique. And the result is: failed to lookup error code: 6013 from DLL: C:\WINDOWS\System32\netevent.dll( reson: 31, : 1 > critical|=1;1;1;

Windows server is running Windows 2003 SP2 nsclient++ version is 0.3.0.14 nrpe version 2.6 I checked the nsc.log file on the Windows server but don't see any related errors.

Has anyone else gotten this to work, does my syntax look right?

Thanks.

Roger Glass
02/01/08 19:54:57 (5 years ago)
Tree View Flat View (newer first) Flat View (older first)
  • Message #198

    I have noticed "some" messages get that error I shall see if I can figure it out... So it is a "known" problem :) When a messages could not be renderd (that is what you will see instead)

    MickeM

    mickem
    02/01/08 21:17:45 (5 years ago)
  • Message #199

    Try the latest nightly, I have tinkerd a bit with the message lookups, but this is one of those "undocumented areas" of windows so I am not sure I have doine things the "right" way, so let me know how it work out.

    MickeM

    mickem
    02/02/08 13:55:32 (5 years ago)
    • Message #205

      Will do, I'll let you know what I find. Thanks.

      Roger Glass
      02/04/08 22:23:15 (5 years ago)
      • Message #206

        Hmmm...I don't think that is quite it, here is what I got from two different eventlog lookups (these are from the command line):

        1. ./check_nrpe -H 192.168.6.1 -p 5666 -c checkEventLog -a filter=new file=system MaxWarn=1 MaxCrit=1 syntax=%message% filter+generated=\<4d filter.eventSource="Service Control Manager" filter+eventID==7035 descriptions=true unique

        1 results: DOS graphics mode is not supported., : 4 > critical|=4;1;1; to enable DOS graphics mode.

        1. ./check_nrpe -H 192.168.6.1 -p 5666 -c checkEventLog -a filter=new file=system MaxWarn=1 MaxCrit=1 syntax=%message% filter+generated=\<4d filter.eventSource=eventlog filter+eventID==6013 descriptions unique truncate=1024

        2 result: The encryption algorithm used on the source file needs a bigger key buffer than the one on the destination file., : 4 > critical|=4;1;1;

        Messages are comming back but they appear to be for other things. The first command above should have returned "The NSClientpp (Nagios) 0.3.0.39 2008-02-03 w32 service was successfully sent a start control." and the 2nd, "The system uptime is 621771 seconds.". The test system is a Windows Server 2003 SP2 server and the commands are executed with NRPE version 2.6. Let me know if you want me to run any other commands or tests.

        Regards,

        Roger

        Roger Glass
        02/04/08 22:53:27 (5 years ago)
        • Message #208

          humm, yes... I had "from dll and from system" so it seemed he found a "better" on from the system, I have changed now so I only look in the DLL, check the latest nightly and see, seemed to work better for me.

          A thing I noticed though is that unique might be "bad" as "Tjänsten NSClientpp (Nagios) 0.3.0.32 2008-02-02 w32 tog emot en stoppa-kontroll." is "the same" as: "Tjänsten IMAPI CD-Burning COM Service tog emot en starta-kontroll."

          (which is another service and another "action" (stop/start) so might not be for everyone, just thought I'd mention it)

          MickeM

          mickem
          02/04/08 23:13:02 (5 years ago)
    • Message #207

      Will do, I'll let you know what I find. Thanks.

      Roger Glass
      02/04/08 22:53:45 (5 years ago)
      • Message #232

        The nightly update does improve things. Using version 0.3.0.54 2008-02-12 it works much better.

        Thanks,

        -Roger

        Roger Glass
        02/14/08 00:54:41 (5 years ago)
        • Message #1088

          Sorry. Make hunger thy sauce, as a medicine for health. I am from Emirates and also am speaking English, give true I wrote the following sentence: "However, gaining lean body weight is a slow process that takes months or years rather."

          8) Thanks in advance. Howe.

          Howe
          02/20/09 04:44:07 (4 years ago)
        • Message #954

          I'm clearly missing something, it catches the event, but returns this:

          %message% needs the descriptions flag set!

          Where am I supposed to set this flag?

          thanks --Brian

          wingmanNorCal
          01/12/09 20:00:34 (4 years ago)
          • Message #962

            on the command line (just add descriptions after the syntax=... and it should be fine).

            Reason here is when description flag is set it is "slower" then without...

            MickeM

            mickem
            01/13/09 20:53:48 (4 years ago)
Tree View Flat View (newer first) Flat View (older first)

Subscriptions