NSClient++ Help (#1) - how can i watch more messages (#913) - Message List

how can i watch more messages

Hallo,

First, excuse me for my bad english. I try to explain my problem. I have to watch eventlogs-security on a lot of ms-servers.

I have to watch events with id (528 and 540), generated> -5m and with more User-accounts.

check_nrpe -H xxxxxx -c CheckEventLog -a file="security" MaxWarn=1 MaxCrit=1 "filter-generated> -5m AND id IN (540,528) AND message like 'account1" truncate ..............., works well.

But when i want to ask for more accounts like

check_nrpe -H xxxxxx -c CheckEventLog -a file="security" MaxWarn=1 MaxCrit=1 "filter-generated> -5m AND id IN (540,528) AND message like ('account1','account2','account3')" truncate ..............., stops with failure : Parsing failed : AND messsage like 'account1','account2......).

check_nrpe -H xxxxxx -c CheckEventLog -a file="security" MaxWarn=1 MaxCrit=1 "filter-generated> -5m AND id IN (540,528) AND message IN ('account1','account2','account3')" truncate ..............., works, but returned no event from eventlog,

Is it possible to have more strings in message. Or did i misunderstood checkEventLog

Regards v32tela

v32tela
02/10/12 11:42:12 (16 months ago)
Tree View Flat View (newer first) Flat View (older first)
  • Message #2423

    Yes, but not using in in would match equality (which is I guess not what you want right?)

    You can use multiple like using or like so: 

    AND ( message like 'account1' OR message like 'account2' OR message like 'account3' )

    Michael Medin

    mickem
    02/11/12 12:21:07 (16 months ago)
    • Message #2425

      Hei Michael,

      you did an excellent job. It works perfekt.

      Grettings v32tela

      v32tela
      02/13/12 10:09:28 (16 months ago)
Tree View Flat View (newer first) Flat View (older first)

Subscriptions