NSClient++ Help (#1) - Check Eventlog Command Syntax (#944) - Message List

Check Eventlog Command Syntax

I am trying to figure out the correct syntax for a TaskScheduler? log located in:

%SystemRoot?%\System32\Winevt\Logs\Microsoft-Windows-TaskScheduler?%4Operational.evtx

I know it can't check this and that it looks for registered logs here

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet?\services\eventlog\

So if the log I'm looking for is here: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet?\services\eventlog\system\Microsoft-Windows-TaskScheduler?

Can file be specified as file="system\Microsoft-Windows-TaskScheduler?" ?

CheckEventLog file="system\Microsoft-Windows-TaskScheduler?" debug=true MaxWarn=1 MaxCrit=1 filter+eventID==200 "filter=severity = 'informational' AND generated gt -15m" truncate=800 unique descriptions "syntax=%message% (%count%)"

EdM
04/03/12 20:39:13 (14 months ago)
Tree View Flat View (newer first) Flat View (older first)
  • Message #2496

    Well, it will (read should) read that key for you so specifying "Microsoft-Windows-TaskScheduler?" should be sufficient. You should also be able to specify the "name" (a key below) as well... (again in theory, so if it doesn't work please let me know so I can fix it)

    Michael Medin

    mickem
    04/04/12 07:14:39 (14 months ago)
Tree View Flat View (newer first) Flat View (older first)

Subscriptions