NSClient++ Help (#1) - can't get real-time event log monitoring to work anymore (#998) - Message List
Hi Michael,
I had tested the 0.4.13 build of real-time monitoring and verified it worked with the service names and everything. Today I started making some more complex config files and the real-time monitoring stopped working. Now I can't get it to work with even the simplist of configs. I just installed 0.4.14 on a fresh server and tested with the following config file.
[/modules] NSCAClient = 1 Scheduler = 1 CheckEventLog = 1 [/settings/crash] archive=true archive folder=c:\temp [/settings/log] level = debug [/settings/default/] allowed hosts = 192.168.1.100 [/settings/NSCA/client] hostname = testserver [/settings/NSCA/client/targets/default] host = 192.168.1.100 encryption = aes password = password [/settings/eventlog/real-time] enabled=true destination=NSCA log = Application filter=id = 100
I'm getting the following output.
C:\Program Files\NSClient++>nscp test --debug
d vice\logger_impl.cpp:372 Creating logger: console
d rvice\NSClient++.cpp:374 NSClient++ 0,4,1,4 2012-06-17 x64 Loading settings and logger...
d ngs_manager_impl.cpp:170 No entries found looking in (adding default): C:/Program Files/NSClient++//boot.ini
d ngs_manager_impl.cpp:178 Boot order: old://${exe-path}/nsc.ini, ini://${shared-path}/nsclient.ini
d ngs_manager_impl.cpp:181 Activating: ini://${shared-path}/nsclient.ini
d ngs_manager_impl.cpp:73 Creating instance for: ini://${shared-path}/nsclient.ini
d ngs/settings_ini.hpp:268 Reading INI settings from: C:/Program Files/NSClient++//nsclient.ini
d ngs/settings_ini.hpp:234 Loading: C:/Program Files/NSClient++//nsclient.ini from ini://${shared-path}/nsclient.ini
l rvice\NSClient++.cpp:385 NSClient++ 0,4,1,4 2012-06-17 x64 booting...
d rvice\NSClient++.cpp:386 Booted settings subsystem...
d rvice\NSClient++.cpp:453 On crash: restart: NSClientpp
d rvice\NSClient++.cpp:465 Archiving crash dumps in: c:\temp
d rvice\NSClient++.cpp:532 booting::loading plugins
d rvice\NSClient++.cpp:298 Found: CheckEventLog
d rvice\NSClient++.cpp:298 Found: NSCAClient
d rvice\NSClient++.cpp:298 Found: Scheduler
d rvice\NSClient++.cpp:829 addPlugin(C:/Program Files/NSClient++//modules/CheckEventLog.dll as )
d rvice\NSClient++.cpp:829 addPlugin(C:/Program Files/NSClient++//modules/NSCAClient.dll as )
d rvice\NSClient++.cpp:829 addPlugin(C:/Program Files/NSClient++//modules/Scheduler.dll as )
d rvice\NSClient++.cpp:806 Loading plugin: Event log Checker.
d rvice\NSClient++.cpp:806 Loading plugin: NSCAClient
d eventlog_wrapper.cpp:80 Attempting to match: Application with Application
d rvice\NSClient++.cpp:806 Loading plugin: Scheduler
d eduler\Scheduler.cpp:79 Thread count: 5
d rvice\NSClient++.cpp:604 NSClient++ - 0,4,1,4 2012-06-17 Started!
l ce\simple_client.hpp:32 Enter command to inject or exit to terminate...
When I issue the following command to generate an eventlog entry, the entry is created, but nscp doesn't output anything to indicate it read the event.
nscp eventlog --exec insert-eventlog --source "Shopping Basket" --id 100 --level error --category 0
I have also tried the more complicated configurations that we have tested successfully in the past. Nothing is showing any indication that the event log is getting read.
Am I missing something really obvious?
Thanks! Mike
-
Message #2649
Not 100% sure here but I think that the "old" (0.4.0) syntax is "Not supported". I moved the "default" filter and destination to a default filter.
I can verify this tonight...
Michael Medin
mickem06/19/12 13:05:10 (12 months ago)-
Message #2650
Actually, you don't need to spend your time on it. I just pulled the example from another thread on the real-time monitoring and it works. I'll figure out what my issue was after I get some sleep.
Thanks. mikep
mikep06/19/12 14:50:07 (12 months ago)-
Message #2651
Right...
What I think is the following:
[/settings/eventlog/real-time] enabled=true destination=NSCA log = Application filter=id = 100
should be:
[/settings/eventlog/real-time] enabled=true [/settings/eventlog/real-time/filters/default] destination=NSCA log = Application [/settings/eventlog/real-time/filters/foobar] filter=id = 100
But that could be compleatly wrong... don't recall the syntax off the top of my head...
Once I finish NRDP (and maybe check_mk) I will tweak settings a bit so module ownership can be traced. And start adding in-code command descriptions. After this we will get a generated documentation for "all commands" and modules. Hopefully this means somewhere during summer we will have updated documentations for "0.4.2" (read 0.4.0)... Also you will be able to do:
nscp settings --generate docs
To get your own documentation for your perticular setup. But more importantly you will be able to do something long the lines of this:
nscp settings --generate docs --module checkeventlog
To get the documantation for eventlog module...
What you can do now is:
nscp settings --generate trac
which will do this (but formated for trac) for all modules (which ended up not as usefull as I had hoped).
You can also generate the configuration file (if you prefer) as well...
Michael Medin
mickem06/19/12 15:06:16 (12 months ago)-
Message #2658
Well, I finally found what my issue was. Unfortunately, I didn't directly copy an paste the config file, so my typo wasn't apparent in this post. I had left off the leading / before the word settings.
[settings/eventlog/real-time]
instead of
[/settings/eventlog/real-time]
So when I would run sample code I copied from the site, it would work. but when I tried my own config, it always failed. Of course, I had copy and pasted my inital config to build out the more complicated config. So the same issue was in all of my real-time settings.
I know this is totally my braindead fault, but have you considered having an error line displayed in the debug output when a config file doesn't have proper syntax? It would have saved be about 10 hours and lots of hair. :)
Everything is looking great again.
Thanks.
mikep
mikep06/20/12 08:00:24 (12 months ago)
-
-
-
