Nagios check_logfiles can control EventID Error codes?

[feltham99]

Here:

http://labs.consol.de/wp-content/upload ... -3.4.2.zip

[tmcdonald]

Well looking over the documentation:

http://labs.consol.de/lang/en/nagios/check_logfiles/

it doesn't appear that there is a way to filter by ID, however you can specify a pattern for both warning and crit and if the error code appears in the actual text you might be able to work off that.

[feltham99]

Well looking over the documentation:

http://labs.consol.de/lang/en/nagios/check_logfiles/

it doesn't appear that there is a way to filter by ID, however you can specify a pattern for both warning and crit and if the error code appears in the actual text you might be able to work off that.

There is a way to filter by ID by this syntax:

exclude => {
eventid => 1058,
},

but i asked 4 filter errocodes of an event that you find in its details like i shown before ....

[tmcdonald]

exclude => {
eventid => 1058,
},

That looks like perl code but you linked us to a Windows binary. Are you sure you sent us the right link?

[feltham99]

That is a Micorosft binary plugin & was insatalled on the host monitored with NSClient++:

C:\Program Files\NSClientNME32\plugins\check_logfiles.exe

& control its event viewer by rules writed in a file .cfg like i show below i think:

C:\nagios.cfg\check_logfiles_GROUPP

@searches = ({
tag => 'System',
type => 'eventlog',
options => 'eventlogformat="%w src:%s id:%i %m",nosavethresholdcount',
eventlog => {
eventlog => 'System',
include => {
eventtype => 'error',
eventid => '1058',
operation => 'and',
},
},
criticalthreshold => 6,
criticalpatterns => '.*'
})

[tmcdonald]

I'll admit you've got us all a little stumped.

What exactly is the C:\nagios.cfg\check_logfiles_GROUPP you mention? That really shouldn't even exist. In addition, what is NSClientNME32? There is no mention of that on Google.

[sreinhardt]

It does not appear that by default you can filter by error code, but only these things:

Code: Select all

The formatstring knows the following tokens:
%t 	EventType
%i 	EventID
%s 	Source
%c 	Category
%w 	Timewritten
%g 	TimeGenerated
%m 	Message

You should be able to expand upon that with regex though, as it seems to support a whole lot of that.

[feltham99]

Thanks all 4 support me, no way .....

sreinhardt what is regex?

[tmcdonald]

regex is a short name for "regular expressions". Basically they are a way of defining a pattern, and seeing if a text string fits that pattern:

A pattern of "cat" would fit the following strings:

cat
a cat
cat food
catch
tomcat

As you can see, it does not matter where "cat" appears as long as it does. This is an incredibly simple explanation for as complex an issue as regex.