Hello,
I am using Nagios Core and monitoring Windows Servers running NSClient++. Everything seems to be running ok but I am receiving critical alert messages about system uptime, for example: "warning: EventLog: The sytem uptime is 27725115 seconds. (1), eventlog: 1 critical." I have tried clearing out the Windows System Event log which seems to help briefly but the messages come back.
How do I fix these messages?
Thank you in advanced for your assistance.
Nagios Core and NSClient++ Windows servers system uptime
Re: Nagios Core and NSClient++ Windows servers system uptim
It means you have not rebooted that system in ~320 days (27725115 seconds). You will need to increase the warning/critical thresholds for that uptime check or else just reboot the server to reset the timer to 0.
Former Nagios employee
- Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: Nagios Core and NSClient++ Windows servers system uptim
Thats a long time for a Windows server without a reboot ... just proves it's a pretty robust OSWhistleeeeee
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Nagios Core and NSClient++ Windows servers system uptim
Thank you for the replies. I will see about adjusting the threshold as we have some servers that cannot be rebooted regularly. Which plugin would it be for? The alert shows as part of the Event Log check.
Thanks Again.
Thanks Again.
Re: Nagios Core and NSClient++ Windows servers system uptim
How is the check defined in the nsclient.ini?Which plugin would it be for? The alert shows as part of the Event Log check.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Nagios Core and NSClient++ Windows servers system uptim
Here is what is in the nsclient.ini for those options, which are set as the defaults:
; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log
alias_event_log = CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
; alias_up - Alias for alias_up. To configure this item add a section called: /settings/external scripts/alias/alias_up
alias_up = checkUpTime MinWarn=1d MinWarn=1h
; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log
alias_event_log = CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
; alias_up - Alias for alias_up. To configure this item add a section called: /settings/external scripts/alias/alias_up
alias_up = checkUpTime MinWarn=1d MinWarn=1h
-
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: Nagios Core and NSClient++ Windows servers system uptim
Based on your command there, its not an uptime issue, but an issue with the critical threshold for number of events that are not "success or informational and are not from SideBySide" in your logs within the time window that its viewing. Since you have 1 or more, you get a critical message. The parts you should consider changing are highlighted.
; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log
alias_event_log = CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Re: Nagios Core and NSClient++ Windows servers system uptim
Thank you for responding. I tested using a value of 3 for your highlighted suggestions and the alert stopped (although it still shows up as a warning). Where can I find out more about this setting? Will I miss any alerts if I set the value too high?
-
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: Nagios Core and NSClient++ Windows servers system uptim
You could try looking at the nsclient man pages, but it all depends on if they are back in a decent state from the reorg of the site. All those values are doing in this instance, is setting a threshold for when you should see a warning or critical response. Specifically how many events that are found you are willing to allow prior to getting a warning or critical. If you have critical at 5 and warning at 3, that seems like a pretty reasonable amount to me, but it 100% depends on your system, your applications, and your expectations of when to be alerted. So I can speculate on what I would do with limited information, but only so far. Yes you could loose alerts depending on what you set the threshold to, but 1 is almost definitely too low, just like 100 is almost definitely too high.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Re: Nagios Core and NSClient++ Windows servers system uptim
http://nsclient.org/nscp/wiki/CheckEven ... k_eventlog
Towards the middle of that first table. Setting it too high will obviously cause it to rarely if ever trigger, but really it's a threshold like any other and depends on your environment. If you ride along at just 2 log entries for a while you will just miss the mark. I would also recommend setting the warn/crit values to different things, unless you specifically want to force a critical and never see warnings.
Towards the middle of that first table. Setting it too high will obviously cause it to rarely if ever trigger, but really it's a threshold like any other and depends on your environment. If you ride along at just 2 log entries for a while you will just miss the mark. I would also recommend setting the warn/crit values to different things, unless you specifically want to force a critical and never see warnings.
Former Nagios employee