Nagios Event Log NSCLIENT help

[me@work55]

I just got this working but now I see this



Windows System Event Log

Notifications for this service have been disabled

CRITICAL 01-26-2017 15:03:00 0d 1h 8m 17s 3/3 EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, User32, EventLog, EventLog, EventLog, EventLog, AFD, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog,

Code: Select all

        define service{
        use                     generic-service
        host_name               metro-12-dc06
        service_description     Windows System Event Log
        servicegroups           Event_Logs
        is_volatile             0
        check_period            24x7
        max_check_attempts      3
        normal_check_interval   5
        retry_check_interval    1
        contact_groups          win-admins
        notification_interval   120
        notification_period     24x7
        notification_options    w,u,c,r
        check_command           check_win_nrpe!checkeventlog! -a file=system MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"
        }

        define service{
        use                     generic-service
        host_name               metro-12-dc06
        service_description     Windows Application Event Log
        servicegroups           Event_Logs
        is_volatile             0
        check_period            24x7
        max_check_attempts      3
        normal_check_interval   5
        retry_check_interval    1
        contact_groups          win-admins
        notification_interval   120
        notification_period     24x7
        notification_options    w,u,c,r
        check_command           check_win_nrpe!checkeventlog! -a file=application MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"
        }

The application log is ok has the same settings

Any ideas?

[dwhitfield]

Can you send the output of tail -100 /usr/local/nagios/var/nagios.log and your nsclient.log. Do you mean Nagios or NSClient when you say the application log? If not, can you send the application log as well?

[me@work55]

It seems ok now
but I think when it has no events it shows what I posted above.

Also I am wondering why it shows events because I open the event viewer on the server and do not see the events it is reporting

Is something not clearing

Any ideas?

thanks

[me@work55]

Hi

I my

Code: Select all

check_command           check_win_nrpe!checkeventlog! -a file=system MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"

Is the -1h suppose to only check the log for the past hour? It seems to me it is reading the entire log

Thanks

Tom

[dwhitfield]

Please send the output of tail -100 /usr/local/nagios/var/nagios.log and your nsclient.log

[me@work55]

See attached

[dwhitfield]

What's the output if you run the check from the command line?

[me@work55]

give me the correct syntax to run that

[mcapra]

We would have to see the command definition for check_win_nrpe. Can you share that so we can compare it to your service's check_command definition?

[me@work55]

here it is

Code: Select all

define command{
command_name check_eventlog
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -t 30 -c CheckEventLog -a filter file=application MaxWarn=1 MaxCrit=1 "filter=generated lt -1h AND severity NOT IN ('success', 'informational')" unique descriptions "syntax=%source% {EventID %id%}[%severity%](Count=%count%)^MDate:%generated%^M%message%^M"
}

Code: Select all

       define service{
        use                     generic-service
        host_name               metro-12r2-ltdb
        service_description     Windows System Event Log
        servicegroups           Event_Logs
        is_volatile             0
        check_period            24x7
        max_check_attempts      3
        normal_check_interval   5
        retry_check_interval    1
        contact_groups          win-admins
        notification_interval   120
        notification_period     24x7
        notification_options    w,u,c,r
        check_command           check_win_nrpe!checkeventlog! -a file=system MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"
        }

        define service{
        use                     generic-service
        host_name               metro-12r2-ltdb
        service_description     Windows Application Event Log
        servicegroups           Event_Logs
        is_volatile             0
        check_period            24x7
        max_check_attempts      3
        normal_check_interval   5
        retry_check_interval    1
        contact_groups          win-admins
        notification_interval   120
        notification_period     24x7
        notification_options    w,u,c,r
        check_command           check_win_nrpe!checkeventlog! -a file=application MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"
        }