Nagios Event Log Checking

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Nagios Event Log Checking

Postby kwhogster » Thu Feb 09, 2017 12:53 pm

Just added event log checking on Nagios 4.1 Core

Getting this error

TGCS001 Check Event Logs Notifications for this service have been disabled CRITICAL 02-09-2017 12:44:07 0d 0h 42m 54s 3/3 warning: EventLog: The system uptime is 42648 seconds. (1), eventlog: 1 > critical

This event is event id 6013 and is an informational event not an Error or Warning I only want Error and Warning events to be checked.

My code service definition

Code: Select all
define service {
        host_name                       TGCS001
        service_description             Check Event Logs
        check_command                   check_nrpe!alias_event_log
        servicegroups                   Event Logs
        check_interval                  1
        use                             generic-service
}



My NSClient.INI entry nsclient is 4.1.73 version

Code: Select all
; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log
alias_event_log = CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -1h AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"



So why is this information event alerting?
After a hour it will clear but it should never error in the first place

What is wrong with my code?

Thanks

Tom
kwhogster
 
Posts: 378
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA

Re: Nagios Event Log Checking

Postby tmcdonald » Thu Feb 09, 2017 6:03 pm

It might be beneficial to cross-post this to the NSClient forums since this is more their wheelhouse. The query you are using looks fine to me. I'd enable debug and see if that query logs the variables you are trying to match/filter against:

https://docs.nsclient.org/faq/#110-enable-debug-log
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
tmcdonald
Support Manager
 
Posts: 8223
Joined: Mon Sep 23, 2013 8:40 am

Re: Nagios Event Log Checking

Postby tgriep » Thu Feb 09, 2017 6:07 pm

I looks like there is a bug in NSClient that may be what you are seeing.
https://github.com/mickem/nscp/issues/93
The url also says to use level and not severity in the command. Try that and see if that fixes it for you.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
tgriep
Madmin
 
Posts: 4593
Joined: Thu Oct 30, 2014 9:02 am

Re: Nagios Event Log Checking

Postby kwhogster » Thu Feb 09, 2017 6:14 pm

Guys

I tried going to another version of nsclient and that broke all other services.

and in another post I did that and they said upgrade nrpe not an option at this time

It is not a bug it is a syntax issue

Upgrading is not always the answer and it does lead to more problems than we need at this time

Yes I thought the command looked good to me but it keeps reporting informational as warnings
kwhogster
 
Posts: 378
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA

Re: Nagios Event Log Checking

Postby tgriep » Fri Feb 10, 2017 11:45 am

Did you try and change the following section from
Code: Select all
severity NOT IN

to
Code: Select all
level NOT IN

and see if that works?
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
tgriep
Madmin
 
Posts: 4593
Joined: Thu Oct 30, 2014 9:02 am

Re: Nagios Event Log Checking

Postby kwhogster » Fri Feb 10, 2017 8:20 pm

tgriep

I tried that on one server my results


TGCS001 Check Event Logs notifications for this service have been disabled
UNKNOWN 02-10-2017 20:22:50 0d 0h 3m 17s 3/3 Static evaluation failed: Unhandled exception static eval: {bool}op:and({bool}op:and({bool}op:>({date}:generated, {date}#1486772570), {bool}op:not in({ui:2}:level, {ui:2} { {ui:2}fun:bound:auto_convert({string}'success'), {ui:2}fun:bound:auto_convert({string}'informational'), } )), {bool}op:?({string}:source, {string}'SideBySide'))

reverted back :o


Thanks
kwhogster
 
Posts: 378
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA

Re: Nagios Event Log Checking

Postby tgriep » Mon Feb 13, 2017 3:07 pm

It looks like the upgrade is needed at this point.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
tgriep
Madmin
 
Posts: 4593
Joined: Thu Oct 30, 2014 9:02 am

Re: Nagios Event Log Checking

Postby kwhogster » Mon Feb 13, 2017 9:42 pm

upgrade what?

I tried upgrading the nsclient an that caused more problems


upgrade what ?
kwhogster
 
Posts: 378
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA

Re: Nagios Event Log Checking

Postby dwhitfield » Tue Feb 14, 2017 12:33 pm

kwhogster wrote:I tried going to another version of nsclient and that broke all other services
.

The thing about NSClient is they change the configs with every version. You can't just update NSClient. You have to go through and recheck everything. I know that's frustrating, but NSClient is not our project.

kwhogster wrote:and in another post I did that and they said upgrade nrpe not an option at this time


Another post here? Which one? Are you saying upgrading NRPE is not an option or did someone tell you it wasn't an option?


As far as I can tell, the documentation on eventlogs mentioned at https://github.com/NagiosEnterprises/ncpa/issues/143 never happened, but NCPA is our product, so you might have better results using that.


Also, we have a commercial product designed specifically for logs: https://www.nagios.com/products/nagios-log-server/
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
dwhitfield
The Doctor
 
Posts: 2330
Joined: Wed Sep 21, 2016 10:29 am
Location: Nagios Enterprises, LLC

Re: Nagios Event Log Checking

Postby kwhogster » Tue Feb 14, 2017 8:09 pm

I tried the Log program before an that does not work well either.

In my research I saw that upgrading the NSLCIENT would fix this.

But I have a lot of check_nt commands defined and I need to re work them to use check_nrpe instead.

I will try on one machine with the New NSCLIENT first.
kwhogster
 
Posts: 378
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA

Next

Return to Nagios Core

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 12 guests