Nagios Support Forum

Posted: **Thu Feb 09, 2017 12:53 pm**

Just added event log checking on Nagios 4.1 Core

Getting this error

TGCS001 Check Event Logs Notifications for this service have been disabled CRITICAL 02-09-2017 12:44:07 0d 0h 42m 54s 3/3 warning: EventLog: The system uptime is 42648 seconds. (1), eventlog: 1 > critical

This event is event id 6013 and is an informational event not an Error or Warning I only want Error and Warning events to be checked.

My code service definition

Code: Select all

define service {
        host_name                       TGCS001
        service_description             Check Event Logs
        check_command                   check_nrpe!alias_event_log
        servicegroups                   Event Logs
        check_interval                  1
        use                             generic-service
}

My NSClient.INI entry nsclient is 4.1.73 version

Code: Select all

; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log
alias_event_log = CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -1h AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"

So why is this information event alerting?
After a hour it will clear but it should never error in the first place

What is wrong with my code?

Thanks

Tom

Posted: **Thu Feb 09, 2017 6:03 pm**

It might be beneficial to cross-post this to the NSClient forums since this is more their wheelhouse. The query you are using looks fine to me. I'd enable debug and see if that query logs the variables you are trying to match/filter against:

https://docs.nsclient.org/faq/#110-enable-debug-log

Posted: **Thu Feb 09, 2017 6:07 pm**

I looks like there is a bug in NSClient that may be what you are seeing.
https://github.com/mickem/nscp/issues/93
The url also says to use level and not severity in the command. Try that and see if that fixes it for you.

Posted: **Thu Feb 09, 2017 6:14 pm**

Guys

I tried going to another version of nsclient and that broke all other services.

and in another post I did that and they said upgrade nrpe not an option at this time

It is not a bug it is a syntax issue

Upgrading is not always the answer and it does lead to more problems than we need at this time

Yes I thought the command looked good to me but it keeps reporting informational as warnings

Posted: **Fri Feb 10, 2017 11:45 am**

Did you try and change the following section from

Code: Select all

severity NOT IN

to

Code: Select all

level NOT IN

and see if that works?

Posted: **Fri Feb 10, 2017 8:20 pm**

tgriep

I tried that on one server my results

TGCS001 Check Event Logs notifications for this service have been disabled
UNKNOWN 02-10-2017 20:22:50 0d 0h 3m 17s 3/3 Static evaluation failed: Unhandled exception static eval: {bool}op:and({bool}op:and({bool}op:>({date}:generated, {date}#1486772570), {bool}op:not in({ui:2}:level, {ui:2} { {ui:2}fun:bound:auto_convert({string}'success'), {ui:2}fun:bound:auto_convert({string}'informational'), } )), {bool}op:?({string}:source, {string}'SideBySide'))

reverted back

Thanks

Posted: **Mon Feb 13, 2017 3:07 pm**

It looks like the upgrade is needed at this point.

Posted: **Mon Feb 13, 2017 9:42 pm**

upgrade what?

I tried upgrading the nsclient an that caused more problems

upgrade what ?

Posted: **Tue Feb 14, 2017 12:33 pm**

kwhogster wrote: I tried going to another version of nsclient and that broke all other services

.

The thing about NSClient is they change the configs with every version. You can't just update NSClient. You have to go through and recheck everything. I know that's frustrating, but NSClient is not our project.

kwhogster wrote:and in another post I did that and they said upgrade nrpe not an option at this time

Another post here? Which one? Are you saying upgrading NRPE is not an option or did someone tell you it wasn't an option?

As far as I can tell, the documentation on eventlogs mentioned at https://github.com/NagiosEnterprises/ncpa/issues/143 never happened, but NCPA is our product, so you might have better results using that.

Also, we have a commercial product designed specifically for logs: https://www.nagios.com/products/nagios-log-server/

Posted: **Tue Feb 14, 2017 8:09 pm**

I tried the Log program before an that does not work well either.

In my research I saw that upgrading the NSLCIENT would fix this.

But I have a lot of check_nt commands defined and I need to re work them to use check_nrpe instead.

I will try on one machine with the New NSCLIENT first.

Nagios Support Forum

Nagios Event Log Checking

Nagios Event Log Checking

Re: Nagios Event Log Checking

Re: Nagios Event Log Checking

Re: Nagios Event Log Checking

Re: Nagios Event Log Checking

Re: Nagios Event Log Checking

Re: Nagios Event Log Checking

Re: Nagios Event Log Checking

Re: Nagios Event Log Checking

Re: Nagios Event Log Checking