Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Vishh
Posts: 4 Joined: Fri Dec 06, 2019 9:19 am
Post
by Vishh » Wed Feb 19, 2020 5:21 pm
Hi Guys, please help me in monitoring event ID on Nagios core.
Below command gives proper output,
Code: Select all
libexec]$ ./check_nrpe -H Hostname -c checkeventlog -a filter="id=4231" scan-range=-5m
OK: No entries found|'count'=0;1;2
[/b]
but when implemented the same on Nagios, I will get Critical alert with some Junk messages.
CRITICAL: 21 message(s) Application Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Below are the service and command definition
Code: Select all
define service{
use app-service
host_name Hostname
service_description APP - EventID-4231 Port Exhaust
check_command check_nrpe!check_eventlog!'filter=id=4231' scan-range=-5m
max_check_attempts 1
}
define command{
command_name check_eventlog
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$
}
Further, please find the changes made in nsclient.ini file and suggest the correct configurations for the desired output.
Code: Select all
[/modules]
CheckEventLog=enabled
; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1
[/settings/eventlog]
buffer size = 131072
debug = 0
lookup names = 1
[/settings/eventlog/real-time]
enabled = true
log=application,system
startup age=30m
filter=id = 4231 and category = 0
Thanks
Last edited by
Vishh on Wed Feb 19, 2020 6:19 pm, edited 1 time in total.
Box293
Too Basu
Posts: 5126 Joined: Sun Feb 07, 2010 10:55 pm
Location: Deniliquin, Australia
Contact:
Post
by Box293 » Wed Feb 19, 2020 5:27 pm
You have two different arguments.
Vishh wrote: Below command gives proper output,
Code: Select all
libexec]$ ./check_nrpe -H 10.177.60.232 -c checkeventlog -a warn=1 crit=2 filter="id=4231" scan-range=-30m
OK: No entries found|'count'=0;1;2
[/b]
specifically I am highlighting
warn=1 crit=2 filter="id=4231" scan-range=-30m
Now here you are defining:
Vishh wrote: Below are the service and command definition
Code: Select all
define service{
use assetpoint-app-service
host_name papxi05
service_description APP - EventID-4231 Port Exhaust
check_command check_nrpe!check_eventlog!'filter=id=4231' scan-range=-5m
max_check_attempts 1
}
specifically I am highlighting
filter=id=4231' scan-range=-5m
The reason why the service is giving different results to your command line test is because they are not the same.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new
Privacy Policy .