Monitoring event ID on Nagios core 4.3.4

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Vishh
Posts: 4
Joined: Fri Dec 06, 2019 9:19 am

Monitoring event ID on Nagios core 4.3.4

Post by Vishh »

Hi Guys, please help me in monitoring event ID on Nagios core.

Below command gives proper output,

Code: Select all

libexec]$ ./check_nrpe -H Hostname -c checkeventlog -a filter="id=4231" scan-range=-5m
OK: No entries found|'count'=0;1;2
[/b]

but when implemented the same on Nagios, I will get Critical alert with some Junk messages.
CRITICAL: 21 message(s) Application Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Below are the service and command definition

Code: Select all

define service{
        use                     app-service
        host_name               Hostname
        service_description     APP - EventID-4231 Port Exhaust
        check_command           check_nrpe!check_eventlog!'filter=id=4231' scan-range=-5m
        max_check_attempts      1
        }


define command{
        command_name    check_eventlog
        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$
        }
Further, please find the changes made in nsclient.ini file and suggest the correct configurations for the desired output.

Code: Select all

[/modules]
CheckEventLog=enabled

; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1

[/settings/eventlog]
buffer size = 131072
debug = 0
lookup names = 1

[/settings/eventlog/real-time]

enabled = true
log=application,system
startup age=30m
filter=id = 4231 and category = 0
Thanks
Last edited by Vishh on Wed Feb 19, 2020 6:19 pm, edited 1 time in total.
Top
User avatar
Box293
Too Basu
Posts: 5126
Joined: Sun Feb 07, 2010 10:55 pm
Location: Deniliquin, Australia
Contact:
Contact Box293

Re: Monitoring event ID on Nagios core 4.3.4

Post by Box293 »

You have two different arguments.
Vishh wrote:Below command gives proper output,

Code: Select all

libexec]$ ./check_nrpe -H 10.177.60.232 -c checkeventlog -a warn=1 crit=2 filter="id=4231" scan-range=-30m
OK: No entries found|'count'=0;1;2
[/b]
specifically I am highlighting warn=1 crit=2 filter="id=4231" scan-range=-30m

Now here you are defining:
Vishh wrote:Below are the service and command definition

Code: Select all

define service{
        use                     assetpoint-app-service
        host_name               papxi05
        service_description     APP - EventID-4231 Port Exhaust
        check_command           check_nrpe!check_eventlog!'filter=id=4231' scan-range=-5m
        max_check_attempts      1
        }
specifically I am highlighting filter=id=4231' scan-range=-5m

The reason why the service is giving different results to your command line test is because they are not the same.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Open Source Nagios Projects”