Windows Event Log Check Filter not working

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
me@work55
Posts: 44
Joined: Sun Jan 22, 2017 6:15 pm

Windows Event Log Check Filter not working

Post by me@work55 »

Hello

I asked this in the past but lost my messages on the subject. SO I am here again trying this.

I use these two command
$USER1$/check_nrpe -A $USER5$/ca/anakin-ca.crt -C $USER5$/nagios_server/nagios_server.crt -K $USER5$/nagios_server/nagios_server.key -2 -P 8192 -H $HOSTADDRESS$ -t 60 -c check_eventlog -a file=Application scan-range=-59m "filter=level = 24"

$USER1$/check_nrpe -A $USER5$/ca/anakin-ca.crt -C $USER5$/nagios_server/nagios_server.crt -K $USER5$/nagios_server/nagios_server.key -2 -P 8192 -H $HOSTADDRESS$ -t 60 -c check_eventlog -a file=System scan-range=-59m

On the Application Log check we get this event 24 all the time from an application software and it can be ignored but it continues to popup on my console. We have several servers running the same application and they all report the same event. I would like to exclude this event ID from showing on the console.

Any one have any ideas or suggestions.

Thank you
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Windows Event Log Check Filter not working

Post by mcapra »

NSClient offers you a few options with your expressions:
https://docs.nsclient.org/checks/#expressions

I think it'd be as simple as:

Code: Select all

check_eventlog "filter=id not in (24)"
Or something like this if you're OK dealing with double/tripple-escaping reserved characters like !

Code: Select all

check_eventlog "filter=id != 24"
I don't have a system readily available to test against. Would also depend on the specific NSClient++ version you're using.
Former Nagios employee
https://www.mcapra.com/
Top
me@work55
Posts: 44
Joined: Sun Jan 22, 2017 6:15 pm

Re: Windows Event Log Check Filter not working

Post by me@work55 »

Code: Select all

$USER1$/check_nrpe -A $USER5$/ca/anakin-ca.crt -C $USER5$/nagios_server/nagios_server.crt -K $USER5$/nagios_server/nagios_server.key -2 -P 8192 -H $HOSTADDRESS$ -t 60 -c check_eventlog "filter=id != 24" -a file=Application scan-range=-59m

I tried both methods but It is not filtering out the Event ID 24


Anything else we can try?
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Windows Event Log Check Filter not working

Post by mcapra »

You could try using NCPA instead:
https://www.nagios.org/ncpa/help.php#api-modules-logs

The last NSClient++ release was over 3 years ago. IIRC not all the operators were supported for check_eventlog but I haven't looked at the code in ages. There may be other supported filters you can use to address your specific use case.
https://github.com/mickem/nscp
Former Nagios employee
https://www.mcapra.com/
Top
Locked

Return to “Open Source Nagios Projects”