Hello
I asked this in the past but lost my messages on the subject. SO I am here again trying this.
I use these two command
$USER1$/check_nrpe -A $USER5$/ca/anakin-ca.crt -C $USER5$/nagios_server/nagios_server.crt -K $USER5$/nagios_server/nagios_server.key -2 -P 8192 -H $HOSTADDRESS$ -t 60 -c check_eventlog -a file=Application scan-range=-59m "filter=level = 24"
$USER1$/check_nrpe -A $USER5$/ca/anakin-ca.crt -C $USER5$/nagios_server/nagios_server.crt -K $USER5$/nagios_server/nagios_server.key -2 -P 8192 -H $HOSTADDRESS$ -t 60 -c check_eventlog -a file=System scan-range=-59m
On the Application Log check we get this event 24 all the time from an application software and it can be ignored but it continues to popup on my console. We have several servers running the same application and they all report the same event. I would like to exclude this event ID from showing on the console.
Any one have any ideas or suggestions.
Thank you
Windows Event Log Check Filter not working
Re: Windows Event Log Check Filter not working
NSClient offers you a few options with your expressions:
https://docs.nsclient.org/checks/#expressions
I think it'd be as simple as:
Or something like this if you're OK dealing with double/tripple-escaping reserved characters like !
I don't have a system readily available to test against. Would also depend on the specific NSClient++ version you're using.
https://docs.nsclient.org/checks/#expressions
I think it'd be as simple as:
Code: Select all
check_eventlog "filter=id not in (24)"
Code: Select all
check_eventlog "filter=id != 24"
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Windows Event Log Check Filter not working
Code: Select all
$USER1$/check_nrpe -A $USER5$/ca/anakin-ca.crt -C $USER5$/nagios_server/nagios_server.crt -K $USER5$/nagios_server/nagios_server.key -2 -P 8192 -H $HOSTADDRESS$ -t 60 -c check_eventlog "filter=id != 24" -a file=Application scan-range=-59m
I tried both methods but It is not filtering out the Event ID 24
Anything else we can try?
Re: Windows Event Log Check Filter not working
You could try using NCPA instead:
https://www.nagios.org/ncpa/help.php#api-modules-logs
The last NSClient++ release was over 3 years ago. IIRC not all the operators were supported for check_eventlog but I haven't looked at the code in ages. There may be other supported filters you can use to address your specific use case.
https://github.com/mickem/nscp
https://www.nagios.org/ncpa/help.php#api-modules-logs
The last NSClient++ release was over 3 years ago. IIRC not all the operators were supported for check_eventlog but I haven't looked at the code in ages. There may be other supported filters you can use to address your specific use case.
https://github.com/mickem/nscp
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/