NSClient, CheckEventLog and VEEAM Backup Logs

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Post Reply
SultanOfSwing
Posts: 3
Joined: Thu Sep 15, 2022 6:19 am

NSClient, CheckEventLog and VEEAM Backup Logs

Post by SultanOfSwing »

Hi community,

I am trying to pull VEEAMs Backup entries in the EventLog via NSClient++ (5.2.035) to a LibreNMS server.

LibreNMS receives the output from the NSClient without a hitch. The way the check is implemented in LibreNMS is to basically run the check_nrpe script with various options etc.

My problem is that I am specifically filtering for warnings in the "Veeam Backup" log and/or for entries by the provider "Veeam Backup" and "Veeam MP". The names of the log and provider have been copied and checked for leading spaces etc. I also filter for entries written within in the polling intervall. What I am getting back is some .NET related entry written way outside the filtered timeframe. The script also doesn't seem to tell me where I have srewed up.

I have tried the following permutations to filter out what I want:

./check_nrpe -2 -H my-VEEAM-host -n -c checkeventlog file='Veeam Backup' "filter=severity = 'warning' AND generated > -5m"
./check_nrpe -2 -H my-VEEAM-host -n -c checkeventlog scan-range=-5m file='Veeam Backup' "filter=level in ('warning', 'error', 'critical')" "warning=level = 'warning', problem_count > 0" "critical=level in ('error', 'critical'), problem_count > 0" "empty-state=ok" "provider = 'Veeam Backup' OR provider = 'Veeam MP'"

The Outpu I am getting is always:
.NET Runtime, Category: Veeam.GCP.PlatformService.WebApi.Framework.Common.Middleware.CUnhandledOperationsMiddleware Ev:00000002 RequestPath: /api/v1/proxies/configurationBackupProperties SpanId: |7ee851d5-4728d2d709c98da2. TraceId: 7ee8th: [/api/v1/proxies/configurationBackupProperties] |'problem_count'=1;0;0


Within the NS Client I have extended the INI file with the following:

[/settings/eventlog/real-time]
enabled = true
...
[/settings/eventlog/real-time/filters/my_alert]
log='Veeam Backup'
destination=log
filter=level='none'
maximum age=300s
;debug=true
...
[/modules]
...
; Undocumented key
CheckEventLog = enabled
...

After each change of the INI file the NSClient service has been restarted.

Since I am getting a somewhat valid response (i.e. the same output I get when I just run the check with the eventlog command) I think my filters are screwed up.

Where am I wrong?


Thanks in advance

Fabian
Post Reply