Hi,
We are trying to monitor EventID using CheckEventlog command, but it is throwing below error.
[nagios@XXXX libexec]$ ./check_nrpe -H YYYYY -c CheckEventlog -a warn=1 crit=2 filter="id=1069"
Unknown filter key: 1 (numeric filters have to have an operator as well ie. foo=>5 or bar==5 foo=gt:6)
[nagios@XXXX libexec]$
check_nrpe -H YYYYY (remote windows server) seems to be fine.
Please let us know the cause of why we are receiving unknown filter key message.
CheckEventlog command not working
Re: CheckEventlog command not working
Can you try /check_nrpe -H YYYYY -c CheckEventlog -a warn==1 crit==2 filter="id=1069"
instead?
instead?
Former Nagios Employee.
me.
me.
Re: CheckEventlog command not working
Can you clarify below two outputs.
OUTPUT1:
[root@XXXX snmptt]# /usr/local/nagios/libexec/check_nrpe -H YYYY -p 5666 -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=2 "filter=generated > -2h AND id = 19019"
MSSQL$C01SQL05, eventlog: 1 > warning|'eventlog'=1;1;2
OUTPUT2:
When we send event from NagEventLog agent, attached is the output we are receiving.
My question is in screen shot we are seeing output as File type, source and general information about event id, but where as in output1 we are seeing only source (MSSQL$C01SQL05) we need information related to file type, general information related to event id in output1.
We would like to see the mentioned information in OUTPUT1 as well. Please let us know if any plugins available to get file type, source and general information related to event id.
OUTPUT1:
[root@XXXX snmptt]# /usr/local/nagios/libexec/check_nrpe -H YYYY -p 5666 -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=2 "filter=generated > -2h AND id = 19019"
MSSQL$C01SQL05, eventlog: 1 > warning|'eventlog'=1;1;2
OUTPUT2:
When we send event from NagEventLog agent, attached is the output we are receiving.
My question is in screen shot we are seeing output as File type, source and general information about event id, but where as in output1 we are seeing only source (MSSQL$C01SQL05) we need information related to file type, general information related to event id in output1.
We would like to see the mentioned information in OUTPUT1 as well. Please let us know if any plugins available to get file type, source and general information related to event id.
You do not have the required permissions to view the files attached to this post.
Re: CheckEventlog command not working
You could try something like this:
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H X.X.X.X -p 5666 -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=2 "filter=generated > -2h AND id = 19019" "unique" "descriptions" "syntax=%type%: %id%: %source%: Count: %(count) - %message%"Re: CheckEventlog command not working
Hi,
Thanks for the update. We have tried given command but it is not working as what we expect in desired output. We would like to see output present in general tab of system log file. Please find attached screen shot of general tab information.
Please let us know if there is any command present to get output present in general tab.
Thanks for the update. We have tried given command but it is not working as what we expect in desired output. We would like to see output present in general tab of system log file. Please find attached screen shot of general tab information.
Please let us know if there is any command present to get output present in general tab.
You do not have the required permissions to view the files attached to this post.
Re: CheckEventlog command not working
What output is it giving you instead?
Former Nagios Employee.
me.
me.
Re: CheckEventlog command not working
Hi,
Below is the output:
[root@s930l3092 mibs]# /usr/local/nagios/libexec/check_nrpe -H x.x.x.x -p 5666 -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=2 "filter=generated > -40h AND id = 19019" "unique" "descriptions" "syntax=%type%: %id%: %source%: Count: %(count) - %message%"
, eventlog: 2 > critical|'eventlog'=2;1;2t) - [sqsrvres] OnlineThread: asked to terminate while waiting for QP.
We are trying to see Source information and the level(Info/Warning) along with the output.
Thanks,
Below is the output:
[root@s930l3092 mibs]# /usr/local/nagios/libexec/check_nrpe -H x.x.x.x -p 5666 -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=2 "filter=generated > -40h AND id = 19019" "unique" "descriptions" "syntax=%type%: %id%: %source%: Count: %(count) - %message%"
, eventlog: 2 > critical|'eventlog'=2;1;2t) - [sqsrvres] OnlineThread: asked to terminate while waiting for QP.
We are trying to see Source information and the level(Info/Warning) along with the output.
Thanks,
You do not have the required permissions to view the files attached to this post.
Re: CheckEventlog command not working
I would strongly advise you to take a look at this guide: it is very complete. https://outsideit.net/real-time-eventlog-monitoring/
Former Nagios Employee.
me.
me.