Windows Event Log

[marnix]

Hi!

I got a very simple Nagios check for the Windows Event Log running. I want to change some things, but i dont know how to do. And i dont find any actual wiki or something like that, thats helps me.

Actual Check:

Code: Select all

#Windows System Log
define command{
        command_name    check_eventsys
        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -t 60 -p 5666 -c $ARG1$ -a $ARG2$
}

Code: Select all

define service{
use			generic-service
host_name               WWS-001
service_description	Windows Event Log #104
check_command		check_nrpe_wu!check_eventsys_errors -c checkeventlog -a warn=1 crit=2 filter="id=104"
}

Well first thing i need help with - how do i change the log to monitor? the ids in "system" work well, but the ids in application dont work?
Second problem - i want only get Warnings / Criticals when the event is not older than 24 hours. How can i fix that?

[dwhitfield]

On the first question, are you looking for an example of monitoring the application log?

On the second question, are you saying you don't want to see old alerts?

[marnix]

Both questions -> yes

[dwhitfield]

1. Let me know if https://docs.nsclient.org/reference/win ... ntLog.html helps.
2. If you acknowledge the event, you should stop getting notifications (or at the very least can set it up to not alert after acknowledgement). Please let us know if you need help with that.