Nagios Event Log Checking

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
kwhogster
Posts: 644
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA
Contact:

Nagios Event Log Checking

Post by kwhogster »

Just added event log checking on Nagios 4.1 Core

Getting this error

TGCS001 Check Event Logs Notifications for this service have been disabled CRITICAL 02-09-2017 12:44:07 0d 0h 42m 54s 3/3 warning: EventLog: The system uptime is 42648 seconds. (1), eventlog: 1 > critical

This event is event id 6013 and is an informational event not an Error or Warning I only want Error and Warning events to be checked.

My code service definition

Code: Select all

define service {
        host_name                       TGCS001
        service_description             Check Event Logs
        check_command                   check_nrpe!alias_event_log
        servicegroups                   Event Logs
        check_interval                  1
        use                             generic-service
}

My NSClient.INI entry nsclient is 4.1.73 version

Code: Select all

; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log
alias_event_log = CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -1h AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"

So why is this information event alerting?
After a hour it will clear but it should never error in the first place

What is wrong with my code?

Thanks

Tom
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: Nagios Event Log Checking

Post by tmcdonald »

It might be beneficial to cross-post this to the NSClient forums since this is more their wheelhouse. The query you are using looks fine to me. I'd enable debug and see if that query logs the variables you are trying to match/filter against:

https://docs.nsclient.org/faq/#110-enable-debug-log
Former Nagios employee
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Nagios Event Log Checking

Post by tgriep »

I looks like there is a bug in NSClient that may be what you are seeing.
https://github.com/mickem/nscp/issues/93
The url also says to use level and not severity in the command. Try that and see if that fixes it for you.
Be sure to check out our Knowledgebase for helpful articles and solutions!
kwhogster
Posts: 644
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA
Contact:

Re: Nagios Event Log Checking

Post by kwhogster »

Guys

I tried going to another version of nsclient and that broke all other services.

and in another post I did that and they said upgrade nrpe not an option at this time

It is not a bug it is a syntax issue

Upgrading is not always the answer and it does lead to more problems than we need at this time

Yes I thought the command looked good to me but it keeps reporting informational as warnings
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Nagios Event Log Checking

Post by tgriep »

Did you try and change the following section from

Code: Select all

severity NOT IN
to

Code: Select all

level NOT IN
and see if that works?
Be sure to check out our Knowledgebase for helpful articles and solutions!
kwhogster
Posts: 644
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA
Contact:

Re: Nagios Event Log Checking

Post by kwhogster »

tgriep

I tried that on one server my results


TGCS001 Check Event Logs notifications for this service have been disabled
UNKNOWN 02-10-2017 20:22:50 0d 0h 3m 17s 3/3 Static evaluation failed: Unhandled exception static eval: {bool}op:and({bool}op:and({bool}op:>({date}:generated, {date}#1486772570), {bool}op:not in({ui:2}:level, {ui:2} { {ui:2}fun:bound:auto_convert({string}'success'), {ui:2}fun:bound:auto_convert({string}'informational'), } )), {bool}op:?({string}:source, {string}'SideBySide'))

reverted back :o


Thanks
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Nagios Event Log Checking

Post by tgriep »

It looks like the upgrade is needed at this point.
Be sure to check out our Knowledgebase for helpful articles and solutions!
kwhogster
Posts: 644
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA
Contact:

Re: Nagios Event Log Checking

Post by kwhogster »

upgrade what?

I tried upgrading the nsclient an that caused more problems


upgrade what ?
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: Nagios Event Log Checking

Post by dwhitfield »

kwhogster wrote: I tried going to another version of nsclient and that broke all other services
.

The thing about NSClient is they change the configs with every version. You can't just update NSClient. You have to go through and recheck everything. I know that's frustrating, but NSClient is not our project.
kwhogster wrote:and in another post I did that and they said upgrade nrpe not an option at this time
Another post here? Which one? Are you saying upgrading NRPE is not an option or did someone tell you it wasn't an option?


As far as I can tell, the documentation on eventlogs mentioned at https://github.com/NagiosEnterprises/ncpa/issues/143 never happened, but NCPA is our product, so you might have better results using that.


Also, we have a commercial product designed specifically for logs: https://www.nagios.com/products/nagios-log-server/
kwhogster
Posts: 644
Joined: Wed Oct 14, 2015 6:51 pm
Location: Wood Ridge NJ USA
Contact:

Re: Nagios Event Log Checking

Post by kwhogster »

I tried the Log program before an that does not work well either.

In my research I saw that upgrading the NSLCIENT would fix this.

But I have a lot of check_nt commands defined and I need to re work them to use check_nrpe instead.

I will try on one machine with the New NSCLIENT first.
Locked