I am using NCPA 2.0.3 on Windows (in this case Windows 2012ServerR2) to monitor the Windows Application logs.
My service checks log entries for ERRORs like so:
The email user notification triggers a custom event handler which examines the logs *again* and then it does some magic to send the alert text to the user (because this cannot be done in one step through NCPA).-t '<token>' -P 5693 -M 'logs' -q 'name=Application,severity=ERROR,logged_after=6m,critical=1'
This process works, but there's one issue: the value for event_id as it is in the Windows log (where it's called eventID) is mangled by the NCPA, it seems. To be precisely: an event ID of 208 in the Windows log is returned by NCPA as "1073742032". Here's the actual log entry as returned by NCPA:
I checked the relevant code in listener/windowslogs.py in Git, but apart from a str() invocation on the event ID nothing is done to it. I have no access to the Windows box myself so it's difficult to do troubleshooting by myself.{ "category": "3", "severity": "WARNING", "event_id": "1073742032", "application": "SQLAgent$FITVERMOGENXC", "computer_name": "****", "message": "SQL Server Scheduled Job 'DBA - Daily Snapmanager Backup - ****' (0x7D6BFED20179F94BA398D758946015D6) - Status: Failed - Invoked on: 2017-07-12 09:59:41 - Message: The job failed. The Job was invoked by User I****. The last step to run was step 1 (Daily Full Backup).\r\n", "time_generated": "07/12/17 09:59:52" },
Do you have an idea what could be going on?
