NCPA Check Multiple Event IDs

[BanditBBS]

Finally getting around to converting from nrpe and nsclient to NCPA. One check I am having issues with is the Windows event log checks. Currently I use NSClient and check in 1 check for the presence of 7 different event IDs. I have seen multiple threads about the possibility of checking multiple with one NCPA query but none ever stating it was added or anything. Can someone validate if it is still not doable? I really don't want to add 1000 new checks because I have to separate event ID into 7 checks per host.

Thanks

[ssax]

Based on the docs, the API, and looking through the change log I don't think it currently supports it. The problem is that it considers the Event ID and exact match which doesn't support multiple, if it supported multiple/regex it could be done but I tried everything as well and couldn't get it to work.

I created a feature request here so development sees it:

https://github.com/NagiosEnterprises/ncpa/issues/737

[BanditBBS]

In case anyone finds this searching for same thing, I wrote a quick and dirt shell script to do it for me.

Code: Select all

#!/bin/bash

host=$1
token=$2
ids=$3
statuscode=0
critical=0
warning=0

for i in $(echo $3 | sed "s/,/ /g")
do
    result=`/usr/local/nagios/libexec/check_ncpa.py -H $host -t $token -P 5693 -M 'logs' -w $5 -c $6 -q name=System,logged_after=$4,event_id=$i`
    code=$?
    if [ $code -eq 2 ]
        then
           critical=1
    fi
    if [ $code -eq 1 ]
        then
           warning=1
    fi
    firstLine=`echo $result | cut -f1 -d"|"`
    output="EventID $i-$firstLine"$'\n'"$output"
done

if [ $critical -eq 1 ]
        then
           statuscode=2
elif [ $warning -eq 1 ]
        then
           statuscode=1
fi

echo "$output"|sed '/^$/d'
exit $statuscode

[ssax]

Thanks for posting that! I'm sure others will find it useful until development adds that functionality.