Windows Event Logging Check and Description Details

[jstormshak]

Hello -
I'm working with our Windows engineer and he is asking to have a Windows Event log check. We were able to create one but the returned service description isn't ideal and is vague in what we would like to see. The NCPA agent is used from Nagios XI 5.7.5 and we want to utilize this for many event logging monitors. With that said, has anyone been able to extend the detail of the returned description or has found a way to enhance that as returned next to the check status in the email/alert notifications. See what we are getting back and the check used to generate it. All feedback is greatly appreciated. Thanks!

Service check as created by the Windows System log wizard in XI:
-M 'logs' -q 'name=System,logged_after=30m,severity=ERROR,event_id=5722,application=NETLOGON' -c 0

Email notification of alert:
***** Nagios Monitor XI Alert *****

Notification Type: PROBLEM

Service: System Error Logs
Host: my_host_name
Address: x.x.x.x
State: CRITICAL

Date/Time: Tue Apr 6 11:14:21 CDT 2021

Additional Info:

CRITICAL: System has 1 logs, Total Count has 1 logs (Time range - last 30 minutes)

The Critical above would be great if it could return string/description that could have the Event details within. This may not be possible just using the NCPA agent alone but would like to go down that path first.

[ssax]

You would need to edit the notification variables and add $LONGSERVICEOUTPUT$ to see the multiline output:

https://assets.nagios.com/downloads/nag ... iables.pdf

That should do it.

[jstormshak]

Thank you for the feedback as I was able to create a new command (copied from notify-service-by-email) to be used exclusively for these types of service notifications and our notifications are now showing the multi-lines as you have mentioned. We can close out this inquiry. Thank again for the time and help!

[vtrac]

We can close out this inquiry. Thank again for the time and help!

Closing thread!!