z

Commercial Support Clients: Clients with support contracts can get escalated support assistance by visiting Nagios Answer Hub. These forums are for community support services. Although we at Nagios try our best to help out on the forums here, we always give priority support to our support clients.

NSClient++, CheckEventLog and VEEAM Backup Logs to LibreNMS

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.

NSClient++, CheckEventLog and VEEAM Backup Logs to LibreNMS

Postby SultanOfSwing » Thu Sep 15, 2022 6:53 am

Hi community,

I am trying to pull VEEAMs Backup entries in the EventLog via NSClient++ (5.2.035) to a LibreNMS server.

LibreNMS receives the output from the NSClient without a hitch. The way the check is implemented in LibreNMS is to basically run the check_nrpe script with various options etc.

My problem is that I am specifically filtering for warnings in the "Veeam Backup" log and/or for entries by the provider "Veeam Backup" and "Veeam MP". The names of the log and provider have been copied and checked for leading spaces etc. I also filter for entries written within in the polling intervall. What I am getting back is some .NET related entry written way outside the filtered timeframe. The script also doesn't seem to tell me where I have srewed up.

I have tried the following permutations to filter out what I want:

./check_nrpe -2 -H my-VEEAM-host -n -c checkeventlog file='Veeam Backup' "filter=severity = 'warning' AND generated > -5m"
./check_nrpe -2 -H my-VEEAM-host -n -c checkeventlog scan-range=-5m file='Veeam Backup' "filter=level in ('warning', 'error', 'critical')" "warning=level = 'warning', problem_count > 0" "critical=level in ('error', 'critical'), problem_count > 0" "empty-state=ok" "provider = 'Veeam Backup' OR provider = 'Veeam MP'"

The Outpu I am getting is always:
.NET Runtime, Category: Veeam.GCP.PlatformService.WebApi.Framework.Common.Middleware.CUnhandledOperationsMiddleware Ev:00000002 RequestPath: /api/v1/proxies/configurationBackupProperties SpanId: |7ee851d5-4728d2d709c98da2. TraceId: 7ee8th: [/api/v1/proxies/configurationBackupProperties] |'problem_count'=1;0;0


Within the NS Client I have extended the INI file with the following:

[/settings/eventlog/real-time]
enabled = true
...
[/settings/eventlog/real-time/filters/my_alert]
log='Veeam Backup'
destination=log
filter=level='none'
maximum age=300s
;debug=true
...
[/modules]
...
; Undocumented key
CheckEventLog = enabled
...

After each change of the INI file the NSClient service has been restarted.

Since I am getting a somewhat valid response (i.e. the same output I get when I just run the check with the eventlog command) I think my filters are screwed up.

Where am I wrong?


Thanks in advance

Fabian
SultanOfSwing
 
Posts: 3
Joined: Thu Sep 15, 2022 6:19 am

Return to Open Source Nagios Projects

Who is online

Users browsing this forum: Fess [Nagios Bot] and 21 guests