Monitoring event id in Nagios ystem.

[imran_khan]

Hello,

I want to configure alert once particular event id generate in windows server.

Thanks,
Imran Khan.

[abrist]

You are checking with "filter=new". Is the event still considered "new"?

[mickem]

The syntax used in this thread is horribly old and does simply not work.

please upgrade to newer version and use the filter syntax present in 0.4.1 it will work much more easily and much more consistently.


// Michael Medin

[lmiltchev]

@ imran_khan
Let us know if mickem's suggestion fixed your issue.

[slansing]

@Michael Medin

Can you provide imran_khan with the correct syntax when he upgrades to 0.4.1?

[mickem]

Code: Select all

./check_nrpe -H IP_Address -p 5666 -c CheckEventLog -a filter=new file=all MaxWarn=1 MaxCrit=2 filter-generated=\<30 filter+eventID=="4111" filter+eventType==all filter=all

With 0.4.1. would be:

Code: Select all

./check_nrpe -H IP_Address -p 5666 -c CheckEventLog -a file=all MaxWarn=1 MaxCrit=2 "filter=generated\>-30 AND id=4111"

Just for completion 0.4.2:

Code: Select all

./check_nrpe -H IP_Address -p 5666 -c check_eventlog -a file=all "crit=count>0" "filter=generated\>-30 AND id=4111"

Not sure about "file=all" though but that goes for all versions really. Worth noticing is that if the log is not found Application is used so my guess is that that is what happens here and log=Application should be used.
In 0.4.2 the newer APIs no longer fall back to Application so log would need to be correct in that version.

// Michael Medin

[lmiltchev]

Thanks, mickem!