Nagios Support Forum

What version of NCPA and Windows are you working with here? I haven't been able to reproduce the behavior of showing the application log contents in place of other logs. I find it especially bizarre that your instance is showing the content of the application log regardless of what log you are trying to select, including non-existent logs.

NCPA v2.4, Windows Server 2016. And just replicated the same behavior on Server 2022.

I updated the NCPA software to 3.1.0 on the 2022 server, but I'm still getting no results. Though the issue with displaying info from the application log isn't occurring anymore. I've verified there are events in this log as recent as a few minutes ago.

/api/logs?name=Microsoft-Windows-DHCP Client Events/Admin

This seems to be an issue with NCPA not handling strings properly.

When I try to check Microsoft-Windows-AppModel-Runtime%4Admin, it replaces the %4A with a J, causing it to fail.
On the other hand, Microsoft-Windows-Application-Experience%4Program-Telemetry is working as intended.

I will investigate and try to fix this.

Thanks @ bbahn

Upgrading to the latest version of NCPA fixed some of the behavior I experienced at first. As you said, the outstanding issue is when there is a %4A in the string.

Just wanted to offer a temporary workaround in case it's helpful to anyone. I seem to be able to access it by encoding the % as %25 in the query. Name for a log at would be I haven't tried it with active checks yet, but it returns the logs I need in the GUI using the API builder (and the Active Check Example is valid). Hope this helps until it's fixed.

Update: currently running Server 2022, NCPA v3.2, the issue is sporadic. Trying the same check I get an error in Nagios XI When I run the check through the NCPA webpage, it's stuck loading.

In the ncpa_listener.log I see:

2026-01-22 11:38:46,494 listener INFO before_request() - request.url: https://[redacted ip]/api/logs/?token=********&critical=1&check=1&name=Laserfiche-Directory+Service-Server%4Operational&logged_after=4h&severity=ERROR&event_id=22
2026-01-22 11:38:46,528 listener ERROR time data '2026-01-22 08:31:39' does not match format '%Y-%m-%d %H:%M:%S.%f'
Traceback (most recent call last):
File "listener\windowslogs.py", line 88, in get_logs
File "listener\windowslogs.py", line 596, in get_event_logs
File "_strptime.py", line 673, in _strptime_datetime
File "_strptime.py", line 452, in _strptime
ValueError: time data '2026-01-22 08:31:39' does not match format '%Y-%m-%d %H:%M:%S.%f'
2026-01-22 11:38:46,529 listener.server ERROR Exception on /api/logs/ [GET]

But sometimes, without changes it works, log:
2026-01-22 14:32:23,748 listener INFO before_request() - request.url: [redacted hostname]/api/logs?name=Laserfiche-Directory%20Service-Server%4Operational&logged_after=4h&severity=ERROR&check=true

This seems like the issue described here: https://github.com/NagiosEnterprises/ncpa/issues/1092, though I am running v3.2 and still seeing this error.

Hi @logisbk,

There was a fix added to NCPA 3.2.2 that was meant to address Windows Event log date formats not being parsed properly. I recommend upgrading NCPA to 3.2.2 or newer and test if that solves your problem.

https://www.nagios.org/ncpa/archive.php

Thanks @cdietsch I'll try that.