Page 4 of 4
Re: Monitoring Windows Event Logs
Posted: Thu Mar 21, 2013 11:16 am
by centwisit
Hmm, still no. I currently have this:
Code: Select all
define command{
command_name check_eventlog
command_line $USER1$/check_nrpe -H $HOSTNAME$ -p 5666 -c CheckEventLog -a filter file=system MaxWarn=1 MaxCrit=1 "filter+generated=<2h AND filter+severity=error" unique descriptions "syntax=%severity%: %source%: %id%: %message% (%count%)"
}
But have tried the following as well without success:
filter+severity==error
filter+severity=='error'
filter+severity=="error"
filter+severity=='Error'
filter+severity=="Error"
filter+severity='error'
filter+severity="error"
filter+severity='Error'
filter+severity="Error"
In my Status Information section I'm getting informational and success events as well as errors:
Code: Select all
informational: Service Control Manager: 7035: The WinHTTP Web Proxy Auto-Discovery Service service was successfully sent a start control. (6),
informational: Service Control Manager: 7036: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state. (8),
success: WinHttpAutoProxySvc: 12503: The WinHTTP Web Proxy Auto-Discovery Service has been idle for 15 minutes, it will be shut down. (1),
success: WinHttpAutoProxySvc: 12517: The WinHTTP Web Proxy Auto-Discovery Service suspended operation. (1),
eventlog: 16 > critical
Re: Monitoring Windows Event Logs
Posted: Thu Mar 21, 2013 11:21 am
by abrist
Are you only receiving logs from the last 2 hours? (as specified by "filter+generated=<2")
Re: Monitoring Windows Event Logs
Posted: Thu Mar 21, 2013 11:25 am
by centwisit
Yes, I only receive logs within the last 2 hours.
Re: Monitoring Windows Event Logs
Posted: Thu Mar 21, 2013 1:16 pm
by slansing
This has got to be a syntax issue with how the command is being directed at that event log. Now it's just down to fine tuning the filters, ID's, and syntax positioning, this is going to be fairly specific to your set up of course.
Re: Monitoring Windows Event Logs
Posted: Thu Mar 21, 2013 2:49 pm
by centwisit
Might it be a NSClient issue? I currently have v3.9 installed.
Re: Monitoring Windows Event Logs
Posted: Thu Mar 21, 2013 3:12 pm
by slansing
I do not believe it is a problem with NSClient++, since you are able to get valid output from the plugin if you format it a certain way. Version 3.9 is by far the most stable version, and almost all of the additions to this module were added at 3.9's release. My recommendation would be to walk through the extensive documentation on this check's module, and start from the ground up with each portion of the command you are writing, this way you can identify in what portion an error or problem could occur. Beyond this point it is quite limited as to what we can help with as most of it is specific to your system. Though we will do our best to help you through.
Re: Monitoring Windows Event Logs
Posted: Fri Mar 22, 2013 3:50 pm
by centwisit
Ok, makes sense. I'm gonna set aside the vent log monitoring for a bit. Will update this thread with anything I find.
Re: Monitoring Windows Event Logs
Posted: Fri Mar 22, 2013 4:02 pm
by lmiltchev
Sure. Keep us posted.
Re: Monitoring Windows Event Logs
Posted: Tue Mar 26, 2013 12:43 pm
by centwisit
Yay, got it figured!
Used the following:
Code: Select all
define command{
command_name check_eventlog
command_line $USER1$/check_nrpe -H $HOSTNAME$ -p 5666 -c CheckEventLog -a filter file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -1h AND severity NOT IN ('success', 'informational','warning')" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
}
Re: Monitoring Windows Event Logs
Posted: Tue Mar 26, 2013 2:04 pm
by slansing
Horray! Thanks for letting us know what the resolution was!