Page 1 of 3
Monitoring event id in Nagios ystem.
Posted: Mon Sep 23, 2013 12:49 pm
by imran_khan
Hello,
I want to monitor particular event id in Nagios. When I am running below command on Nagios system every time getting message “Eventlog check ok|'eventlog'=0;1;1;”. If I put the wrong event id/any word/any number (e.g. 1567, xyz, 345wer) still showing same message. What is wrong with the below command?
./check_nrpe -H IP_ Address -c CheckEventLog -a filter=new file=application MaxWarn=1 MaxCrit=1 filter=in filter-generated=\>1d filter+eventID==1111
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Mon Sep 23, 2013 3:44 pm
by abrist
Are there events with this ID in your logs? I ask because it will only alert when the ID is present, otherwise, it returns ok as it has not found the event.
Re: Monitoring event id in Nagios ystem.
Posted: Mon Sep 23, 2013 4:30 pm
by imran_khan
Hello,
Yes, Event ID is present in system logs.
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Mon Sep 23, 2013 4:55 pm
by abrist
Can you remove the filter from the command, and try with just the event?
Re: Monitoring event id in Nagios ystem.
Posted: Mon Sep 23, 2013 5:08 pm
by imran_khan
Hello,
I have resolved this issue. I want to set the service check time is 5 minutes and if critical alert/error keeps 10 minutes then send the email. How can I achieve this?
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Tue Sep 24, 2013 11:07 am
by abrist
You could use a "first notification delay" of 10 minutes on the service check. Add the following to the service check definition:
Re: Monitoring event id in Nagios ystem.
Posted: Tue Sep 24, 2013 12:15 pm
by imran_khan
Hello,
Thanks for the reply.
I want to check service every 5 minute and if critical alert keeps/present 10 minutes in Nagios system then automatically send the alert mail. How can I achieve this?
Also Is there any way to count event log alert. Means if critical event generate in server 10 times then it shows the same count in Nagios system.
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Tue Sep 24, 2013 2:23 pm
by abrist
abrist wrote:You could use a "first notification delay" of 10 minutes on the service check. Add the following to the service check definition:
This directive will delay any notifications from going out once an object reaches HARD Critical for 10 minutes. As far as I can tell, this is exactly what you want.
Re: Monitoring event id in Nagios ystem.
Posted: Tue Sep 24, 2013 3:50 pm
by imran_khan
Hello,
Is there any way to count event log alert. Means if critical event generate in server 10 times then it shows the same count in Nagios system.
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Tue Sep 24, 2013 4:56 pm
by abrist
I believe this is how the current eventlog checker in NSClient in implemented as the check is against the number of matching event log records:
http://www.nsclient.org/nscp/wiki/Check ... k_eventlog