Check Event log check not working correctly
Posted: Thu Jul 02, 2015 9:09 am
I have a service check setup using this that is not sending out a notification when the event ID shows up in the event log, this case the application log. On the Nagios Core system I am using this checkwhich did trigger the check correctly. This is the check command:
I am trying to get Nagios XI to alert me whenever the event ID 5666 or 5669 shows up in the event log.
Code: Select all
./check_nrpe -H <host> -c Check_EventLog -a 'warning=count > 0' 'critical=count > 0' "filter=level = 1 AND log = 'Application' AND id in (5666,5669)" 'scan-range=-10m'Code: Select all
check_wsc!ntevent!1,Application,,"5666|5669",,10,c,i Code: Select all
# checks windows event log
# ntevent!(eventtypes, logfiles, sourcenames, eventcodes, searchstring, period,
# type of returned state if found, type of returned state if not found,options
# eventtypes - list of EventTypes (integer) to query, for exampe: "1|2" or
# just "3" (Type 1 = Critical, 2 = Warning, 3 = Informational).
# logfiles - list of LogFiles to query, for exampe: "Application|System"
# or just "Security"
# sourcenames - source to query, for example: Service Control
# Manager|eventlog
# eventcodes - event codes to query, for example: 51|7023
# searchstring - string for searching in event body
# period - period in minutes to query
# type of returned state if found - state returned if some events found
# with query, i - OK, w - Warning, c-
# Critical, default is "c"
# type of returned state if not found - state returned if no events found
# with query, "i"
# options - /W2K search for string to be done compatible with WMI for hosts
# to be checked having aWindows2000 operating system; Default.
# Windows 2003 style (using LIKE operator).
define command {
command_name check_wsc_ntevent
command_line $USER1$/check_wsc.pl -H $HOSTADDRESS$ -r <wmi-proxy-request-server>-t "ntevent" -p $ARG1$