Nagios Support Forum

Posted: **Thu Feb 18, 2016 9:34 am**

Hi All!

Please help me!

I have Nagios 3 Core on CentOS 6 installation to monitor my Windows 2008R2 servers.
On the win servers there are NSClient++ (with NRPE) 0.4.4
Multiple Monitors runs normally through NRPE ( CheckMem for example)

I want to monitor Windows Event Log.

But, I got error when run this command on Nagios Server:

Code: Select all

/usr/loib64/nagios/plugins/check_nrpe -H 192.168.20.251 -n -p 5666 -c CheckEventLog -a file=system MaxWarn=1 MaxCrit=1
Unknown command(s): checkeventlog|

on the winservers (192.168.20.251) I see error in nsclient.log

Code: Select all

2016-02-18 17:27:26: error:c:\source\nscp\service\NSClient++.cpp:893: Unknown command(s): checkeventlog available commands: commands {, check_counter, check_cpu, check_drivesize, check_files, check_memory, check_os_version, check_pagefile, check_pdh, check_process, check_service, check_uptime, checkcounter, checkcpu, checkdrivesize, checkfiles, checkmem, checkprocstate, checkservicestate, checkuptime}, plugins {, 0, 1}
2016-02-18 17:27:26: error:c:\source\nscp\include\nscapi\nscapi_core_wrapper.cpp:159: Failed to execute command
2016-02-18 17:27:26: error:c:\source\nscp\include\nscapi\nscapi_core_helper.cpp:95: Failed to execute command: CheckEventLog

Here is my nsclient.ini from winserver

Code: Select all

[/settings/default]
allowed hosts = 192.168.20.250
password = passwOrd

[/modules]
NSClientServer = 1
CheckSystem = 1
CheckDisk = 1
NRPEServer = 1

[/settings/NRPE/server]
use ssl = 0
allow arguments = 1
allow_nasty_meta_chars=1
port=5666

[modules]
FileLogger.dll 
CheckSystem.dll
CheckDisk.dll
NRPEListener.dll
SysTray.dll
CheckEventLog.dll

[/settings/eventlog/real-time]
debug=0
enabled=0
log=application,system
startup age=30m

PLease help (and sorry about my English)

Thanks!
Alex

Posted: **Thu Feb 18, 2016 11:33 am**

Unknown command(s): checkeventlog|

This error doesn't look right, as your command is working fine here. Is the | appearing after your command? I've seen formatting get messed up through copying and pasting.

Code: Select all

[root@suse11 libexec]# ./check_nrpe -H 192.168.5.47 -c checkeventlog -a file=system MaxWarn=1 MaxCrit=1
Microsoft-Windows-DistributedCOM, The server did not register with DCOM within the required timeout.|'count'=1;1;1

Do you see anything in your NSClient++ log file?

Posted: **Fri Feb 19, 2016 3:19 am**

I see this

Reanimator wrote:
on the winservers (192.168.20.251) I see error in nsclient.log

Code: Select all

2016-02-18 17:27:26: error:c:\source\nscp\service\NSClient++.cpp:893: Unknown command(s): checkeventlog available commands: commands {, check_counter, check_cpu, check_drivesize, check_files, check_memory, check_os_version, check_pagefile, check_pdh, check_process, check_service, check_uptime, checkcounter, checkcpu, checkdrivesize, checkfiles, checkmem, checkprocstate, checkservicestate, checkuptime}, plugins {, 0, 1}
2016-02-18 17:27:26: error:c:\source\nscp\include\nscapi\nscapi_core_wrapper.cpp:159: Failed to execute command
2016-02-18 17:27:26: error:c:\source\nscp\include\nscapi\nscapi_core_helper.cpp:95: Failed to execute command: CheckEventLog

Posted: **Fri Feb 19, 2016 5:16 am**

rkennedy wrote:

Do you see anything in your NSClient++ log file?
Yes
As I wrote
I see this:
on the winservers (192.168.20.251) I see error in nsclient.log

Code: Select all

CODE: SELECT ALL
2016-02-18 17:27:26: error:c:\source\nscp\service\NSClient++.cpp:893: Unknown command(s): checkeventlog available commands: commands {, check_counter, check_cpu, check_drivesize, check_files, check_memory, check_os_version, check_pagefile, check_pdh, check_process, check_service, check_uptime, checkcounter, checkcpu, checkdrivesize, checkfiles, checkmem, checkprocstate, checkservicestate, checkuptime}, plugins {, 0, 1}
2016-02-18 17:27:26: error:c:\source\nscp\include\nscapi\nscapi_core_wrapper.cpp:159: Failed to execute command
2016-02-18 17:27:26: error:c:\source\nscp\include\nscapi\nscapi_core_helper.cpp:95: Failed to execute command: CheckEventLog

Posted: **Fri Feb 19, 2016 2:52 pm**

The checkeventlog command is the legacy version and it may have been dropped on the newer version of NSClient. Try using check_eventlog as the command.
Also, make sure the following is in the nsclient.ini file.

Code: Select all

CheckEventLog = 1

That will enable that command for NSClient.

Posted: **Sat Feb 20, 2016 7:56 am**

tgriep wrote:The checkeventlog command is the legacy version and it may have been dropped on the newer version of NSClient. Try using check_eventlog as the command.
Also, make sure the following is in the nsclient.ini file.
Code: Select all
CheckEventLog = 1
That will enable that command for NSClient.

Thank you! It works!

But now I have a problem with filtering output from this command:

Code: Select all

./check_nrpe -H 192.168.20.251 -n -p 5666 -c CheckEventLog -a file=system MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND type IN ('critical','warrning','error') AND id NOT IN (100)"
Exception processing request: Request command contained illegal metachars!

Have someone a working example to filter eventlog to understand syntax of command? I can`t understand manual, sorry

Posted: **Sun Feb 21, 2016 6:39 pm**

Have a look at this guide:

http://outsideit.net/real-time-eventlog-monitoring/

Posted: **Wed Feb 24, 2016 7:15 am**

Box293 wrote:Have a look at this guide:

http://outsideit.net/real-time-eventlog-monitoring/

Thank you, but it for nsca and Nagios XI

I would like to monitor the event log through nrpe, but have some trouble with understanding syntax.
I'm looking for examples

Posted: **Wed Feb 24, 2016 5:18 pm**

The filters in that guide should still work as it's all the same modules in NSClient++.

Nagios Support Forum

CheckEventLog - unknown command

CheckEventLog - unknown command

Re: CheckEventLog - unknown command

Re: CheckEventLog - unknown command

Re: CheckEventLog - unknown command

Re: CheckEventLog - unknown command

Re: CheckEventLog - unknown command

Re: CheckEventLog - unknown command

Re: CheckEventLog - unknown command

Re: CheckEventLog - unknown command