Page 1 of 1
CheckEventlog command not working
Posted: Wed Mar 16, 2016 12:02 pm
by bsivavani
Hi,
We are trying to monitor EventID using CheckEventlog command, but it is throwing below error.
[nagios@XXXX libexec]$ ./check_nrpe -H YYYYY -c CheckEventlog -a warn=1 crit=2 filter="id=1069"
Unknown filter key: 1 (numeric filters have to have an operator as well ie. foo=>5 or bar==5 foo=gt:6)
[nagios@XXXX libexec]$
check_nrpe -H YYYYY (remote windows server) seems to be fine.
Please let us know the cause of why we are receiving unknown filter key message.
Re: CheckEventlog command not working
Posted: Wed Mar 16, 2016 2:56 pm
by hsmith
Can you try /check_nrpe -H YYYYY -c CheckEventlog -a warn==1 crit==2 filter="id=1069"
instead?
Re: CheckEventlog command not working
Posted: Mon Mar 21, 2016 4:48 am
by bsivavani
Can you clarify below two outputs.
OUTPUT1:
[root@XXXX snmptt]# /usr/local/nagios/libexec/check_nrpe -H YYYY -p 5666 -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=2 "filter=generated > -2h AND id = 19019"
MSSQL$C01SQL05, eventlog: 1 > warning|'eventlog'=1;1;2
OUTPUT2:
When we send event from NagEventLog agent, attached is the output we are receiving.
My question is in screen shot we are seeing output as File type, source and general information about event id, but where as in output1 we are seeing only source (MSSQL$C01SQL05) we need information related to file type, general information related to event id in output1.
We would like to see the mentioned information in OUTPUT1 as well. Please let us know if any plugins available to get file type, source and general information related to event id.
Re: CheckEventlog command not working
Posted: Mon Mar 21, 2016 3:18 pm
by ssax
You could try something like this:
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H X.X.X.X -p 5666 -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=2 "filter=generated > -2h AND id = 19019" "unique" "descriptions" "syntax=%type%: %id%: %source%: Count: %(count) - %message%"
Re: CheckEventlog command not working
Posted: Tue Mar 22, 2016 6:49 am
by bsivavani
Hi,
Thanks for the update. We have tried given command but it is not working as what we expect in desired output. We would like to see output present in general tab of system log file. Please find attached screen shot of general tab information.
Please let us know if there is any command present to get output present in general tab.
Re: CheckEventlog command not working
Posted: Tue Mar 22, 2016 11:45 am
by hsmith
What output is it giving you instead?
Re: CheckEventlog command not working
Posted: Thu Mar 24, 2016 3:26 am
by bsivavani
Hi,
Below is the output:
[root@s930l3092 mibs]# /usr/local/nagios/libexec/check_nrpe -H x.x.x.x -p 5666 -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=2 "filter=generated > -40h AND id = 19019" "unique" "descriptions" "syntax=%type%: %id%: %source%: Count: %(count) - %message%"
, eventlog: 2 > critical|'eventlog'=2;1;2t) - [sqsrvres] OnlineThread: asked to terminate while waiting for QP.
We are trying to see Source information and the level(Info/Warning) along with the output.
Thanks,
Re: CheckEventlog command not working
Posted: Thu Mar 24, 2016 12:56 pm
by hsmith
I would strongly advise you to take a look at this guide: it is very complete.
https://outsideit.net/real-time-eventlog-monitoring/