Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Nagios Event Log NSCLIENT help

https://support.nagios.com/forum/viewtopic.php?t=42152

Page 1 of 5

Nagios Event Log NSCLIENT help

Posted: Thu Jan 26, 2017 3:08 pm
by me@work55
I just got this working but now I see this



Windows System Event Log

Notifications for this service have been disabled

CRITICAL 01-26-2017 15:03:00 0d 1h 8m 17s 3/3 EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, User32, EventLog, EventLog, EventLog, EventLog, AFD, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog, EventLog,




Code: Select all

        define service{
        use                     generic-service
        host_name               metro-12-dc06
        service_description     Windows System Event Log
        servicegroups           Event_Logs
        is_volatile             0
        check_period            24x7
        max_check_attempts      3
        normal_check_interval   5
        retry_check_interval    1
        contact_groups          win-admins
        notification_interval   120
        notification_period     24x7
        notification_options    w,u,c,r
        check_command           check_win_nrpe!checkeventlog! -a file=system MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"
        }

        define service{
        use                     generic-service
        host_name               metro-12-dc06
        service_description     Windows Application Event Log
        servicegroups           Event_Logs
        is_volatile             0
        check_period            24x7
        max_check_attempts      3
        normal_check_interval   5
        retry_check_interval    1
        contact_groups          win-admins
        notification_interval   120
        notification_period     24x7
        notification_options    w,u,c,r
        check_command           check_win_nrpe!checkeventlog! -a file=application MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"
        }

The application log is ok has the same settings

Any ideas?

Re: Nagios Event Log NSCLIENT help

Posted: Thu Jan 26, 2017 5:57 pm
by dwhitfield
Can you send the output of tail -100 /usr/local/nagios/var/nagios.log and your nsclient.log. Do you mean Nagios or NSClient when you say the application log? If not, can you send the application log as well?

Re: Nagios Event Log NSCLIENT help

Posted: Thu Jan 26, 2017 7:38 pm
by me@work55
It seems ok now
but I think when it has no events it shows what I posted above.

Also I am wondering why it shows events because I open the event viewer on the server and do not see the events it is reporting

Is something not clearing

Any ideas?

thanks

Re: Nagios Event Log NSCLIENT help

Posted: Thu Jan 26, 2017 9:48 pm
by me@work55
Hi

I my

Code: Select all

check_command           check_win_nrpe!checkeventlog! -a file=system MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"
Is the -1h suppose to only check the log for the past hour? It seems to me it is reading the entire log

Thanks

Tom

Re: Nagios Event Log NSCLIENT help

Posted: Fri Jan 27, 2017 11:18 am
by dwhitfield
Please send the output of tail -100 /usr/local/nagios/var/nagios.log and your nsclient.log

Re: Nagios Event Log NSCLIENT help

Posted: Fri Jan 27, 2017 12:11 pm
by me@work55
See attached

Re: Nagios Event Log NSCLIENT help

Posted: Fri Jan 27, 2017 1:41 pm
by dwhitfield
What's the output if you run the check from the command line?

Re: Nagios Event Log NSCLIENT help

Posted: Fri Jan 27, 2017 1:46 pm
by me@work55
give me the correct syntax to run that

Re: Nagios Event Log NSCLIENT help

Posted: Fri Jan 27, 2017 2:00 pm
by mcapra
We would have to see the command definition for check_win_nrpe. Can you share that so we can compare it to your service's check_command definition?

Re: Nagios Event Log NSCLIENT help

Posted: Fri Jan 27, 2017 2:42 pm
by me@work55
here it is

Code: Select all

define command{
command_name check_eventlog
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -t 30 -c CheckEventLog -a filter file=application MaxWarn=1 MaxCrit=1 "filter=generated lt -1h AND severity NOT IN ('success', 'informational')" unique descriptions "syntax=%source% {EventID %id%}[%severity%](Count=%count%)^MDate:%generated%^M%message%^M"
}

Code: Select all

       define service{
        use                     generic-service
        host_name               metro-12r2-ltdb
        service_description     Windows System Event Log
        servicegroups           Event_Logs
        is_volatile             0
        check_period            24x7
        max_check_attempts      3
        normal_check_interval   5
        retry_check_interval    1
        contact_groups          win-admins
        notification_interval   120
        notification_period     24x7
        notification_options    w,u,c,r
        check_command           check_win_nrpe!checkeventlog! -a file=system MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"
        }

        define service{
        use                     generic-service
        host_name               metro-12r2-ltdb
        service_description     Windows Application Event Log
        servicegroups           Event_Logs
        is_volatile             0
        check_period            24x7
        max_check_attempts      3
        normal_check_interval   5
        retry_check_interval    1
        contact_groups          win-admins
        notification_interval   120
        notification_period     24x7
        notification_options    w,u,c,r
        check_command           check_win_nrpe!checkeventlog! -a file=application MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'warning'"
        }
All times are UTC-05:00
Page 1 of 5

Powered by phpBB® Forum Software © phpBB Limited