Nagios Support Forum

Posted: **Tue Feb 21, 2017 10:23 am**

I'm trying to check Windows Event log for the past 12 hours (or 8hrs )by using CheckEventLog and I'm getting random results with this command. It works in one place and it doesn't in other places. I have NSClient ++ version (0.5.0.62) installed on all my servers.

The command I'm using:

Code: Select all

$USER1$/check_nrpe -H HOST IP -p 5666 -c CheckEventLog -a file=Application MaxWarn=1 MaxCrit=1 "filter=generated > -12h AND severity = 'error'" unique  descriptions "syntax=%source% - %severity% - Error Details: %message%"

I get the result as:
UNKNOWN-

Code: Select all

CHECK_NRPE: Invalid packet type received from server.

If I remove '-' on the right of the 12h it shows OK result, but doesn't report any errors (I know there are errors in the event log as I'm viewing them at the same time).
If I add the '-'on the right of the 12h, like this "-12h" it will return Unknown.

What is wrong here? have I missed something?

Posted: **Tue Feb 21, 2017 3:48 pm**

It looks the it could be that the query you have setup is sending too much data and over flowing the check_nrpe command.
One fix for that is to edit the nsclient.ini file and under this section

Code: Select all

[/settings/NRPE/server]

Add the following option

Code: Select all

extended response = 0

Save the file and restart the nsclient agent.
That will keep the NSClient from overflowing the buffers in the check_nrpe command.

Posted: **Wed Feb 22, 2017 10:23 am**

That fixed it. Thanks tgriep !

Posted: **Wed Feb 22, 2017 2:23 pm**

Your welcome. If you don't have anymore questions, shall I close and lock the post as solved?

Posted: **Wed Feb 22, 2017 2:45 pm**

Yes, you can closed it. Thanks!

Nagios Support Forum

CheckEventLog issue

CheckEventLog issue

Re: CheckEventLog issue

Re: CheckEventLog issue

Re: CheckEventLog issue

Re: CheckEventLog issue