Nagios Support Forum

Hi,

I am using NCPA 2.0.3 on Windows (in this case Windows 2012ServerR2) to monitor the Windows Application logs.

My service checks log entries for ERRORs like so:

-t '<token>' -P 5693 -M 'logs' -q 'name=Application,severity=ERROR,logged_after=6m,critical=1'

The email user notification triggers a custom event handler which examines the logs *again* and then it does some magic to send the alert text to the user (because this cannot be done in one step through NCPA).

This process works, but there's one issue: the value for event_id as it is in the Windows log (where it's called eventID) is mangled by the NCPA, it seems. To be precisely: an event ID of 208 in the Windows log is returned by NCPA as "1073742032". Here's the actual log entry as returned by NCPA:

{ "category": "3", "severity": "WARNING", "event_id": "1073742032", "application": "SQLAgent$FITVERMOGENXC", "computer_name": "****", "message": "SQL Server Scheduled Job 'DBA - Daily Snapmanager Backup - ****' (0x7D6BFED20179F94BA398D758946015D6) - Status: Failed - Invoked on: 2017-07-12 09:59:41 - Message: The job failed. The Job was invoked by User I****. The last step to run was step 1 (Daily Full Backup).\r\n", "time_generated": "07/12/17 09:59:52" },

I checked the relevant code in listener/windowslogs.py in Git, but apart from a str() invocation on the event ID nothing is done to it. I have no access to the Windows box myself so it's difficult to do troubleshooting by myself.

Do you have an idea what could be going on?

I was able to recreate the issue, and reported it here: https://github.com/NagiosEnterprises/ncpa/issues/362

Our developers will be looking into it.

Thank you!

Thanks for the quick reply!
I'll put an upgrade to 2.1.0 on our backlog.

mvndnburg, is it OK to lock this thread?

Sure, go ahead