Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Thu Aug 08, 2019 10:35 am
Lets add the following to your nsclient.ini
Code: Select all
; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]
; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072
; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = 1
; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = 0
; Section for NRPE active/passive check module.
[/settings/NRPE/client]
; CHANNEL - The channel to listen to.
channel = NRPE
restart NSCP
Then run the command again like this
Code: Select all
./check_nrpe -H xxx.xxx.xxx.xxx -p 5666 -c check_eventlog -a "filter=id=4003"
amitgupta19
Posts: 286 Joined: Fri Sep 08, 2017 5:53 am
Post
by amitgupta19 » Thu Aug 08, 2019 12:04 pm
Hi Scott,
Thanks for the update.
Still the error remains same.
[amgupta@cblnagios01 libexec]$ ./check_nrpe -H xxx.xxx.xxx.xxx -p 5666 -c check_eventlog -a "filter=id=4003"
No file specified try adding: file=Application
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Thu Aug 08, 2019 12:28 pm
In trying to decipher this issue a little further I used your nsclient.ini file and was able to make the command work on my system as specified, the only difference is I have a slightly newer version of NSClient++
Code: Select all
[root@localhost nagiosxi]# /usr/local/nagios/libexec/check_nrpe -H 192.168.xxx.xxx -c check_eventlog -a "filter=id=4003"
OK: No entries found|'count'=0;0;5
[root@localhost nagiosxi]# /usr/local/nagios/libexec/check_nrpe -H 192.168.xxx.xxx
I (0.4.4.23 2016-04-05) seem to be doing fine...
amitgupta19
Posts: 286 Joined: Fri Sep 08, 2017 5:53 am
Post
by amitgupta19 » Fri Aug 09, 2019 7:03 am
Thanks Scott
One more difference is that i have Nagios Core 4.4.3 and you have Nagios XI. Hope that it does not matter.
I have updated the NSClient to the latest version.
Now the error has changed:
[amgupta@cblnagios01 libexec]$ ./check_nrpe -H 172.23.xxx.xxx
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.23.xxx.xxx: 1
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Fri Aug 09, 2019 7:17 am
lets try modifying the
[/settings/NRPE/server] section of the config to the following:
Code: Select all
[/settings/NRPE/server]
ssl options = no-sslv2,no-sslv3
verify mode = none
insecure = true
use ssl = 1
allow nasty characters = 1
allow arguments = 1
port = 5666
amitgupta19
Posts: 286 Joined: Fri Sep 08, 2017 5:53 am
Post
by amitgupta19 » Mon Aug 12, 2019 7:30 am
Hi Scott,
Finally i am able to get the required result.
Thanks for your support.
My requirement is to check the only system log for the Event ID: 7002 every 30 minutes or 1 hour.
Can you suggest this pls?
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Mon Aug 12, 2019 7:40 am
You would setup a normal Nagios service definition for this check, and set the following in the object to 30 or 60
amitgupta19
Posts: 286 Joined: Fri Sep 08, 2017 5:53 am
Post
by amitgupta19 » Thu Oct 03, 2019 11:08 am
Thanks Scott for the reply
For the time range i suppose we have to use the "scan-range".
Also the current formula that i am using is
./check_nrpe -H xxx.xxx.xxx.xxx -p 5666 -c check_eventlog "filter=id=7001"
It is fetching the some logs and giving the data. But i am not sure from which eventlog it is fetching the data.
My requirement to monitor the Security Logs for specific Event ID. How can i specify in the command to search the security logs?
I tried the file=Security but it is not searching in the security log
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Thu Oct 03, 2019 11:34 am
You should be able to add
AND log = 'Security' to the filter
like
Code: Select all
./check_nrpe -H xxx.xxx.xxx.xxx -p 5666 -c check_eventlog "filter=id=7001 AND log = 'Security'"
amitgupta19
Posts: 286 Joined: Fri Sep 08, 2017 5:53 am
Post
by amitgupta19 » Thu Oct 03, 2019 12:16 pm
please refer to the screenshot attached.
It is still not searching in the Security Log.
The message that it is giving is for the id=7001 in Systems Event Log.
Attachments