Page 1 of 1
Problems to read Windows biggest Eventviwer/System
Posted: Thu Jun 25, 2020 5:43 am
by FCC_Nagios_Support
Hello,
We have a timeout with checkeventlog for windows when the Eventviwer is too big.
We saved and cleard the EventViwer and runs OK.
Are there any workaround to avoid removing logs in the system Windows.
Kind Regards and Thanks
Re: Problems to read Windows biggest Eventviwer/System
Posted: Thu Jun 25, 2020 4:49 pm
by cdienger
What is the full command that you are running?
It looks like checkeventlog is a legacy version of check_eventlog. Does testing with check_eventlog work?
https://support.nagios.com/kb/article/l ... s-787.html has an example of check_eventlog. It also appears that check_eventlog can specify a range -
https://docs.nsclient.org/reference/win ... kEventLog/. Does specifying a 1 hour range for example work?
Re: Problems to read Windows biggest Eventviwer/System
Posted: Fri Jun 26, 2020 1:12 am
by FCC_Nagios_Support
Hello,
Yes I specified 1 hour and the command is
[root@a2nagio001p ~]# /usr/local/nagios/libexec/check_nrpe -H A2SPS008T.FCC.INTFCC.LOCAL -t 270 -c checkeventlog -a file=System MaxWarn=1 MaxCrit=1 "filter=generated gt -1h and id IN (1074) and source not like str(%W3SVC%)"
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).
KR
Re: Problems to read Windows biggest Eventviwer/System
Posted: Fri Jun 26, 2020 3:59 pm
by cdienger
I would test with the newer check_eventlog command and see if that performs better.
Please note that the NSClient++ agent is not one of our projects. We'll try to assist you with it but you may want to reach out to that team if you think there is a problem with or chance to improve that agent.