Page 1 of 1
NCPA Check Multiple Event IDs
Posted: Tue Jan 26, 2021 2:44 pm
by BanditBBS
Finally getting around to converting from nrpe and nsclient to NCPA. One check I am having issues with is the Windows event log checks. Currently I use NSClient and check in 1 check for the presence of 7 different event IDs. I have seen multiple threads about the possibility of checking multiple with one NCPA query but none ever stating it was added or anything. Can someone validate if it is still not doable? I really don't want to add 1000 new checks because I have to separate event ID into 7 checks per host.
Thanks
Re: NCPA Check Multiple Event IDs
Posted: Wed Jan 27, 2021 6:30 pm
by ssax
Based on the docs, the API, and looking through the change log I don't think it currently supports it. The problem is that it considers the Event ID and exact match which doesn't support multiple, if it supported multiple/regex it could be done but I tried everything as well and couldn't get it to work.
I created a feature request here so development sees it:
https://github.com/NagiosEnterprises/ncpa/issues/737
Re: NCPA Check Multiple Event IDs
Posted: Tue Feb 02, 2021 7:59 pm
by BanditBBS
In case anyone finds this searching for same thing, I wrote a quick and dirt shell script to do it for me.
Code: Select all
#!/bin/bash
host=$1
token=$2
ids=$3
statuscode=0
critical=0
warning=0
for i in $(echo $3 | sed "s/,/ /g")
do
result=`/usr/local/nagios/libexec/check_ncpa.py -H $host -t $token -P 5693 -M 'logs' -w $5 -c $6 -q name=System,logged_after=$4,event_id=$i`
code=$?
if [ $code -eq 2 ]
then
critical=1
fi
if [ $code -eq 1 ]
then
warning=1
fi
firstLine=`echo $result | cut -f1 -d"|"`
output="EventID $i-$firstLine"$'\n'"$output"
done
if [ $critical -eq 1 ]
then
statuscode=2
elif [ $warning -eq 1 ]
then
statuscode=1
fi
echo "$output"|sed '/^$/d'
exit $statuscode
Re: NCPA Check Multiple Event IDs
Posted: Wed Feb 03, 2021 5:41 pm
by ssax
Thanks for posting that! I'm sure others will find it useful until development adds that functionality.