Nagios Support Forum

Hello

I asked this in the past but lost my messages on the subject. SO I am here again trying this.

I use these two command
$USER1$/check_nrpe -A $USER5$/ca/anakin-ca.crt -C $USER5$/nagios_server/nagios_server.crt -K $USER5$/nagios_server/nagios_server.key -2 -P 8192 -H $HOSTADDRESS$ -t 60 -c check_eventlog -a file=Application scan-range=-59m "filter=level = 24"

$USER1$/check_nrpe -A $USER5$/ca/anakin-ca.crt -C $USER5$/nagios_server/nagios_server.crt -K $USER5$/nagios_server/nagios_server.key -2 -P 8192 -H $HOSTADDRESS$ -t 60 -c check_eventlog -a file=System scan-range=-59m

On the Application Log check we get this event 24 all the time from an application software and it can be ignored but it continues to popup on my console. We have several servers running the same application and they all report the same event. I would like to exclude this event ID from showing on the console.

Any one have any ideas or suggestions.

Thank you

NSClient offers you a few options with your expressions:
https://docs.nsclient.org/checks/#expressions

I think it'd be as simple as: Or something like this if you're OK dealing with double/tripple-escaping reserved characters like ! I don't have a system readily available to test against. Would also depend on the specific NSClient++ version you're using.

I tried both methods but It is not filtering out the Event ID 24


Anything else we can try?

You could try using NCPA instead:
https://www.nagios.org/ncpa/help.php#api-modules-logs

The last NSClient++ release was over 3 years ago. IIRC not all the operators were supported for check_eventlog but I haven't looked at the code in ages. There may be other supported filters you can use to address your specific use case.
https://github.com/mickem/nscp