NCPA windows event viewer

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
btayl
Posts: 131
Joined: Mon Aug 24, 2020 8:51 am

NCPA windows event viewer

Post by btayl »

I want to monitor the event viewer for a task scheduler for a event id 111
I know it falls under Application and Services logs > Microsoft > TaskSchedular > Operational
./check_ncpa.py -H UHMEDLRESPR1.umhs.med.umich.edu -t '$user9$' -P 5693 -M 'logs' -q 'name=TaskScheduler,severity=Information,event_id=111' --list
and I get this
{
"logs": [
{
"TaskScheduler": []
},
"logs"
]
}

How can i fix this ?
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: NCPA windows event viewer

Post by ssax »

I'm investigating and will post an update shortly.
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: NCPA windows event viewer

Post by ssax »

It's not working for me either.

When I right-click on the event log it shows this as the Full Name:

Code: Select all

Microsoft-Windows-TaskScheduler/Operational
So I tried these with no success:

Code: Select all

Microsoft-Windows-TaskScheduler/Operational
Microsoft-Windows-TaskScheduler
TaskScheduler
I also tried a bunch of other stuff, this may be a bug but I'm reaching out to QA/development to see what they have to say.
Top
btayl
Posts: 131
Joined: Mon Aug 24, 2020 8:51 am

Re: NCPA windows event viewer

Post by btayl »

Any Updates?
Top
craigq
Posts: 1
Joined: Sat Nov 28, 2020 4:48 pm

Re: NCPA windows event viewer

Post by craigq »

I am also interested in this one. The filenames in the Windows event log directory actually have a %4 rather than a forward slash [%4 is translated by Event Viewer over to a forward slash]. I suspect something is getting mangled between the HTTP POST from the NCPA over to the Windows OS side of things. I've tried manipulating the POST to no avail (have been successful with space, %20 works). Any update on this matter would be appreciated.
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: NCPA windows event viewer

Post by ssax »

I'm really wondering if this is what is going on:

https://stackoverflow.com/a/36535846

This is what mine shows:

Code: Select all

PS C:\Program Files (x86)\Nagios\NCPA\plugins> powershell Get-EventLog -AsString -List
Active Directory Web Services
Application
DFS Replication
Directory Service
DNS Server
HardwareEvents
Internet Explorer
Key Management Service
Security
Setup
System
Windows PowerShell
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: NCPA windows event viewer

Post by ssax »

I don't think that's it either as when I looked at the code I see it using win32evtlog in the NCPA code:

https://github.com/NagiosEnterprises/nc ... gs.py#L352

And this shows that win32evtlog can access those types:

https://stackoverflow.com/a/65417608

So I'm leaning towards bug with the slash or dashes throwing it off ala what @craigq mentioned.
Top
Locked

Return to “Nagios XI”