Nagios Support Forum

I want to monitor the event viewer for a task scheduler for a event id 111
I know it falls under Application and Services logs > Microsoft > TaskSchedular > Operational
./check_ncpa.py -H UHMEDLRESPR1.umhs.med.umich.edu -t '$user9$' -P 5693 -M 'logs' -q 'name=TaskScheduler,severity=Information,event_id=111' --list
and I get this
{
"logs": [
{
"TaskScheduler": []
},
"logs"
]
}

How can i fix this ?

I'm investigating and will post an update shortly.

It's not working for me either.

When I right-click on the event log it shows this as the Full Name:
So I tried these with no success:
I also tried a bunch of other stuff, this may be a bug but I'm reaching out to QA/development to see what they have to say.

Any Updates?

I am also interested in this one. The filenames in the Windows event log directory actually have a %4 rather than a forward slash [%4 is translated by Event Viewer over to a forward slash]. I suspect something is getting mangled between the HTTP POST from the NCPA over to the Windows OS side of things. I've tried manipulating the POST to no avail (have been successful with space, %20 works). Any update on this matter would be appreciated.

I'm really wondering if this is what is going on:

https://stackoverflow.com/a/36535846

This is what mine shows:

I don't think that's it either as when I looked at the code I see it using win32evtlog in the NCPA code:

https://github.com/NagiosEnterprises/nc ... gs.py#L352

And this shows that win32evtlog can access those types:

https://stackoverflow.com/a/65417608

So I'm leaning towards bug with the slash or dashes throwing it off ala what @craigq mentioned.