CheckEventLog

Forums NSClient++ support CheckEventLog

This topic contains 6 replies, has 2 voices, and was last updated by  Legacy Forum User 5 years, 11 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #1333

    I use NSClient with NRPE support.

    The problem is with CheckEventLog.

    On Win XP Pro SP2 FR, all work fine on file=application, file=System, file=Security.
    On Win 2K Server, all work fine like XP Pro

    but on W2K3 Serv, only check on file=System and file=Security.
    No entries found in file=application. There is entries in !

    I check the name of the evenbook , ok. I don’t understand what’s the problem.

    Somebody have idea about this ?
    I need help.

    #6467

    Michael Medin
    Keymaster

    HUmm, Try checking you have the correct name.

    on “older versions” the fallback (ie. if you check for file=WTFTHisDoesNotExist) gets you Application IIRC… I Shall in the weekend to come setup a lot of various images and try features on various OS:es so I can get back to you sometime next week…

    #6468

    Michael Medin
    Keymaster

    (the fallback things is an OS “feature” and not something to do with me :)

    #6469

    I believe the problem can come from Rights Policies (GPO).
    I have tested on a W2K Server without Domain controll, juste file sharing.
    It works on !
    But i a not sure because W$ is a black box for me.
    I never been a admin of W$… I prefer unix/linux.

    #6471

    No news for me ??

    I’m in trouble with this. I promise my boss than a could check evntlog with NSclient….

    I do not understand the problem…

    #6472

    I have check the source code :
    HANDLE hLog = OpenEventLog(NULL, (*cit2).c_str());
    if (hLog == NULL) {
    message = “Could not open the ‘” + (*cit2) + “‘ event log: ” + error::lookup::last_error();
    return NSCAPI::returnUNKNOWN;
    }

    So, it open the file because i get no return error.
    I have read the code, but i don’t know this language, but I believe i understand what it does ! Nice coding, by the way ;) !

    The problem come from the filter may be. But I set the same params than with the system event book… just like this :
    ./check_nrpe -H 192.168.110.80 -p 5666 -c CheckEventLog -a file=Application MaxWarn=1 MaxCrit=3 filter=new filter+generated=\<12h
    repond : Eventlog check ok|”=0;1;3;
    But I have several entries in the eventbook application.

    The same command with file=system (plus truncate because a lot of entries) :
    ./check_nrpe -H 192.101.101.80 -p 5666 -c CheckEventLog -a truncate=100 file=system MaxWarn=1 MaxCrit=3 filter=new filter+generated=\<12h
    WinHttpAutoProxySvc, WinHttpAutoProxySvc, Service Control Manager, Service
    Respond :
    Control Manager, Serv…|”=331;1;3;

    I weill appreciate your help to solve this.
    Thanks a lot.
    Sory for my poor english.

    #7001

    Did you ever got this to work? I have same issue, system works fine but Application does not.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.