NSClient++ Help (#1) - check_event_log - plugin may be missing when it isn't [SOLVED] (#562) - Message List
I have spent most of the day trying to get check_event_log working. What am I doing wrong??? Versions: NSClient++-0.3.8-Win32-20100413-2349.msi Nagios Core 3.2.1 Nagios Plugins version: 1.4.14 NRPE Plugin for Nagios Version: 2.12
There are no warnings or errors when I check my configuration files.
When I run this:
/usr/local/nagios/libexec/check_nrpe -H 192.168.0.80 I get: I (0.3.8.41 2010-04-13) seem to be doing fine...
When I run this:
/usr/local/nagios/libexec/check_nrpe -H 192.168.0.80 -p 5666 -c CheckEventLog -a filter=new file=application MaxWarn=1 MaxCrit=1 filter-generated="<2h" filter-eventID==2269 filter-eventType==error filter=in filter=all Eventlog check ok|'eventlog'=0;1;1;
When I use this:
define command {
command_name check_event_log
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckEventLog -a filter=new file="$ARG1$" MaxWarn=$ARG2$ MaxCrit=$ARG3$ filter-generated=\<2h filter-eventID=="$ARG4$" filter-eventType==error filter=in filter=all
}
or this (thinking it might be a possible data length problem:
define command {
command_name check_event_log
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckEventLog -a filter=new file="$ARG1$" MaxWarn=$ARG2$ MaxCrit=$ARG3$ filter-generated=\<2h filter-eventID=="$ARG4$" truncate=800 filter-eventType==error filter=in filter=all
}
define service{
use generic-service
host_name myHostName
service_description Check W3SVCWP Error 2269
check_command check_event_log!application!1!1!2269
normal_check_interval 1
retry_check_interval 1
notification_period none
contact_groups admins
}
nagios.debug log shows:
[1271382223.034346] [2048.2] [pid=29878] Processing part: 'SERVICEATTEMPT' [1271382223.034353] [2048.2] [pid=29878] macro_x[6] (SERVICEATTEMPT) match. [1271382223.034361] [2048.2] [pid=29878] Processed 'SERVICEATTEMPT', Clean Options: 0, Free: 1 [1271382223.034368] [2048.2] [pid=29878] Processed 'SERVICEATTEMPT', Clean Options: 0, Free: 1 [1271382223.034374] [2048.2] [pid=29878] Cleaning options: global=0, local=0, effective=0 [1271382223.034381] [2048.2] [pid=29878] Uncleaned macro. Running output (64): 'SERVICE ALERT: sea15080;Check W3SVCWP Error 2269;CRITICAL;SOFT;2' [1271382223.034388] [2048.2] [pid=29878] Just finished macro. Running output (64): 'SERVICE ALERT: sea15080;Check W3SVCWP Error 2269;CRITICAL;SOFT;2' [1271382223.034394] [2048.2] [pid=29878] Processing part: ';(Return code of 127 is out of bounds - plugin may be missing)' [1271382223.034402] [2048.2] [pid=29878] Not currently in macro. Running output (127): 'SERVICE ALERT: sea15080;Check W3SVCWP Error 2269;CRITICAL;SOFT;2;(Return code of 127 is out of bounds - plugin may be missing)' [1271382223.034408] [2048.1] [pid=29878] Done. Final output: 'SERVICE ALERT: sea15080;Check W3SVCWP Error 2269;CRITICAL;SOFT;2;(Return code of 127 is out of bounds - plugin may be missing)
-
Message #1728
If it is a length issue add truncate=800
Michael Medin
mickem04/16/10 07:21:13 (22 months ago)-
Message #1729
Yup, I tried using the
truncate=800
as shown in my second "define command" above.
Is there any way I can get more information to help determine exactly where the problem is? So far everything I try manually appears to work.
Thanks, Roger
nomagpgmr04/16/10 11:47:53 (22 months ago) -
Message #1730
Yup, I tried using the
truncate=800
as shown in my second "define command" above.
Is there any way I can get more information to help determine exactly where the problem is? So far everything I try manually appears to work.
Thanks, Roger
nomagpgmr04/16/10 11:51:51 (22 months ago)-
Message #1731
Absolutely...
Run nsclient++ in "debug mode" ie. "nsclient++ /test" (dont forget to stop the regular service first).
Another option is to use debug logging.
All this should be covered in the getting started guide doc/usage/nagios.
mickem04/16/10 12:07:57 (22 months ago)-
Message #1736
I'm having pretty much the same issue.
I have two all but identical checks...
define service{ use standard-service host_name SDCVCSSQL001SG1 service_description Check Event Log ID 17052 - 911911 check_command check_win_event_log_id_and_text!application!17052!911911 check_period 24x7 notification_options w,c,r }define service{ use standard-service host_name SDCVCSSQL001SG1 service_description Check Event Log ID 17061 - 911911 check_command check_win_event_log_id_and_text!application!17061|911911 check_period 24x7 notification_options w,c,r }The commands.cfg definition is as follows:
define command{ command_name check_win_event_log_id_and_text command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckEventLog -a file="$ARG1$" MaxWarn=1 MaxCrit=2 filter=new filter+eventID==$ARG2$ filter+message=substr:"$ARG3$" filter+written=\<5m filter=in filter=out filter=all truncate=1022 descriptions "syntax=Source=%source% - Message=%message%" }The first, using event id 17052 is working perfectly. The second, using 17061 is failing with the infamous "(Return code of 127 is out of bounds - plugin may be missing)" error
I can run the check manually from the nagios server and it works perfect.
The output of nsclient++ /test does show a difference, but not enough to figure out what is going on...
d NSClient++.cpp(1066) Injecting: CheckEventLog: file=application, MaxWarn=1, M xCrit=2, filter=new, filter+eventID==17061 d \CheckEventLog.cpp(184) Attempting to match: Application with application d \CheckEventLog.cpp(184) Attempting to match: Security with application d \CheckEventLog.cpp(184) Attempting to match: System with application d NSClient++.cpp(1102) Injected Result: OK 'Eventlog check ok' d NSClient++.cpp(1103) Injected Performance Result: ''eventlog'=0;1;2; ' d NSClient++.cpp(1066) Injecting: CheckEventLog: file=application, MaxWarn=1, M xCrit=2, filter=new, filter+eventID==17061 d \CheckEventLog.cpp(184) Attempting to match: Application with application d \CheckEventLog.cpp(184) Attempting to match: Security with application d \CheckEventLog.cpp(184) Attempting to match: System with application d NSClient++.cpp(1102) Injected Result: OK 'Eventlog check ok' d NSClient++.cpp(1103) Injected Performance Result: ''eventlog'=0;1;2; ' d NSClient++.cpp(1066) Injecting: CheckEventLog: file=application, MaxWarn=1, M xCrit=2, filter=new, filter+eventID==17061 d \CheckEventLog.cpp(184) Attempting to match: Application with application d \CheckEventLog.cpp(184) Attempting to match: Security with application d \CheckEventLog.cpp(184) Attempting to match: System with application d NSClient++.cpp(1102) Injected Result: OK 'Eventlog check ok' d NSClient++.cpp(1103) Injected Performance Result: ''eventlog'=0;1;2; ' d NSClient++.cpp(1066) Injecting: CheckEventLog: file=application, MaxWarn=1, M xCrit=2, filter=new, filter+eventID==17052, filter+message=substr:911911, filte +written=<5m, filter=in, filter=out, filter=all, truncate=1022, descriptions, s ntax=Source=%source% - Message=%message% d \CheckEventLog.cpp(184) Attempting to match: Application with application d \CheckEventLog.cpp(184) Attempting to match: Security with application
Any help GREATLY appreciated.
dolfantimmy04/16/10 17:34:05 (22 months ago)-
Message #1737
Doh. I found it. Had a '|' pipe instead of '!' bang on the one failing.
dolfantimmy04/16/10 17:57:39 (22 months ago)-
Message #1738
RESOLVED!!! One of those DUH! moments
I turned off all other nagios checks and then looked at the debug output on both sides. It turned out that the command I had copied and pasted:
command_line check_nrpe -H $HOSTADDRESS$ -p 5666 .....
was never really being executed so there was no log output on the nsclient++ /test side when nagios tried to run the command.
but when I ran it manually it worked.
In my commands.cfg file all other commands look like:
command_line $USER1$/check_object ....
so when I changed the above to:
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 .....
it started working.
I hope this helps someone else trying to get this working.
nomagpgmr04/16/10 19:48:13 (22 months ago)
-
-
-
-
-
