Ticket #382 (closed defect: worksforme)

Opened 21 months ago

Last modified 3 weeks ago

Incorrect Eventlog event status

Reported by: hiker_42 Owned by: mickem
Priority: 5 Milestone: 0.3.9
Component: check_nrpe Version: 0.3.7
Severity: Bugs Keywords:
Cc:

Description

I am using the new 3.8 client. I am monitoring event logs for error level severity. However, "Informational" events are being flagged as error level events for some reason.

Below is my command:

check_nrpe -c CheckEventLog -H 134.239.124.50 -p 5666 -a file="Application" MaxWarn=1 MaxCrit=1 "filter=generated gt -30m AND severity='error'" unique descriptions "syntax=%severity%:%source%: (%count%)" error:Winlogon: (1), eventlog: 1 > critical|'eventlog'=1;1;1;

The Winlogon error that is being reported is actually an Informational event and not an error level status in Windows.

Source: Winlogon EventID: 4004

"The Windows logon process has failed to terminate the currently logged on user's processes."

So either nsclient is not reporting the status correctly or Windows is not displaying an error level when it actually is (which I suppose could be the case).

Change History

comment:1 Changed 21 months ago by hiker_42

  • Owner changed from MickeM to mickem
  • Component changed from Core to check_nrpe

comment:2 Changed 21 months ago by mickem

There is two kinds of severity (check the docs) please add both to the syntax string and let me know what it say...

comment:3 Changed 3 weeks ago by mickem

  • Status changed from new to closed
  • Resolution set to worksforme
  • Milestone set to 0.3.9

closing as no update for a while now...

Note: See TracTickets for help on using tickets.