using nsclient++ with nrpe to monitor event logs

centosboy · 10-05-2010, 03:49 AM

Could someone with good experience of monitoring windows event logs with nrpe or check_nt + nsclient++ give me some good examples of the above.
I do have this working, but some of the checks appear inconsistent.

An example being

Code:

./check_nrpe -H 10.222.203.151  -c CheckEventLog -a filter=new file="Security" MaxWarn=1 MaxCrit=2 filter-generated=\<2d  filter+eventType==Information filter=in filter=all truncate=400 unique descriptions
Eventlog check ok|'eventlog'=0;1;2;

I just cant seem to get this particular check correct.

Which should really be showing as CRITICAL

MensaWater · 10-05-2010, 11:05 AM

It might not be "consistent" because you're checking updates to the log. The first time you check it the return code is 3 (CRITICAL) but the next one after that (unless there's a new message) is going to have return code 0 (OK).

To see return code just type "echo $?" after executing what you have at command line on your master. (Saves time over waiting for Nagios to get to it.)

centosboy · 10-06-2010, 02:18 AM

Quote:

Originally Posted by MensaWater

It might not be "consistent" because you're checking updates to the log. The first time you check it the return code is 3 (CRITICAL) but the next one after that (unless there's a new message) is going to have return code 0 (OK).

To see return code just type "echo $?" after executing what you have at command line on your master. (Saves time over waiting for Nagios to get to it.)

This is not correct. This is how it works for checking logs on a unix type box.
I am talking about the windows event logs here.
Do you have any examples? There are some on the nsclient++ site, but these do not work right for me. I do not really want to use the nsca method either.....