Ticket #256 (closed defect: worksforme)

Opened 2 months ago

Last modified 2 months ago

Event Logs with Blank in it´s Name

Reported by: ronald.beutinger@kreditwerk.de Assigned to: mickem
Priority: 3 Milestone: 0.3.4
Component: CheckSystem Version: 0.3.5
Severity: Bugs Keywords:
Cc:

Description

Hello,

it would be usefull to check other eventlogs then the usual ones (application/system/security). On domain servers there is for example a log called "Directory Services", but the problem here is the blank in it´s name.

While this works (from the nagios server):

./check_nrpe -H servername -c CheckEventLog -a filter=new file="File Replication Service" MaxWarn=5 MaxCrit=10 filter+generated=\<30d filter=in unique NtFrs?, NtFrs?, NtFrs?, NtFrs?, eventlog: 12 > critical|'eventlog'=12;5;10;

this dosn´t (direct input into the nsclient in Test-Mode):

CheckEventLog filter=new file="File Replication Service" MaxWarn=5 MaxCrit=10 filter+generated=<30d filter=in unique d \NSClient++.cpp(910) Injecting: CheckEventLog: filter=new, file="File, Replication, Service, MaxWarn=5, MaxCrit=10, filter+generated=<30d, filter=in, unique d \NSClient++.cpp(946) Injected Result: WARNING 'Unknown argument: Replication' d \NSClient++.cpp(947) Injected Performance Result: WARNING:Unknown argument: Replication

After defining the command in the nsc.ini, it´s also not possible to do the check:

Nsc.ini: ;Eventlog-Test Beutinger 04.11.08 ; ARG1 = Eventlog File ; ARG2 = Warning Threshold ; ARG3 = Error Threshold ; ARG4 = Zeitangabe mit Einheit, z.B. 1h ; ARG5 = EventType?, z.B. error, warning ; ARG6 = ID bzw. Source

check_eventlog_id=inject CheckEventLog file="$ARG1$" filter=new filter=in MaxWarn=$ARG2$ MaxCrit=$ARG3$ filter+generated=<$ARG4$ filter+eventType==$ARG5$ filter+eventID==$ARG6$ truncate=1000 unique

check_eventlog_src=inject CheckEventLog file="$ARG1$" filter=new filter=in MaxWarn=$ARG2$ MaxCrit=$ARG3$ filter+generated=<$ARG4$ filter+eventType==$ARG5$ filter+eventSource==$ARG6$ truncate=1000 unique

While other checks on Application/Security/System Logs are OK, a request on a log with a blank in it´s name dosn´t work:

./check_nrpe -H servername -c check_eventlog_src -a "File Replication Service" 5 10 1d error NtFrs? Unknown argument: Replication

May be you can help us?

Thank you

Ronald Beutinger

Attachments

Change History

11/06/08 12:27:38 changed by mickem

  • status changed from new to closed.
  • resolution set to worksforme.
  • milestone changed from 0.4.0 to 0.3.4.

Hello,

This has been supported since 0.3.4. Relevant changelog entries: 

2008-09-17 MickeM - 0.3.4 RC-6
 * Added option [EventLog] lookup_names=0 to disable the evetlog name lookup (default is on)
 * Added lookup of "long" eventlog names (you can now use the alias used in the event viewer)

So if you use the latest version it should work splendidly. If you do not use the "latest version" you can always use the "short name" (the long one is in fact just an alias so there is a short name you can use as well).

The actual name has to be "escaped" to carry across same as always (and notice the "strange" escapings if you use the /test option under the FAQ section ie. "file=File Replication Service" but from NRPE you can do it "unix style"...

// Michael Medin

Add/Change #256 (Event Logs with Blank in it´s Name)




Change Properties
Action