check event log

Michael Medin michael at medin.name
Mon Feb 21 14:42:23 CET 2011
Previous message: check event log
Next message: check event log
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,

It is generally much much simpler to use the new SQL-like syntax.
Then you end up writing something which looks a bit like this:

generated > -1d AND severity NOT IN ('success', 'informational')

There is some information on the wiki for how to use this here: 
http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog

For instance this could be a good starting point:

CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 
"filter=*generated gt -2d AND severity NOT IN ('success', 
'informational')*" truncate=800 unique descriptions "syntax=%severity%: 
%source%: %message% (%count%)"

This requires a "modern" (as in 0.3.8) version of NSClient++.

// Michael Medin

2011-02-21 11:27 Tristan Drinkwater skrev:
>
> Morning all (depending where you are in the world..)
>
> I'm trying to catch all error and warning logs from application event 
> folder but I'm struggling with the filter+generated bit.
>
> In a nut shell all I want is anything red that happened within the 
> last 24 hours.
>
> Here is my syntax I'm running from the libexec folder till I get it right;
>
> ./check_nrpe --H ip --p 5667 --c CheckEventLog --a filter=in 
> file=application filter.eventType==error filter+generated=\<24h MaxCrit=1
>
> This return's 12 errors. Only 3 of which happened in the last 24 hours.
>
> It seems to be either not using the filter I've detailed or making up 
> its own one!!
>
> Can anyone see what I'm doing wrong?
>
> Thanks in advance J
>
>
> ------------------------------------------------------------------------
> Micro Peripherals Limited.
> Registered Office: Shorten Brook Way, Altham Business Park, Altham,
> Accrington, Lancs. BB5 5YJ. Tel: (01282) 776776 Fax: (01282) 858790
> Micro Peripherals Limited. Registered in England No. 1511931. VAT No. 
> GB 864 4387 91
>
> DISCLAIMER:
> This e-mail and attachments are confidential and are intended solely 
> for the use of the individual to
> whom it is addressed. Any views or opinions presented are solely those 
> of the author and do not
> necessarily represent those of Micro Peripherals Limited.
> If you are not the intended recipient, be advised that you have 
> received this Email in error and that
> any use, dissemination, forwarding, printing, or copying of this Email 
> is strictly prohibited. If this
> transmission is received in error please notify the sender immediately 
> and delete this message from
> your E-mail system.
> All electronic transmissions to and from Micro Peripherals Ltd are 
> recorded and may be monitored.
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
>
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20110221/cc868cf4/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: check event log
Next message: check event log
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list