Menu
▾
▴
naplax-users
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(2) |
Jul
(5) |
Aug
|
Sep
|
Oct
(3) |
Nov
|
Dec
(12) |
| 2005 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Sven R. <roo...@gm...> - 2010-02-25 14:38:56
|
Hi, I use: ./check_win_eventlog.pl -H localhost -s a -l System -t .*:+1 to filter all the errors from the system logs. How can I also exclude error logs from: TermServDevices and W32Time. At this time I haven't found a way to accomplish this. Many thx, Sven |
|
From: <Mar...@na...> - 2005-01-26 14:50:43
|
Sorry, we don't have any win 2003 server. so we can't reproduce that problem. has anyone a win 2003 server with that plugin running? martin |
|
From: Jochen <na...@le...> - 2005-01-26 13:53:14
|
Problem eventlog_agent on Windows 2003 Server: used version: check_win_eventlog-0.2.0 C:\Programme\eventlog_agent>eventlog_agent.exe Unknown error Compilation failed in require at PERL2EXE_STORAGE/IO/Handle.pm line 256. BEGIN failed--compilation aborted at PERL2EXE_STORAGE/IO/Handle.pm line 256. Compilation failed in require at PERL2EXE_STORAGE/IO/Socket.pm line 11. BEGIN failed--compilation aborted at PERL2EXE_STORAGE/IO/Socket.pm line 11. Compilation failed in require at PERL2EXE_STORAGE/IO/Socket/INET.pm line 11. BEGIN failed--compilation aborted at PERL2EXE_STORAGE/IO/Socket/INET.pm line 11. Compilation failed in require at C:\Programme\eventlog_agent\eventlog_agent.exe line 28. BEGIN failed--compilation aborted at C:\Programme\eventlog_agent\eventlog_agent. exe line 28. This exe file was created with the evaluation version of Perl2Exe. For more information visit http://www.indigostar.com (The full version does not display this message with a 2 second delay.) ... On Windows 2000 Server and Windows XP Prof it works Thanks for help Jochen |
|
From: Prigge S. <Pri...@Jo...> - 2004-12-20 13:34:31
|
Any progress? Another thing that looks out of place to me is that in the command definition, you use the macro $USER1$. What happens if you replace it with the full path to the plugin? |
|
From: Phaylot P. <ph...@ho...> - 2004-12-16 19:54:40
|
<html><div style='background-color:'><DIV>
<DIV class=RTE>Hi,</DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>I've recently installed the windows eventlog plugin. It does not seem to work correctly. I'm getting this notification message: "(Return code of 126 is out of bounds - plugin may be missing)". </DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>Nagios is running on Redhat 7.3. I've got the checkwin_eventlog.pl plugin located at /usr/local/nagios/libexec just like where all the other plugins are. </DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>Checkcommands.cfg file is set up as: </DIV>
<DIV class=RTE>define command{<BR> command_name check_win_eventlog<BR> command_line $USER1$/check_win_eventlog.pl -H $HOSTADDRESS$ -s $HOSTADDRESS$ -l $ARG1$ -t $ARG2$ -i $ARG3$<BR>}</DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>Service.cfg file is set up as:</DIV>
<DIV class=RTE>define service{<BR> use generic-service<BR> host_name mn1-dev018-app<BR> service_description check_win_eventlog<BR> normal_check_interval 15<BR> max_check_attempts 1<BR> contact_groups nagios-admin<BR> check_command check_win_eventlog!mn1-dev018-app!mn1-dev018-app!Application!.*:+2!.*:+4003<BR>}</DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>Thanks for you time.</DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>Phay</DIV></DIV></div></html>
|
|
From: Rusty H. <rh...@He...> - 2004-12-10 15:31:40
|
Scott nice catch but that was a typo, On my original post I checked my config and its not there. Thanks Rusty -----Original Message----- From: nap...@li... [mailto:nap...@li...] On Behalf Of nap...@li... Sent: Thursday, December 09, 2004 10:15 PM To: nap...@li... Subject: Naplax-users digest, Vol 1 #14 - 1 msg Send Naplax-users mailing list submissions to nap...@li... To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/naplax-users or, via email, send a message with subject or body 'help' to nap...@li... You can reach the person managing the list at nap...@li... When replying, please edit your Subject line so it is more specific than "Re: Contents of Naplax-users digest..." Today's Topics: 1. RE: Event Log Agent (Prigge Scott) --__--__-- Message: 1 Date: Thu, 9 Dec 2004 17:28:53 -0600 From: "Prigge Scott" <Pri...@Jo...> To: nap...@li... Subject: [Naplax-users] RE: Event Log Agent This is a multi-part message in MIME format. ------_=3D_NextPart_001_01C4DE46.D8A8FC9B Content-Type: text/plain; charset=3Dus-ascii Content-Transfer-Encoding: quoted-printable Maybe this is simply a result of the post format...but I noticed the command name is "command_name check_win_eventlog1" (with a one at the end), while the service check doesn't include the one. What happens if change the command_name to check_win_eventlog? ------_=3D_NextPart_001_01C4DE46.D8A8FC9B Content-Type: text/html; charset=3Dus-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D3D"Content-Type" CONTENT=3D3D"text/html; =3D charset=3D3Dus-ascii"> <META NAME=3D3D"Generator" CONTENT=3D3D"MS Exchange Server version =3D 6.0.6603.0"> <TITLE>RE: Event Log Agent</TITLE> </HEAD> <BODY> <!-- Converted from text/rtf format --> <P><FONT COLOR=3D3D"#000080" SIZE=3D3D2 FACE=3D3D"Tahoma">Maybe this is = simply =3D a result of the post format…but I noticed the command name is =3D "</FONT><FONT FACE=3D3D"Times New Roman">command_name =3D check_win_eventlog1" (with a one at the end), while the service =3D check doesn't include the one. What happens if change the command_name = =3D to check_win_eventlog?</FONT></P> </BODY> </HTML> ------_=3D_NextPart_001_01C4DE46.D8A8FC9B-- --__--__-- _______________________________________________ Naplax-users mailing list Nap...@li... https://lists.sourceforge.net/lists/listinfo/naplax-users End of Naplax-users Digest |
|
From: Prigge S. <Pri...@Jo...> - 2004-12-09 23:29:11
|
Maybe this is simply a result of the post format...but I noticed the command name is "command_name check_win_eventlog1" (with a one at the end), while the service check doesn't include the one. What happens if change the command_name to check_win_eventlog? |
|
From: Prigge S. <Pri...@Jo...> - 2004-12-09 16:19:32
|
Need to revise one of my statements. In my theoretical I said Nagios will attempt to check the service 3 more times before it sets the service into a Critical or Warning state (depending on how your service is defined). I think that's a misstatement - I've only seen the check produce a Critical state, and there is no reference to a Warning state in the help or documentation. If I didn't revise, Martin would revise for me :) |
|
From: Prigge S. <Pri...@Jo...> - 2004-12-09 13:48:58
|
Hi Rusty. One thing I see that's going to cause you problems down the line is the value for max_check_attempts. It should be set to 1, as I've made this mistake myself. In fact, the help text for the plugin actually attempts to address this fact: "The nagios service that uses this plugin should be configured to send notifications on the first error state, because the Agent will not return the same Error more than one time." Here's the way I would explain it. The plugin only "looks" for matching events that have occurred since the last service check. For example if a matching event occurs but your max_check_attempts value is set to 4, then Nagios will attempt to check the service 3 more times before it sets the service into a Critical or Warning state (depending on how your service check is defined). But if no matching events occur between check number 1 and check number 2, then the plugin returns an OK status and the service check is no longer a Warning or Critical state. Leaving the MAX_CHECK_ATTEMPTS value set to 1 ensures Nagios sends out a notification on the first matching event. Now to address your question directly...here is an event log check that I currently use. The command is: .../check_win_eventlog -H $HOSTADDRESS$ -s $HOSTADDRESS$ -l System -i .*:+4003 -t .*:+2 -q .*:+"LPDSVC" -m .*:+"A request from client was refused because system is out of resources." I'll list the pertinent components: -l System: Name of the log. It is typically Application, System, Security. However (I think) it can take the value of any subkey of HKLM\System\CurrentControlSet\System\EventLog. -i .*:+4003: Means "don't match any event, then match only events whose "Event ID" is 4003. -t .*:+2: Means "don't match any event, then only match events whose "Event Type" is 2. Event types are 1=3DError, 2=3DWarning, 4=3DInformation, 8=3DSuccess, 16=3DFailure. -q .*:+"LPDSVC": Means "don't match any event, then only match events whose event "Source" is "LPDSVC". -m .*:+"A request from client was refused because system is out of resources.": This means "don't match any event, then only match events whose event "Descrition" contains the string "A request from client was refused because system is out of resources.". Hopefully that should give you enough to go on. |
|
From: <Mar...@na...> - 2004-12-09 09:09:54
|
Hi,
ok, there are several errors in your configuration.
you should read the installation instructions again :-)
1. you configured "-s" but the argument should be named "$ARG1$". this is a
unique key, that is needed for every checkcommand. In your case this will
be "a", what is absolutely correct.
2. you did not use "-l" which is required!! add "-l $ARG2$" after "$ARG1$".
Now it should get the next parameter which is "Secuirty" in your case. but
that is not a valid value, because it is wrong spelled. i asume you wanted
"Security".
3. the last parameter ".*:+1" from the installation instructions is meant
as example for filtering on message types. if you want to filter on message
types, you should add "-t $ARG3$" to your command definition. alternativly
you may use -m, -i, or -q. the example matches nothing but eventtype "1".
anyway, if you correct point 1 and 2 then you should get some error
messages from the eventlog or "Eventlog OK", but not "NO OUTPUT".
hopefully that helps.
would be nice, if you could say what the problem was when you got the error
message after installing the agent (yout first mail).
martin schmitz
> I got the service piece installed and working but know I get a critical
(NO OUTPUT!) error for the machine I was trying to check the log on.
>
> I am using the following example
>
>
>
> define command {
>
> Command_name check_win_eventlog
>
> Command_line
$USER1$/check_win_evetlog.pl ?H $HOSTADDRESS$ -s $ARG
>
> }
>
>
>
> define service {
>
> service_description Ssystem Eventlog
>
> use generic-service
>
> check_command
check_win_eventlog!a!Secuirty!.*:+1
>
> check_period 24x7
>
> normal_check_interval 5
>
> retry_check_interval 1
>
> notification_interval 240
>
> notification_period 24x7
>
> max_check_attempts 4
>
> host_name RHALL01
>
> contact_groups nt-admins
>
> is_volatile 1
>
>
>
>
>
> If this is in correct could someone send me an example that does work so
I can see what I am doing wrong
>
>
>
> Thanks
>
>
>
> Rusty D. Hall
|
|
From: Prigge S. <Pri...@Jo...> - 2004-12-02 14:49:24
|
Hi Adam, I'd have to agree with Martin. It's not very clear what you are asking for. The event log addon itself does not send notifications - the event log addon checks the state of the event log and notifies Nagios of its status. Nagios is responsible for sending out the email notification. Are you having difficulty getting the plugin to check the status of the event log, or are you just not getting emails? |
|
From: <Mar...@na...> - 2004-12-02 08:32:17
|
hi, i do not exactly understand what your problem is. your eventlog daemon is running? and the nagios webinterface says "Eventlog OK"? then you have to produce an error that you've configured to see an error state. if you can see the error in the webinterface, then the email notification should be send depending on your nagios configuration. see the excelent nagios manual to see how to configure the notifications. martin |
|
From: Adam S. <Ada...@me...> - 2004-12-01 21:54:49
|
Hello, I was wondering how to get the Windows Event Log addon to email notifications. I'm a nagios noob so it might be something in my Nagios setup. I noticed that the script says to "send notifications on the first error state", but I'm not sure how to configure that. Any help is greatly appreciated. Thanks in Advance. |
|
From: Prigge S. <Pri...@Jo...> - 2004-10-14 14:08:13
|
I know when I downloaded and attempted to run the Perl script, I got some errors too. Can't remember what they were exactly, but they were related to the Perl interpreter. I had to run the utility DOS2UNIX in order to remove all the special characters in the file. Once I ran that utility, it worked fine. Give it a try. -----Original Message----- From: nap...@li... [mailto:nap...@li...] On Behalf Of nap...@li... Sent: Wednesday, October 13, 2004 10:46 PM To: nap...@li... Subject: Naplax-users digest, Vol 1 #8 - 1 msg Send Naplax-users mailing list submissions to nap...@li... To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/naplax-users or, via email, send a message with subject or body 'help' to nap...@li... You can reach the person managing the list at nap...@li... When replying, please edit your Subject line so it is more specific than "Re: Contents of Naplax-users digest..." Today's Topics: 1. check_win_eventlog giving errors (Rustam Bhote) --__--__-- Message: 1 Date: Wed, 13 Oct 2004 14:34:33 -0700 (PDT) From: Rustam Bhote <ru...@ro...> Reply-To: ru...@ro... To: nap...@li... Subject: [Naplax-users] check_win_eventlog giving errors Hi I"m getting errors while trying to run check_win_eventlog from the command line. What can I do to correct this? It does not work with Nagios either. My host is running the agent(only exe, not as a service).=20 Running Fedora 2 linux. What am I doing wrong? Here is the output [root@nagios libexec]# /usr/bin/perl -w check_win_eventlog.pl -H 172.23.0.151 -s a -l System -t .*:+1 =20 Name "main::EVENTLOG_AUDIT_FAILURE" used only once: possible typo at check_win_eventlog.pl line 82. Name "main::EVENTLOG_INFORMATION_TYPE" used only once: possible typo at check_win_eventlog.pl line 80. Name "main::opt_l" used only once: possible typo at check_win_eventlog.pl line 41. Name "main::EVENTLOG_AUDIT_SUCCESS" used only once: possible typo at check_win_eventlog.pl line 81. Name "main::EVENTLOG_WARNING_TYPE" used only once: possible typo at check_win_eventlog.pl line 79. Use of uninitialized value in string ne at check_win_eventlog.pl line 59. Use of uninitialized value in hash element at check_win_eventlog.pl line 64, <GEN0> line 3. EventLog OK Thanks, Rustam =09 _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com --__--__-- _______________________________________________ Naplax-users mailing list Nap...@li... https://lists.sourceforge.net/lists/listinfo/naplax-users End of Naplax-users Digest |
|
From: Rustam B. <ru...@ro...> - 2004-10-13 21:34:41
|
Hi I"m getting errors while trying to run check_win_eventlog from the command line. What can I do to correct this? It does not work with Nagios either. My host is running the agent(only exe, not as a service). Running Fedora 2 linux. What am I doing wrong? Here is the output [root@nagios libexec]# /usr/bin/perl -w check_win_eventlog.pl -H 172.23.0.151 -s a -l System -t .*:+1 Name "main::EVENTLOG_AUDIT_FAILURE" used only once: possible typo at check_win_eventlog.pl line 82. Name "main::EVENTLOG_INFORMATION_TYPE" used only once: possible typo at check_win_eventlog.pl line 80. Name "main::opt_l" used only once: possible typo at check_win_eventlog.pl line 41. Name "main::EVENTLOG_AUDIT_SUCCESS" used only once: possible typo at check_win_eventlog.pl line 81. Name "main::EVENTLOG_WARNING_TYPE" used only once: possible typo at check_win_eventlog.pl line 79. Use of uninitialized value in string ne at check_win_eventlog.pl line 59. Use of uninitialized value in hash element at check_win_eventlog.pl line 64, <GEN0> line 3. EventLog OK Thanks, Rustam _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com |
|
From: <Mar...@na...> - 2004-07-02 09:45:40
|
Hi, as i explained in the earlier message you need to change the port number on both sides of the connection. - change the port check_win_eventlog will connect to with "-p". - to change the port the agent is listening on, you will need to change the registry entry created by eventlog_agent.bat. 1. open regedit.exe 2. navigate to the key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog_agent\Parameters] 3. Doubleclick on "Application" 3. Append "-p PORTNUMBER" to the value. this should be something like "c: \\programme\\eventlog_agent\\eventlog_agent.exe -p 1234" where 1234 is the port numer to use. 4. Klick on OK. 5. restart the eventlog_agent service. Martin Schmitz net&works Netzwerke und Service GmbH Luetzerodestrasse 12 D-30161 Hannover, Germany PGP fingerprint: 225E A59C C08A 9ED5 9003 01A1 399B BFE0 6450 CA40 *** Besuchen Sie uns im Netz: http://www.naw.de !!! *** |
|
From: Prigge S. <Pri...@Jo...> - 2004-07-01 13:22:25
|
Does the agent look in a particular registry key to determine which port to communicate on? Or is the port number controlled by windows somehow, and we just don't know what key to change? |
|
From: Prigge S. <Pri...@Jo...> - 2004-07-01 13:17:49
|
That's a great explanation - makes it perfectly clear. Hopefully this thread will be included in the documentation for the next release - it's great information! -----Original Message----- From: Mar...@na... [mailto:Mar...@na...]=20 Sent: Thursday, July 01, 2004 4:14 AM To: nap...@li... Cc: Prigge Scott Subject: Explaning the unique key (-s Option) Someone asked about this, so here are some more information about this. > I use the IP address, or $HOSTADDRESS$ directive for the unique key in the check command. This way I don't have to worry about specifying a new key each time I define > a service check since the IP address is unique. Is there any downfall=20 > to this approach - is there any specific format the unique key should be in? It seems to work though... You might use any string you want as the "unique key". there is no specified format, so you might use "a", "b",the HOSTADDRESS, your telefonnumber or even your pets name. As long as you're doing only one check to each server there will never be a problem with this. But there are times when you will want to observe more then one thing on a server. for example: - checking System Log AND Application Log - using different checkintervals or notifications for Errors and warnings - using different contact groups with different timeperiods - ... to make this work, you will need to define different services on you nagios host. and now you will need "unique keys" for each service, because the agent on the windows system needs to know the last processed eventlog entry for each different request. and that last entry will be stored in a hash with the "unique key" as the identifier. you might think: "But the parameters are different, so why can't the agent keep apart the requests by their parameters?" that would be possible for most cases (and will be implemented in the next version), but there may be service checks with all the same parameters but different timeperiods or different notification parameters or different contacts. in those cases the agent will/would not be able to decide which eventlog entry was the last that has been processed for this request. so we decided to use a "unique key" parameter "-s" to make this possible. we thought it would be best to make this key "required" to have a consistant usage. but this seems to confuse most people, so the unique key will be made optional in the next version. martin schmitz P.S.: Hopefully my english isn't so bad, that this explanation produces more questions than answers. :-) |
|
From: <Mar...@na...> - 2004-07-01 09:31:31
|
hi, changing the default port requires changing the port on both sides of the connection. change the port check_win_eventlog will connect to with "-p". but also change the port the agent is listening on. this may require to change the registry. martin schmitz |
|
From: <Mar...@na...> - 2004-07-01 09:13:55
|
Someone asked about this, so here are some more information about this. > I use the IP address, or $HOSTADDRESS$ directive for the unique key in the check command. This way I don't have to worry about specifying a new key each time I define > a service check since the IP address is unique. Is there any downfall to this approach - is there any specific format the unique key should be in? It seems to work though... You might use any string you want as the "unique key". there is no specified format, so you might use "a", "b",the HOSTADDRESS, your telefonnumber or even your pets name. As long as you're doing only one check to each server there will never be a problem with this. But there are times when you will want to observe more then one thing on a server. for example: - checking System Log AND Application Log - using different checkintervals or notifications for Errors and warnings - using different contact groups with different timeperiods - ... to make this work, you will need to define different services on you nagios host. and now you will need "unique keys" for each service, because the agent on the windows system needs to know the last processed eventlog entry for each different request. and that last entry will be stored in a hash with the "unique key" as the identifier. you might think: "But the parameters are different, so why can't the agent keep apart the requests by their parameters?" that would be possible for most cases (and will be implemented in the next version), but there may be service checks with all the same parameters but different timeperiods or different notification parameters or different contacts. in those cases the agent will/would not be able to decide which eventlog entry was the last that has been processed for this request. so we decided to use a "unique key" parameter "-s" to make this possible. we thought it would be best to make this key "required" to have a consistant usage. but this seems to confuse most people, so the unique key will be made optional in the next version. martin schmitz P.S.: Hopefully my english isn't so bad, that this explanation produces more questions than answers. :-) |
|
From: Prigge S. <Pri...@Jo...> - 2004-06-30 14:03:35
|
I noticed in the help of the plugin that using the -p switch, you are able to change the default port number. However when I change the port, I get this error: An Error occured before state could be read: Connection refused at /usr/local/nagios/libexec/check_win_eventlog line 156. I took a look at the plugin code, but there's nothing obvious to me that stands out - since I don't know perl. Was hoping to find some help on what to look for. Thanks. |
|
From: Prigge S. <Pri...@Jo...> - 2004-06-29 22:03:50
|
I sure don't see much activity in these lists, but I wanted to let the developers know that there is at least one organization successfully using the check_win_eventlog plugin. I downloaded and successfully installed this absolutely useful plugin just in the past couple of days, and thought I should give some feedback about my experience. First and foremost, THANKS for creating it! To let you know where I'm coming from, I'm a VERY novice linux user - I did have enough experience to get this plugin working properly on my own. It took me a couple of days though :) I'm going to document the steps I went through to get this installed and working. Hopefully this documentation will aid others who may have tried in vain due to its sparce nature. Plugin Installation The first problem I ran into after installing the plugin was during a test, the plugin produced no output. Running it from the shell produced the error "bad interpreter". A coworker helped me determine that the perl path was correct. After searching that error on the net, I found reference to the dos2unix utility. After running dos2unix, I could at least get the help output to test the plugin. Windows Eventlog Agent The plugin download contains a batch file which is supposed to be generic enough to install the eventlog_agent as a service in Windows. The batch file did not work without some tweaking, so here's what I did. 1) Gather these files: instsrv.exe, srvany.exe and eventlog_agent.exe. The first two files are available from any W2K or W2K3 resource kit. 2) Create a folder on the server which contains the event log you want to monitor, and copy these three files there. 3) Run this command: <path to instsrv.exe>\instsrv.exe "Nagios_Eventlog_Agent" <path to srvany.exe>\srvany.exe - this will create a Windows service named "Nagios_Eventlog_Agent". 4) Add the following registry key: HKLM\System\CurrentControlSet\Services\Nagios_Eventlog_Agent\Parameters 5) Add the following registry value: HKLM\System\CurrentControlSet\Services\Nagios_Eventlog_Agent\Parameters\ Application, REG_SZ, <path to eventlog_agent.exe>\eventlog_agent.exe 6) Add the following registry value: HKLM\System\CurrentControlSet\Services\Nagios_Eventlog_Agent\Parameters\ AppDirectory, REG_SZ, <path to eventlog_agent.exe> 7) Start the "Nagios_Eventlog_Agent" service. (To uninstall the service, stop the service and run the command: <path to instsrv.exe>\instsrv.exe "Nagios_Eventlog_Agent" REMOVE, then just delete the folder containing the eventlog_agent.exe file) Syntax Though I had to read it a few times, the plugin syntax was fairly self-explanatory. In any Windows event log entry, you can attempt to match an entry using four fields: A) the Description field using the -m switch B) the Event ID number using the -i switch C) the Event Type using the -t switch - the Event Type is a number: 1=3DError,2=3DWarning,4=3DInformation,8=3DSuccess,16=3DFailure D) the Event Source - in my experience, I have found this value to be case-sensitive. E) any combination of these switches Execution Though there is no documentation to verify this, I have found the plugin to work like this: it seems to sort of only "keep track" of the matching events since the last Nagios check. So if you get a matching event that occurs infrequently, you will get a critical notification from Nagios when that event appears in the log. However during the next service check, you will get a Recovery alert because that same event has not appeared since the last service check - assuming you are configured to send and receive notifications in that scenario. I've only had this working for a day or two, so it's too early to tell if there is anything to watch out for. But I know if this message appeared in the list before I started, it would have made things much easier. Hopefully you will find it useful. And thanks again to the developers who made the plugin in the first place! |
|
From: <ben...@id...> - 2004-05-25 07:45:39
|
Dear Open Source developer I am doing a research project on "Fun and Software Development" in which I kindly invite you to participate. You will find the online survey under http://fasd.ethz.ch/qsf/. The questionnaire consists of 53 questions and you will need about 15 minutes to complete it. With the FASD project (Fun and Software Development) we want to define the motivational significance of fun when software developers decide to engage in Open Source projects. What is special about our research project is that a similar survey is planned with software developers in commercial firms. This procedure allows the immediate comparison between the involved individuals and the conditions of production of these two development models. Thus we hope to obtain substantial new insights to the phenomenon of Open Source Development. With many thanks for your participation, Benno Luthiger PS: The results of the survey will be published under http://www.isu.unizh.ch/fuehrung/blprojects/FASD/. We have set up the mailing list fa...@we... for this study. Please see http://fasd.ethz.ch/qsf/mailinglist_en.html for registration to this mailing list. _______________________________________________________________________ Benno Luthiger Swiss Federal Institute of Technology Zurich 8092 Zurich Mail: benno.luthiger(at)id.ethz.ch _______________________________________________________________________ |
|
From: <Mar...@na...> - 2003-08-28 08:19:00
|
<P>Hi,</P><P> </P><P>the Problem is, that you are using the same uniqu=
e id (-s parameter =3D a) for both service definitions.</P><P>The Documenta=
tion may not make this point clear enough.</P><P>The unique id is used by t=
he agent to store the last processed event number.</P><P>in a future versio=
n this may not be needed anymore, but at the moment make sure that any serv=
ice definition uses its own unique id.</P><P>and to avoid problems with tes=
ting use also a different unique id on the command line.</P><P>define servi=
ce {<BR>host=5Fname =
Host1<BR>service=5Fdescription &n=
bsp; Event log - System<BR>check=5Fcommand  =
; check=5Fwin=5Feventlog!a!System!=
.*:+1<BR>...</P><P>define service {<BR>host=5Fname &nb=
sp; Host1<BR>service=5Fdesc=
ription Event log - Security<BR>ch=
eck=5Fcommand  =
;check=5Fwin=5Feventlog!B!Security!.*:+1<BR>...</P><P>./check=5Fwin=5Fevent=
log.pl -H 192.168.0.2 -s commandlineID -l System -m .*:+1</P><P> </P><=
P>please let me know if this solved your problems...</P><P>Martin Schmitz<B=
R>net&works Netzwerke und Service GmbH<BR>Luetzerodestrasse 12<BR>D-301=
61 Hannover, Germany<BR><BR>PGP fingerprint: 225E A59C C08A 9ED5 9003 01A1 =
399B BFE0 6450 CA40<BR><BR>*** Besuchen Sie uns im Netz: <A HREF=3Dhttp://w=
ww.naw.de>http://www.naw.de</A> !!! ***</P><P> <BR><FONT SIZE=3D2><B>&=
lt;Mag...@te...></B></FONT><BR><FONT SIZE=3D2>Gesendet =
von: nap...@li...</FONT><BR><FONT SIZE=3D2>08/2=
8/2003 03:03 AM ZE2</FONT><BR><BR> <FONT SIZE=3D2>An:</FONT> <FONT SIZE=3D2=
><nap...@li...></FONT><BR> <FONT SIZE=3D2>Kopie=
:</FONT> <BR> <FONT SIZE=3D2>Blindkopie:</FONT> <BR> <FONT SIZE=3D2>Thema:<=
/FONT> <FONT SIZE=3D2>[Naplax-users] Critical error that doesn't go away.</=
FONT><BR> <BR><BR></P><P><FONT FACE=3D"Monospace,Courier">Hiyas,<BR>I got a=
problem with the check=5Fwin=5Feventlog addon.<BR>The problem comes and go=
es.<BR></FONT><BR><FONT FACE=3D"Monospace,Courier">Sometimes when a problem=
is reported to Nagios. The alert is somewhat consistent, and does not go b=
ack to "EventLog OK".<BR></FONT><BR><FONT FACE=3D"Monospace,Couri=
er">It can sometimes take hours before it reports "EventLog OK", =
again.<BR>For example, i got two sequences running now, both has been repor=
ted as<BR>CRITICAL for over an hour. Both sequences are checked once a minu=
te.<BR></FONT><BR><FONT FACE=3D"Monospace,Courier">From Nagios:<BR>--------=
---------------snip----------------------<BR>Service: Event log - Security<=
BR>Status: CRITICAL<BR>Last check: 2003-08-28 02:02:29<BR>Duration: 0d 1h 1=
9m 19s<BR>Attempt: 1/1<BR>Status Information: Found 125 errors. Last was: E=
VT=5FID: 529 Time: Sun Aug 24 04:43:03 2003 Logon Failure:<BR></FONT><BR><F=
ONT FACE=3D"Monospace,Courier">Service: Event log - System<BR>Status: CRITI=
CAL<BR>Last check: 2003-08-28 02:02:29<BR>Duration: 0d 2h 5m 26s 1/1<BR>Sta=
tus Information: Found 315 errors. Last was: EVT=5FID: 7031 Time: Wed Aug 2=
7 21:50:09 2003 The Nagios Remote Plugin Executor for NT/W2K service termin=
ated unexpectedly. It has done this 1 time(s). The following corrective act=
ion will be taken in 60000 milliseconds: Restart the service.<BR>----------=
-------------snip----------------------<BR></FONT><BR><FONT FACE=3D"Monospa=
ce,Courier">Though, if i check via a consoll it checks out ok, the second t=
ry,<BR>like it should. Though not all the time, sometimes when i wait a min=
ute<BR>or two before testing again, it reports the same error again, even<B=
R>after i've got EventLog OK.<BR>------------snip; normal operation--------=
-----<BR>[user@system libexec]# ./check=5Fwin=5Feventlog.pl -H 192.168.0.2 =
-s a -l System -m .*:+1<BR>Found 453 errors. Last was: EVT=5FID: 26 Time: W=
ed Aug 27 23:38:55 2003 Application popup: 16 bit MS-DOS Subsystem : C:\sla=
sk\path\CHECK=5F~1\application.exe<BR></FONT><BR><FONT FACE=3D"Monospace,Co=
urier">[user@system libexec]# ./check=5Fwin=5Feventlog.pl -H 192.168.0.2 -s=
a -l System m .*:+1<BR>EventLog OK<BR>-----------------------snip---------=
-------------<BR></FONT><BR><FONT FACE=3D"Monospace,Courier">From my servic=
es.cfg:<BR>--------------snip--------------<BR>define service {<BR>host=5Fn=
ame &=
nbsp;Host1<BR>service=5Fdescription &nbs=
p;Event log - System<BR>check=5Fcommand =
check=5Fwin=5Feventlog!a!System!.*:+1<BR>max=5Fc=
heck=5Fattempts 1<BR>normal=5Fche=
ck=5Finterval 1<BR>retry=5Fcheck=5Finterv=
al 1<BR>check=5Fperiod &nb=
sp; 24x7<BR>notification=5Finterv=
al 120<BR>notification=5Fperiod &n=
bsp; none<BR>contact=5Fgroups &nbs=
p; hostgroup1<BR>is=5Fvolatile &n=
bsp; 1<BR>}<BR>defin=
e service {<BR>host=5Fname =
Host1<BR>service=5Fdescription &n=
bsp; Event log - Security<BR>check=5Fcommand &nb=
sp; check=5Fwin=5Feventlog!=
a!Security!.*:+1<BR>max=5Fcheck=5Fattempts &nbs=
p; 1<BR>normal=5Fcheck=5Finterval =
1<BR>retry=5Fcheck=5Finterval 1<BR>check=
=5Fperiod 24=
x7<BR>notification=5Finterval 120<BR>noti=
fication=5Fperiod none<BR>contact=
=5Fgroups hostgroup=
1<BR>is=5Fvolatile =
1<BR>}<BR>--------------snip--------------<BR>From my checkcom=
mands.cfg<BR>--------------snip--------------<BR>ddefine command {<BR>comma=
nd=5Fname ch=
eck=5Fwin=5Feventlog<BR>command=5Fline &=
nbsp; $USER1$/check=5Fwin=5Feventlog.pl -H $HOSTADDRES=
S$ -s $ARG1$ -l $ARG2$ -t $ARG3$<BR>}<BR>--------------snip--------------<B=
R></FONT><BR><FONT FACE=3D"Monospace,Courier">My system information:<BR></F=
ONT><BR><FONT FACE=3D"Monospace,Courier">I run Nagios on Redhat 7.2 (Linux =
2.4.20-18.7)<BR>I use Nagios configured with MySQL-xdata (All data exept se=
rvices, checkcommands.cfg's etc are logged to a MySQL database.<BR>Nothing =
strange.<BR></FONT><BR><FONT FACE=3D"Monospace,Courier">I figure that there=
is some error in the handeling of errors in the<BR>addon.<BR></FONT><BR><F=
ONT FACE=3D"Monospace,Courier">I've tested both check=5Fwin=5Feventlog-0.1.=
0<BR>and from the CVS:<BR>check=5Fwin=5Feventlog.pl 1.5<BR>eventlog=5Fagent=
.exe 1.3<BR>eventlog=5Fagent.exe is run on a regular Windows 2000 professio=
nal server (English).<BR></FONT><BR><FONT FACE=3D"Monospace,Courier">I run =
it by double clicking on it in explorer, not as a service.<BR>Exept for thi=
s strange problem that comes and goes, it's working fine.<BR></FONT><BR><FO=
NT FACE=3D"Monospace,Courier">Please advice.<BR></FONT><BR><FONT FACE=3D"Mo=
nospace,Courier">Cheers,<BR>Magnus Glantz<BR></FONT><BR><BR><FONT FACE=3D"M=
onospace,Courier">-------------------------------------------------------<B=
R>This sf.net email is sponsored by:ThinkGeek<BR>Welcome to geek heaven.<BR=
><A HREF=3Dhttp://thinkgeek.com/sf>http://thinkgeek.com/sf</A><BR>=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F<BR>Naplax-users m=
ailing list<BR>Nap...@li...<BR><A HREF=3Dhttps://list=
s.sourceforge.net/lists/listinfo/naplax-users>https://lists.sourceforge.net=
/lists/listinfo/naplax-users</A></FONT></P>=
|
|
From: <Mag...@te...> - 2003-08-28 01:03:26
|
Hiyas,
I got a problem with the check_win_eventlog addon.
The problem comes and goes.
=20
Sometimes when a problem is reported to Nagios. The alert is somewhat =
consistent, and does not go back to "EventLog OK".
It can sometimes take hours before it reports "EventLog OK", again.
For example, i got two sequences running now, both has been reported as
CRITICAL for over an hour. Both sequences are checked once a minute.
=20
From Nagios:
-----------------------snip----------------------
Service: Event log - Security=20
Status: CRITICAL=20
Last check: 2003-08-28 02:02:29
Duration: 0d 1h 19m 19s
Attempt: 1/1
Status Information: Found 125 errors. Last was: EVT_ID: 529 Time: Sun =
Aug 24 04:43:03 2003 Logon Failure:
=20
Service: Event log - System=20
Status: CRITICAL
Last check: 2003-08-28 02:02:29
Duration: 0d 2h 5m 26s 1/1=20
Status Information: Found 315 errors. Last was: EVT_ID: 7031 Time: Wed =
Aug 27 21:50:09 2003 The Nagios Remote Plugin Executor for NT/W2K =
service terminated unexpectedly. It has done this 1 time(s). The =
following corrective action will be taken in 60000 milliseconds: Restart =
the service.
-----------------------snip----------------------
=20
Though, if i check via a consoll it checks out ok, the second try,
like it should. Though not all the time, sometimes when i wait a minute
or two before testing again, it reports the same error again, even
after i've got EventLog OK.
------------snip; normal operation-------------
[user@system libexec]# ./check_win_eventlog.pl -H 192.168.0.2 -s a -l =
System -m .*:+1
Found 453 errors. Last was: EVT_ID: 26 Time: Wed Aug 27 23:38:55 2003 =
Application popup: 16 bit MS-DOS Subsystem : =
C:\slask\path\CHECK_~1\application.exe
=20
[user@system libexec]# ./check_win_eventlog.pl -H 192.168.0.2 -s a -l =
System m .*:+1=20
EventLog OK
-----------------------snip----------------------
=20
From my services.cfg:
--------------snip--------------
define service {
host_name Host1
service_description Event log - System
check_command check_win_eventlog!a!System!.*:+1
max_check_attempts 1
normal_check_interval 1
retry_check_interval 1
check_period 24x7
notification_interval 120
notification_period none
contact_groups hostgroup1
is_volatile 1
}
define service {
host_name Host1
service_description Event log - Security
check_command check_win_eventlog!a!Security!.*:+1
max_check_attempts 1
normal_check_interval 1
retry_check_interval 1
check_period 24x7
notification_interval 120
notification_period none
contact_groups hostgroup1
is_volatile 1
}
--------------snip--------------
From my checkcommands.cfg
--------------snip--------------
ddefine command {
command_name check_win_eventlog
command_line $USER1$/check_win_eventlog.pl -H =
$HOSTADDRESS$ -s $ARG1$ -l $ARG2$ -t $ARG3$
}
--------------snip--------------
=20
My system information:
I run Nagios on Redhat 7.2 (Linux 2.4.20-18.7)
I use Nagios configured with MySQL-xdata (All data exept services, =
checkcommands.cfg's etc are logged to a MySQL database.
Nothing strange.
=20
I figure that there is some error in the handeling of errors in the
addon.
=20
I've tested both check_win_eventlog-0.1.0
and from the CVS:
check_win_eventlog.pl 1.5
eventlog_agent.exe 1.3
eventlog_agent.exe is run on a regular Windows 2000 professional server =
(English).
I run it by double clicking on it in explorer, not as a service.
Exept for this strange problem that comes and goes, it's working fine.
=20
Please advice.
=20
Cheers,
Magnus Glantz
|
3 messages has been excluded from this view by a project administrator.
