NC_Net EVENTLOG quirk
Greg Vickers
g.vickers at qut.edu.au
Fri Apr 1 02:02:38 CEST 2005
Paul,
If you don't get a reply within 23-48 hours, generally not. Try Google.
Try the author. Try this: http://www.catb.org/~esr/faqs/smart-questions.html
Sorry, HTH, Greg
Paul Bourgeau wrote:
>Can anyone help???
>
>
>
>Thank You,
>Paul Bourgeau
>
>Ph: 262-523-3300 x60279
>Fx: 208-898-2371
>psbourgeau at mpccorp.com
>
>
>
>
>
>-----Original Message-----
>From: nagios-users-admin at lists.sourceforge.net
>[mailto:nagios-users-admin at lists.sourceforge.net] On Behalf Of Paul
>Bourgeau
>Sent: Wednesday, March 23, 2005 10:57 AM
>To: nagios-users at lists.sourceforge.net
>Subject: [Nagios-users] NC_Net EVENTLOG quirk
>
>I have been successful in getting this check to work with one exception.
>I am trying to get notifications of whenever Norton AntiVirus makes a
>specific log entry and it doesn't seem to work.
>
>For instance, when it logs an entry to state that the definitions are
>current, Windows logs the following:
>
>Source:Norton AntiVirus
>EventID:16
>Type:Information
>Description:Virus Definitions are current.
>
>When I run this check, it does not work....
>./check_nc_net -H hostname -v EVENTLOG -l "application,any,1440,1,Norton
>AntiVirus,0,1,16"
>OK: No entries in application log recently.
>
>But when I generalize the check, it comes back with an entry......
>./check_nc_net -H hostname -v EVENTLOG -l "application,any,1440,1,Norton
>AntiVirus,0,0"
>14 Errors with ID:
>16711696;16711704;16711703;16711685;16711683;16711686;16711686;16711686;
>16711686;16711686;16711686;16711686;16711685;;Virus Found!Virus name:
>EICAR Test String in File:
>C:\RECYCLER\S-1-5-21-790525478-1547161642-1801674531-500\Dc466.txt by:
>Scheduled sca;. Action: Clean failed : Quarantine succeeded :
>
>
>I have noticed that the checks that aren't working correctly either have
>spaces in the source name or under 3 digit ID's. Is this just
>coincidence?? In the documentation it states that it "ignores extra
>white space in the Regular expression".
>
>Any other Event ID check works fine, i.e...
>
>Source:NC_Net
>EventID:3005
>Type:Information
>Description:NC_Net Service Ending:-NC_Net 2.21 03/13/05
>
>./check_nc_net -H hostname -v EVENTLOG -l
>application,any,1440,0,0,1,3005
>1 Errors with ID: 3005 LAST - ID 3005: NC_Net Service Ending :-NC_Net
>2.21 02/25/05
>
>
>I have tried this on v2.20 and v2.21 with the same result.
>
>Thanks in advance for the help!!
>
>Disclaimer: 23/3/2005
>
>MPC Computers is providing the following information in compliance with
>federal regulations:
>
>MPC Computers, LLC
>906 E. Karcher Road
>Nampa, Idaho 83687
>1-888-224-4247
>http://www.mpccorp.com
>
>To discontinue receiving e-mail communications from MPC in the future,
>please go to:
>http://www.mpccorp.com/email/manage.html and follow the instructions.
>
>
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon
>2005
>Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
>Embedded(r) & Windows Mobile(tm) platforms, applications & content.
>Register
>by 3/29 & save $300 http://ads.osdn.com/?ad_idh83&alloc_id149&op=ick
>_______________________________________________
>Nagios-users mailing list
>Nagios-users at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/nagios-users
>::: Please include Nagios version, plugin version (-v) and OS when
>reporting any issue.
>::: Messages without supporting info will risk being sent to /dev/null
>
>Disclaimer: 31/3/2005
>
>MPC Computers is providing the following information in compliance with federal regulations:
>
>MPC Computers, LLC
>906 E. Karcher Road
>Nampa, Idaho 83687
>1-888-224-4247
>http://www.mpccorp.com
>
>To discontinue receiving e-mail communications from MPC in the future, please go to:
>http://www.mpccorp.com/email/manage.html and follow the instructions.
>
>
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by Demarc:
>A global provider of Threat Management Solutions.
>Download our HomeAdmin security software for free today!
>http://www.demarc.com/Info/Sentarus/hamr30
>_______________________________________________
>Nagios-users mailing list
>Nagios-users at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/nagios-users
>::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
>::: Messages without supporting info will risk being sent to /dev/null
>
>
>
--
Greg Vickers
Computer Systems Officer
Teaching and Learning Support Services, Systems and Architecture
Queensland University of Technology
Phone: (07) 3864 8276
Mobile: 0416 001 674, SD #6 6147
Email: g.vickers at qut.edu.au
CRICOS No. 00213J
-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/Info/Sentarus/hamr30
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list