NC_Net EVENTLOG quirk
Paul Bourgeau
psbourgeau at mpccorp.com
Wed Mar 23 17:57:11 CET 2005
I have been successful in getting this check to work with one exception. I am trying to get notifications of whenever Norton AntiVirus makes a specific log entry and it doesn't seem to work.
For instance, when it logs an entry to state that the definitions are current, Windows logs the following:
Source:Norton AntiVirus
EventID:16
Type:Information
Description:Virus Definitions are current.
When I run this check, it does not work....
./check_nc_net -H hostname -v EVENTLOG -l "application,any,1440,1,Norton AntiVirus,0,1,16"
OK: No entries in application log recently.
But when I generalize the check, it comes back with an entry......
./check_nc_net -H hostname -v EVENTLOG -l "application,any,1440,1,Norton AntiVirus,0,0"
14 Errors with ID: 16711696;16711704;16711703;16711685;16711683;16711686;16711686;16711686;16711686;16711686;16711686;16711686;16711685;;Virus Found!Virus name: EICAR Test String in File: C:\RECYCLER\S-1-5-21-790525478-1547161642-1801674531-500\Dc466.txt by: Scheduled sca;. Action: Clean failed : Quarantine succeeded :
I have noticed that the checks that aren't working correctly either have spaces in the source name or under 3 digit ID's. Is this just coincidence?? In the documentation it states that it "ignores extra white space in the Regular expression".
Any other Event ID check works fine, i.e...
Source:NC_Net
EventID:3005
Type:Information
Description:NC_Net Service Ending:-NC_Net 2.21 03/13/05
./check_nc_net -H hostname -v EVENTLOG -l application,any,1440,0,0,1,3005
1 Errors with ID: 3005 LAST - ID 3005: NC_Net Service Ending :-NC_Net 2.21 02/25/05
I have tried this on v2.20 and v2.21 with the same result.
Thanks in advance for the help!!
Disclaimer: 23/3/2005
MPC Computers is providing the following information in compliance with federal regulations:
MPC Computers, LLC
906 E. Karcher Road
Nampa, Idaho 83687
1-888-224-4247
http://www.mpccorp.com
To discontinue receiving e-mail communications from MPC in the future, please go to:
http://www.mpccorp.com/email/manage.html and follow the instructions.
-------------------------------------------------------
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content. Register
by 3/29 & save $300 http://ads.osdn.com/?ad_idh83&alloc_id149&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list