NC_Net EVENTLOG quirk
Paul Bourgeau
psbourgeau at mpccorp.com
Thu Mar 31 18:55:38 CEST 2005
Can anyone help???
Thank You,
Paul Bourgeau
Ph: 262-523-3300 x60279
Fx: 208-898-2371
psbourgeau at mpccorp.com
-----Original Message-----
From: nagios-users-admin at lists.sourceforge.net
[mailto:nagios-users-admin at lists.sourceforge.net] On Behalf Of Paul
Bourgeau
Sent: Wednesday, March 23, 2005 10:57 AM
To: nagios-users at lists.sourceforge.net
Subject: [Nagios-users] NC_Net EVENTLOG quirk
I have been successful in getting this check to work with one exception.
I am trying to get notifications of whenever Norton AntiVirus makes a
specific log entry and it doesn't seem to work.
For instance, when it logs an entry to state that the definitions are
current, Windows logs the following:
Source:Norton AntiVirus
EventID:16
Type:Information
Description:Virus Definitions are current.
When I run this check, it does not work....
./check_nc_net -H hostname -v EVENTLOG -l "application,any,1440,1,Norton
AntiVirus,0,1,16"
OK: No entries in application log recently.
But when I generalize the check, it comes back with an entry......
./check_nc_net -H hostname -v EVENTLOG -l "application,any,1440,1,Norton
AntiVirus,0,0"
14 Errors with ID:
16711696;16711704;16711703;16711685;16711683;16711686;16711686;16711686;
16711686;16711686;16711686;16711686;16711685;;Virus Found!Virus name:
EICAR Test String in File:
C:\RECYCLER\S-1-5-21-790525478-1547161642-1801674531-500\Dc466.txt by:
Scheduled sca;. Action: Clean failed : Quarantine succeeded :
I have noticed that the checks that aren't working correctly either have
spaces in the source name or under 3 digit ID's. Is this just
coincidence?? In the documentation it states that it "ignores extra
white space in the Regular expression".
Any other Event ID check works fine, i.e...
Source:NC_Net
EventID:3005
Type:Information
Description:NC_Net Service Ending:-NC_Net 2.21 03/13/05
./check_nc_net -H hostname -v EVENTLOG -l
application,any,1440,0,0,1,3005
1 Errors with ID: 3005 LAST - ID 3005: NC_Net Service Ending :-NC_Net
2.21 02/25/05
I have tried this on v2.20 and v2.21 with the same result.
Thanks in advance for the help!!
Disclaimer: 23/3/2005
MPC Computers is providing the following information in compliance with
federal regulations:
MPC Computers, LLC
906 E. Karcher Road
Nampa, Idaho 83687
1-888-224-4247
http://www.mpccorp.com
To discontinue receiving e-mail communications from MPC in the future,
please go to:
http://www.mpccorp.com/email/manage.html and follow the instructions.
-------------------------------------------------------
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon
2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content.
Register
by 3/29 & save $300 http://ads.osdn.com/?ad_idh83&alloc_id149&op=ick
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
Disclaimer: 31/3/2005
MPC Computers is providing the following information in compliance with federal regulations:
MPC Computers, LLC
906 E. Karcher Road
Nampa, Idaho 83687
1-888-224-4247
http://www.mpccorp.com
To discontinue receiving e-mail communications from MPC in the future, please go to:
http://www.mpccorp.com/email/manage.html and follow the instructions.
-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/Info/Sentarus/hamr30
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list