<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
Hello,<br>
<br>
It is generally much much simpler to use the new SQL-like syntax.<br>
Then you end up writing something which looks a bit like this:<br>
<br>
generated > -1d AND severity NOT IN ('success', 'informational')<br>
<br>
There is some information on the wiki for how to use this here: <a
href="http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog">http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog</a><br>
<br>
For instance this could be a good starting point:<br>
<br>
CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1
"filter=<b>generated gt -2d AND severity NOT IN ('success',
'informational')</b>" truncate=800 unique descriptions
"syntax=%severity%: %source%: %message% (%count%)"<br>
<br>
This requires a "modern" (as in 0.3.8) version of NSClient++.<br>
<br>
// Michael Medin<br>
<br>
2011-02-21 11:27 Tristan Drinkwater skrev:
<blockquote
cite="mid:4D1C2CCEC6C4E448B52CE2BBCC201EC815ACB6E88D@althamex1.micro-p.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Morning all (depending where you are in the
world..)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m trying to catch all error and warning
logs from application event folder but I’m struggling with the
filter+generated bit.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In a nut shell all I want is anything red
that happened within the last 24 hours.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here is my syntax I’m running from the
libexec folder till I get it right;<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">./check_nrpe –H ip –p 5667 –c CheckEventLog
–a filter=in file=application filter.eventType==error
filter+generated=\<24h MaxCrit=1<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This return’s 12 errors. Only 3 of which
happened in the last 24 hours.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It seems to be either not using the filter
I’ve detailed or making up its own one!!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Can anyone see what I’m doing wrong?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks in advance <span
style="font-family: Wingdings;">J</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<hr>
<font color="Gray" face="Arial" size="1">Micro Peripherals
Limited.<br>
Registered Office: Shorten Brook Way, Altham Business Park,
Altham,<br>
Accrington, Lancs. BB5 5YJ. Tel: (01282) 776776 Fax: (01282)
858790<br>
Micro Peripherals Limited. Registered in England No. 1511931.
VAT No. GB 864 4387 91<br>
<br>
DISCLAIMER:<br>
This e-mail and attachments are confidential and are intended
solely for the use of the individual to<br>
whom it is addressed. Any views or opinions presented are solely
those of the author and do not<br>
necessarily represent those of Micro Peripherals Limited.<br>
If you are not the intended recipient, be advised that you have
received this Email in error and that<br>
any use, dissemination, forwarding, printing, or copying of this
Email is strictly prohibited. If this<br>
transmission is received in error please notify the sender
immediately and delete this message from<br>
your E-mail system.<br>
All electronic transmissions to and from Micro Peripherals Ltd
are recorded and may be monitored.<br>
</font>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
<a class="moz-txt-link-freetext" href="http://p.sf.net/sfu/intel-dev2devfeb">http://p.sf.net/sfu/intel-dev2devfeb</a></pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Nagios-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/nagios-users">https://lists.sourceforge.net/lists/listinfo/nagios-users</a>
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null</pre>
</blockquote>
<br>
</body>
</html>