Hi Guys,
How is the check_win_eventlog used?
I have no idea what is expected for ARG2,3,4 and 5. The documentation doesn't seem to cover this. I tried to use the Nagios documentation for the, but I am still getting errors in trying to use it.
Please guide me in the right direction.
Many Thanks
Charles
check_win_eventlog usage
-
charesdewit
- Junior Member
- Posts: 8
- Joined: Mon Jul 20, 2020 7:18 am
- Location: Pietermaritzburg, ZA
Re: check_win_eventlog usage
Have not used it myself but this is from a copy of my check_win documentation.
Rick
Usage: check_win_eventlog -h <HOST> [-p <PORT>] -l <SOURCENAME> -s <ID>
[-m <MESSAGETEXT>] [-i <EVENT_IDS>] [-t <EVENT_TYPES>] [-q <SOURCES>]
-H hostname or IP address.
-p port number (defaults to 1903)
-l The Eventlog protocol name. This is one of 'System', 'Application' or
'Security'. Some Systems may have additional protocols. The names of those
protocols can be found by looking into the registry key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog].
-s any unique ID string that is used by the agent to identify a request.
-m event text filter. A list of regular expressions divided by colons (:).
If any of these regular expressions matches the event desciption message,
the event will NOT be selected for notification.
If a RegExp begins with '+', the expression will reset
the match. This way you can do an exclude all but xy.
Example: '.*:+ALARM' would detect
messages that include 'ALARM' but ignore anything else.
-i Like -m but for "EventID"
-t Like -m but for "EventType"
-q Like -m but for "Source"
Rick
Usage: check_win_eventlog -h <HOST> [-p <PORT>] -l <SOURCENAME> -s <ID>
[-m <MESSAGETEXT>] [-i <EVENT_IDS>] [-t <EVENT_TYPES>] [-q <SOURCES>]
-H hostname or IP address.
-p port number (defaults to 1903)
-l The Eventlog protocol name. This is one of 'System', 'Application' or
'Security'. Some Systems may have additional protocols. The names of those
protocols can be found by looking into the registry key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog].
-s any unique ID string that is used by the agent to identify a request.
-m event text filter. A list of regular expressions divided by colons (:).
If any of these regular expressions matches the event desciption message,
the event will NOT be selected for notification.
If a RegExp begins with '+', the expression will reset
the match. This way you can do an exclude all but xy.
Example: '.*:+ALARM' would detect
messages that include 'ALARM' but ignore anything else.
-i Like -m but for "EventID"
-t Like -m but for "EventType"
-q Like -m but for "Source"