CheckEventLog
CheckEventLog
— CheckEventLog¶Check for errors and warnings in the event log.
Queries (Overview):
A list of all available queries (check commands)
Command | Description |
---|---|
check_eventlog |
Check for errors in the event log. |
checkeventlog |
Legacy version of check_eventlog |
Commands (Overview):
TODO: Add a list of all external commands (this is not check commands)
Configuration (Overview):
Common Keys:
Advanced keys:
Path / Section | Key | Default Value | Description |
---|---|---|---|
/settings/eventlog/real-time/filters/default |
debug |
DEBUG | |
/settings/eventlog/real-time/filters/default |
escape html |
ESCAPE HTML | |
/settings/eventlog/real-time/filters/default |
logs |
FILES | |
/settings/eventlog/real-time/filters/default |
perf config |
PERF CONFIG | |
/settings/eventlog/real-time/filters/default |
source id |
SOURCE ID | |
/settings/eventlog/real-time/filters/default |
target id |
TARGET ID |
Sample keys:
Setting up real time monitoring can be a bit daunting for first time users. But it is not as difficult as it might seem.
The basic idea is depict in the following figure.
We have a filter which listens to event log entries. These entries are (when they matched) turned into messages and statuses which is then sent onward to various channels. On the other end of these channels are (hopefully) someone who is interested in the message.
In most cases the first channel you are interested in is NSCA which is the default name where the NSCACLient listenes. It will in turn foirward all incoming messages on to Nagios via NSCA.
So in short we need to configure three things # Activate real time filtering # Add a filter which listenes for events # Setup a destination
To setup real time filtering we only need a single flag (as well as the eventlog module).
configuration:
[/mnodules]
ChecEventLog=enabled
[/.../]
realtime = enabled
Adding this will not do much since we dont have a filter yet but adding one is prettyb simple as well so lets gon ahead and do that.
configuration:
[/...]
If we were to test this (and please do go ahead) we would start getting warning on the concole about no one listening to our events.
But noe we wnd up in a strange situation, how can we actually test this configuration? How can we generate messages in the windows eventlog? Fortunetly NSClient++ can help us there as well.
execute the following to inser an error into the everntlog:
...
A quick reference for all available queries (check commands) in the CheckEventLog module.
check_eventlog
¶CheckEventLog
check_eventlog
Usage:
Option | Default Value | Description |
---|---|---|
filter |
level in (‘warning’, ‘error’, ‘critical’) | Filter which marks interesting items. |
warning |
level = ‘warning’, problem_count > 0 | Filter which marks items which generates a warning state. |
warn |
Short alias for warning | |
critical |
level in (‘error’, ‘critical’) | Filter which marks items which generates a critical state. |
crit |
Short alias for critical. | |
ok |
Filter which marks items which generates an ok state. | |
debug |
N/A | Show debugging information in the log |
show-all |
N/A | Show details for all matches regardless of status (normally details are only showed for warnings and criticals). |
empty-state |
ok | Return status to use when nothing matched filter. |
perf-config |
level(ignored:true) | Performance data generation configuration |
escape-html |
N/A | Escape any < and > characters to prevent HTML encoding |
help |
N/A | Show help screen (this screen) |
help-pb |
N/A | Show help screen as a protocol buffer payload |
show-default |
N/A | Show default values for a given command |
help-short |
N/A | Show help screen (short format). |
unique-index |
Unique syntax. | |
top-syntax |
${status}: ${count} message(s) ${problem_list} | Top level syntax. |
ok-syntax |
%(status): Event log seems fine | ok syntax. |
empty-syntax |
%(status): No entries found | Empty syntax. |
detail-syntax |
${file} ${source} (${message}) | Detail level syntax. |
perf-syntax |
${file}_${source} | Performance alias syntax. |
file |
File to read (can be specified multiple times to check multiple files. | |
log |
Same as file | |
scan-range |
Date range to scan. | |
truncate-message |
Maximum length of message for each event log message text. | |
unique |
1 | Shorthand for setting default unique index: ${log}-${source}-${id}. |
filter
(CheckEventLog, check_eventlog)¶warning
(CheckEventLog, check_eventlog)¶warn
(CheckEventLog, check_eventlog)¶critical
(CheckEventLog, check_eventlog)¶crit
(CheckEventLog, check_eventlog)¶ok
(CheckEventLog, check_eventlog)¶Key | Value |
count | Number of items matching the filter. Common option for all checks. |
total | Total number of items. Common option for all checks. |
ok_count | Number of items matched the ok criteria. Common option for all checks. |
warn_count | Number of items matched the warning criteria. Common option for all checks. |
crit_count | Number of items matched the critical criteria. Common option for all checks. |
problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
list | A list of all items which matched the filter. Common option for all checks. |
ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
category | TODO |
computer | Which computer generated the message |
customer | TODO |
file | The logfile name |
guid | The logfile name |
id | Eventlog id |
keyword | The keyword associated with this event |
level | Severity level (error, warning, info, success, auditSucess, auditFailure) |
log | alias for file |
message | The message rendered as a string. |
provider | Source system. |
rawid | Raw message id (contains many other fields all baked into a single number) |
source | Source system. |
task | The type of event (task) |
type | alias for level (old, deprecated) |
written | When the message was written to file |
debug
(CheckEventLog, check_eventlog)¶show-all
(CheckEventLog, check_eventlog)¶empty-state
(CheckEventLog, check_eventlog)¶perf-config
(CheckEventLog, check_eventlog)¶escape-html
(CheckEventLog, check_eventlog)¶help
(CheckEventLog, check_eventlog)¶help-pb
(CheckEventLog, check_eventlog)¶show-default
(CheckEventLog, check_eventlog)¶help-short
(CheckEventLog, check_eventlog)¶unique-index
(CheckEventLog, check_eventlog)¶Key | Value |
category | TODO |
computer | Which computer generated the message |
customer | TODO |
file | The logfile name |
guid | The logfile name |
id | Eventlog id |
keyword | The keyword associated with this event |
level | Severity level (error, warning, info, success, auditSucess, auditFailure) |
log | alias for file |
message | The message rendered as a string. |
provider | Source system. |
rawid | Raw message id (contains many other fields all baked into a single number) |
source | Source system. |
task | The type of event (task) |
type | alias for level (old, deprecated) |
written | When the message was written to file |
top-syntax
(CheckEventLog, check_eventlog)¶Key | Value |
count | Number of items matching the filter. Common option for all checks. |
total | Total number of items. Common option for all checks. |
ok_count | Number of items matched the ok criteria. Common option for all checks. |
warn_count | Number of items matched the warning criteria. Common option for all checks. |
crit_count | Number of items matched the critical criteria. Common option for all checks. |
problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
list | A list of all items which matched the filter. Common option for all checks. |
ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
ok-syntax
(CheckEventLog, check_eventlog)¶empty-syntax
(CheckEventLog, check_eventlog)¶Key | Value |
count | Number of items matching the filter. Common option for all checks. |
total | Total number of items. Common option for all checks. |
ok_count | Number of items matched the ok criteria. Common option for all checks. |
warn_count | Number of items matched the warning criteria. Common option for all checks. |
crit_count | Number of items matched the critical criteria. Common option for all checks. |
problem_count | Number of items matched either warning or critical criteria. Common option for all checks. |
list | A list of all items which matched the filter. Common option for all checks. |
ok_list | A list of all items which matched the ok criteria. Common option for all checks. |
warn_list | A list of all items which matched the warning criteria. Common option for all checks. |
crit_list | A list of all items which matched the critical criteria. Common option for all checks. |
problem_list | A list of all items which matched either the critical or the warning criteria. Common option for all checks. |
detail_list | A special list with critical, then warning and finally ok. Common option for all checks. |
status | The returned status (OK/WARN/CRIT/UNKNOWN). Common option for all checks. |
detail-syntax
(CheckEventLog, check_eventlog)¶Key | Value |
category | TODO |
computer | Which computer generated the message |
customer | TODO |
file | The logfile name |
guid | The logfile name |
id | Eventlog id |
keyword | The keyword associated with this event |
level | Severity level (error, warning, info, success, auditSucess, auditFailure) |
log | alias for file |
message | The message rendered as a string. |
provider | Source system. |
rawid | Raw message id (contains many other fields all baked into a single number) |
source | Source system. |
task | The type of event (task) |
type | alias for level (old, deprecated) |
written | When the message was written to file |
perf-syntax
(CheckEventLog, check_eventlog)¶Key | Value |
category | TODO |
computer | Which computer generated the message |
customer | TODO |
file | The logfile name |
guid | The logfile name |
id | Eventlog id |
keyword | The keyword associated with this event |
level | Severity level (error, warning, info, success, auditSucess, auditFailure) |
log | alias for file |
message | The message rendered as a string. |
provider | Source system. |
rawid | Raw message id (contains many other fields all baked into a single number) |
source | Source system. |
task | The type of event (task) |
type | alias for level (old, deprecated) |
written | When the message was written to file |
file
(CheckEventLog, check_eventlog)¶log
(CheckEventLog, check_eventlog)¶scan-range
(CheckEventLog, check_eventlog)¶truncate-message
(CheckEventLog, check_eventlog)¶unique
(CheckEventLog, check_eventlog)¶checkeventlog
¶CheckEventLog
checkeventlog
Usage:
Option | Default Value | Description |
---|---|---|
help |
N/A | Show help screen (this screen) |
help-pb |
N/A | Show help screen as a protocol buffer payload |
show-default |
N/A | Show default values for a given command |
help-short |
N/A | Show help screen (short format). |
MaxWarn |
Maximum value before a warning is returned. | |
MaxCrit |
Maximum value before a critical is returned. | |
MinWarn |
Minimum value before a warning is returned. | |
MinCrit |
Minimum value before a critical is returned. | |
warn |
Maximum value before a warning is returned. | |
crit |
Maximum value before a critical is returned. | |
filter |
The filter to use. | |
file |
The file to check | |
debug |
1 | The file to check |
truncate |
Deprecated and has no meaning | |
descriptions |
1 | Deprecated and has no meaning |
unique |
1 | |
syntax |
%source%, %strings% | The syntax string |
top-syntax |
${list} | The top level syntax string |
scan-range |
TODO |
help
(CheckEventLog, checkeventlog)¶help-pb
(CheckEventLog, checkeventlog)¶show-default
(CheckEventLog, checkeventlog)¶help-short
(CheckEventLog, checkeventlog)¶MaxWarn
(CheckEventLog, checkeventlog)¶MaxCrit
(CheckEventLog, checkeventlog)¶MinWarn
(CheckEventLog, checkeventlog)¶MinCrit
(CheckEventLog, checkeventlog)¶warn
(CheckEventLog, checkeventlog)¶crit
(CheckEventLog, checkeventlog)¶filter
(CheckEventLog, checkeventlog)¶file
(CheckEventLog, checkeventlog)¶debug
(CheckEventLog, checkeventlog)¶truncate
(CheckEventLog, checkeventlog)¶descriptions
(CheckEventLog, checkeventlog)¶unique
(CheckEventLog, checkeventlog)¶syntax
(CheckEventLog, checkeventlog)¶top-syntax
(CheckEventLog, checkeventlog)¶scan-range
(CheckEventLog, checkeventlog)¶/settings/eventlog
(CheckEventLog)¶EVENT LOG SECTION
Section for the EventLog Checker (CheckEventLog.dll).
Key Default Value Description buffer size
131072 BUFFER_SIZE debug
0 DEBUG lookup names
1 LOOKUP NAMES syntax
SYNTAX Sample:
# EVENT LOG SECTION # Section for the EventLog Checker (CheckEventLog.dll). [/settings/eventlog] buffer size=131072 debug=0 lookup names=1 syntax=
buffer size
(CheckEventLog, /settings/eventlog)¶BUFFER_SIZE
The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.Path: /settings/eventlog
Key: buffer size
Default value: 131072
Used by:
CheckEventLog
Sample:
[/settings/eventlog] # BUFFER_SIZE buffer size=131072
debug
(CheckEventLog, /settings/eventlog)¶DEBUG
Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.Path: /settings/eventlog
Key: debug
Default value: 0
Used by:
CheckEventLog
Sample:
[/settings/eventlog] # DEBUG debug=0
lookup names
(CheckEventLog, /settings/eventlog)¶LOOKUP NAMES
Lookup the names of eventlog filesPath: /settings/eventlog
Key: lookup names
Default value: 1
Used by:
CheckEventLog
Sample:
[/settings/eventlog] # LOOKUP NAMES lookup names=1
syntax
(CheckEventLog, /settings/eventlog)¶SYNTAX
Set this to use a specific syntax string for all commands (that don’t specify one).Path: /settings/eventlog
Key: syntax
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog] # SYNTAX syntax=
/settings/eventlog/real-time
(CheckEventLog)¶CONFIGURE REALTIME CHECKING
A set of options to configure the real time checks
Key Default Value Description debug
0 DEBUG enabled
0 REAL TIME CHECKING log
application,system LOGS TO CHECK startup age
30m STARTUP AGE Sample:
# CONFIGURE REALTIME CHECKING # A set of options to configure the real time checks [/settings/eventlog/real-time] debug=0 enabled=0 log=application,system startup age=30m
debug
(CheckEventLog, /settings/eventlog/real-time)¶DEBUG
Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.Path: /settings/eventlog/real-time
Key: debug
Default value: 0
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time] # DEBUG debug=0
enabled
(CheckEventLog, /settings/eventlog/real-time)¶REAL TIME CHECKING
Spawns a background thread which detects issues and reports them back instantly.Path: /settings/eventlog/real-time
Key: enabled
Default value: 0
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time] # REAL TIME CHECKING enabled=0
log
(CheckEventLog, /settings/eventlog/real-time)¶LOGS TO CHECK
Comma separated list of logs to checkPath: /settings/eventlog/real-time
Key: log
Default value: application,system
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time] # LOGS TO CHECK log=application,system
startup age
(CheckEventLog, /settings/eventlog/real-time)¶STARTUP AGE
The initial age to scan when starting NSClient++Path: /settings/eventlog/real-time
Key: startup age
Default value: 30m
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time] # STARTUP AGE startup age=30m
/settings/eventlog/real-time/filters
(CheckEventLog)¶REALTIME FILTERS
A set of filters to use in real-time modeSample:
# REALTIME FILTERS # A set of filters to use in real-time mode [/settings/eventlog/real-time/filters]
/settings/eventlog/real-time/filters/default
(CheckEventLog)¶REAL TIME FILTER DEFENITION
Definition for real time filter:
Key Default Value Description command
COMMAND NAME critical
CRITICAL FILTER debug
0 DEBUG destination
DESTINATION detail syntax
SYNTAX empty message
eventlog found no records EMPTY MESSAGE escape html
0 ESCAPE HTML filter
FILTER log
FILE logs
FILES maximum age
5m MAGIMUM AGE ok
OK FILTER ok syntax
SYNTAX perf config
PERF CONFIG severity
SEVERITY source id
SOURCE ID target
DESTINATION target id
TARGET ID top syntax
SYNTAX warning
WARNING FILTER Sample:
# REAL TIME FILTER DEFENITION # Definition for real time filter: [/settings/eventlog/real-time/filters/default] command= critical= debug=0 destination= detail syntax= empty message=eventlog found no records escape html=0 filter= log= logs= maximum age=5m ok= ok syntax= perf config= severity= source id= target= target id= top syntax= warning=
command
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶COMMAND NAME
The name of the command (think nagios service name) to report up stream (defaults to alias if not set)Path: /settings/eventlog/real-time/filters/default
Key: command
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # COMMAND NAME command=
critical
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶CRITICAL FILTER
If any rows match this filter severity will escalated to CRITICALPath: /settings/eventlog/real-time/filters/default
Key: critical
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # CRITICAL FILTER critical=
debug
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶DEBUG
Enable this to display debug information for this match filterAdvanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/default
Key: debug
Default value: 0
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # DEBUG debug=0
destination
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶DESTINATION
The destination for intercepted messagesPath: /settings/eventlog/real-time/filters/default
Key: destination
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # DESTINATION destination=
detail syntax
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶SYNTAX
Format string for datesPath: /settings/eventlog/real-time/filters/default
Key: detail syntax
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # SYNTAX detail syntax=
empty message
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶EMPTY MESSAGE
The message to display if nothing matches the filter (generally considered the ok state).Path: /settings/eventlog/real-time/filters/default
Key: empty message
Default value: eventlog found no records
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # EMPTY MESSAGE empty message=eventlog found no records
escape html
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶ESCAPE HTML
Escape HTML characters (< and >).Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/default
Key: escape html
Default value: 0
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # ESCAPE HTML escape html=0
filter
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶FILTER
Scan files for matching rows for each matching rows an OK message will be submittedPath: /settings/eventlog/real-time/filters/default
Key: filter
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # FILTER filter=
log
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶FILE
The eventlog record to filter on (if set to ‘all’ means all enabled logs)Path: /settings/eventlog/real-time/filters/default
Key: log
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # FILE log=
logs
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶FILES
The eventlog record to filter on (if set to ‘all’ means all enabled logs)Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/default
Key: logs
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # FILES logs=
maximum age
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶MAGIMUM AGE
How long before reporting “ok”.If this is set to “false” no periodic ok messages will be reported only errors.Path: /settings/eventlog/real-time/filters/default
Key: maximum age
Default value: 5m
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # MAGIMUM AGE maximum age=5m
ok
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶OK FILTER
If any rows match this filter severity will escalated down to OKPath: /settings/eventlog/real-time/filters/default
Key: ok
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # OK FILTER ok=
ok syntax
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶SYNTAX
Format string for datesPath: /settings/eventlog/real-time/filters/default
Key: ok syntax
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # SYNTAX ok syntax=
perf config
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶PERF CONFIG
Performance data configurationAdvanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/default
Key: perf config
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # PERF CONFIG perf config=
severity
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶SEVERITY
THe severity of this message (OK, WARNING, CRITICAL, UNKNOWN)Path: /settings/eventlog/real-time/filters/default
Key: severity
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # SEVERITY severity=
source id
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶SOURCE ID
The name of the source system, will automatically use the remote system if a remote system is called. Almost most sending systems will replace this with current systems hostname if not present. So use this only if you need specific source systems for specific schedules and not calling remote systems.Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/default
Key: source id
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # SOURCE ID source id=
target
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶DESTINATION
Same as destinationPath: /settings/eventlog/real-time/filters/default
Key: target
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # DESTINATION target=
target id
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶TARGET ID
The target to send the message to (will be resolved by the consumer)Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/default
Key: target id
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # TARGET ID target id=
top syntax
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶SYNTAX
Format string for datesPath: /settings/eventlog/real-time/filters/default
Key: top syntax
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # SYNTAX top syntax=
warning
(CheckEventLog, /settings/eventlog/real-time/filters/default)¶WARNING FILTER
If any rows match this filter severity will escalated to WARNINGPath: /settings/eventlog/real-time/filters/default
Key: warning
Default value:
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/default] # WARNING FILTER warning=
/settings/eventlog/real-time/filters/sample
(CheckEventLog)¶REAL TIME FILTER DEFENITION
Definition for real time filter:
Key Default Value Description command
COMMAND NAME critical
CRITICAL FILTER debug
0 DEBUG destination
DESTINATION detail syntax
SYNTAX empty message
eventlog found no records EMPTY MESSAGE escape html
0 ESCAPE HTML filter
FILTER log
FILE logs
FILES maximum age
5m MAGIMUM AGE ok
OK FILTER ok syntax
SYNTAX perf config
PERF CONFIG severity
SEVERITY source id
SOURCE ID target
DESTINATION target id
TARGET ID top syntax
SYNTAX warning
WARNING FILTER Sample:
# REAL TIME FILTER DEFENITION # Definition for real time filter: [/settings/eventlog/real-time/filters/sample] command= critical= debug=0 destination= detail syntax= empty message=eventlog found no records escape html=0 filter= log= logs= maximum age=5m ok= ok syntax= perf config= severity= source id= target= target id= top syntax= warning=
command
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶COMMAND NAME
The name of the command (think nagios service name) to report up stream (defaults to alias if not set)Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: command
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # COMMAND NAME command=
critical
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶CRITICAL FILTER
If any rows match this filter severity will escalated to CRITICALPath: /settings/eventlog/real-time/filters/sample
Key: critical
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # CRITICAL FILTER critical=
debug
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶DEBUG
Enable this to display debug information for this match filterAdvanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: debug
Default value: 0
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # DEBUG debug=0
destination
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶DESTINATION
The destination for intercepted messagesAdvanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: destination
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # DESTINATION destination=
detail syntax
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶SYNTAX
Format string for datesAdvanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: detail syntax
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # SYNTAX detail syntax=
empty message
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶EMPTY MESSAGE
The message to display if nothing matches the filter (generally considered the ok state).Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: empty message
Default value: eventlog found no records
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # EMPTY MESSAGE empty message=eventlog found no records
escape html
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶ESCAPE HTML
Escape HTML characters (< and >).Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: escape html
Default value: 0
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # ESCAPE HTML escape html=0
filter
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶FILTER
Scan files for matching rows for each matching rows an OK message will be submittedPath: /settings/eventlog/real-time/filters/sample
Key: filter
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # FILTER filter=
log
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶FILE
The eventlog record to filter on (if set to ‘all’ means all enabled logs)Path: /settings/eventlog/real-time/filters/sample
Key: log
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # FILE log=
logs
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶FILES
The eventlog record to filter on (if set to ‘all’ means all enabled logs)Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: logs
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # FILES logs=
maximum age
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶MAGIMUM AGE
How long before reporting “ok”.If this is set to “false” no periodic ok messages will be reported only errors.Path: /settings/eventlog/real-time/filters/sample
Key: maximum age
Default value: 5m
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # MAGIMUM AGE maximum age=5m
ok
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶OK FILTER
If any rows match this filter severity will escalated down to OKPath: /settings/eventlog/real-time/filters/sample
Key: ok
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # OK FILTER ok=
ok syntax
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶SYNTAX
Format string for datesAdvanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: ok syntax
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # SYNTAX ok syntax=
perf config
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶PERF CONFIG
Performance data configurationAdvanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: perf config
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # PERF CONFIG perf config=
severity
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶SEVERITY
THe severity of this message (OK, WARNING, CRITICAL, UNKNOWN)Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: severity
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # SEVERITY severity=
source id
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶SOURCE ID
The name of the source system, will automatically use the remote system if a remote system is called. Almost most sending systems will replace this with current systems hostname if not present. So use this only if you need specific source systems for specific schedules and not calling remote systems.Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: source id
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # SOURCE ID source id=
target
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶DESTINATION
Same as destinationPath: /settings/eventlog/real-time/filters/sample
Key: target
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # DESTINATION target=
target id
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶TARGET ID
The target to send the message to (will be resolved by the consumer)Advanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: target id
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # TARGET ID target id=
top syntax
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶SYNTAX
Format string for datesAdvanced (means it is not commonly used)
Path: /settings/eventlog/real-time/filters/sample
Key: top syntax
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # SYNTAX top syntax=
warning
(CheckEventLog, /settings/eventlog/real-time/filters/sample)¶WARNING FILTER
If any rows match this filter severity will escalated to WARNINGPath: /settings/eventlog/real-time/filters/sample
Key: warning
Default value:
Sample key: This key is provided as a sample to show how to configure objects
Used by:
CheckEventLog
Sample:
[/settings/eventlog/real-time/filters/sample] # WARNING FILTER warning=