Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Check eventlog/eventid by WMI
1.5
2018-10-24
- Nagios 3.x
GPL
90632
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
Simple example : check application log , for eventtype error(-t) and eventid 9003(-e) with in the last 60 mins(-m60),
set warning (-w) if greater than 1 ,and set error(-c) if greater than 3
check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60
example : same as above , but with arguments -O -W -C, these are custom plugin output for OK,Warning and Critical
Marco $MARCOLIST , can be used!!
check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60 -O "Every thing is OK"
-W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events"
Version 1.1
Added an ekstra argument - s, that gives you the option to match for a string in the given eventid
Version 1.2
Bug fix - when using -C custom critical text
Version 1.3
added to the -t, -e, -s, -S and -l argument , so that you can select multipel arguments.
Version 1.4
Bug fix .. error in script when -c or -w wasn't set
Version 1.5 by rojobull
Bug fix - getops line Was missing a colon after the S optin which would ignor the source name provided.
Bug fix - adjust WQL_Constructor function so that spaces are not used as a delimiter.
Bug fix - changed $USER variable to $UNAME. $USER is a system variable and will always be set.
Improvement. Changed the date option to convert time into UTC instead of specifying an offset
Added option to use a credentials file instead of passing
set warning (-w) if greater than 1 ,and set error(-c) if greater than 3
check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60
example : same as above , but with arguments -O -W -C, these are custom plugin output for OK,Warning and Critical
Marco $MARCOLIST , can be used!!
check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60 -O "Every thing is OK"
-W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events"
Version 1.1
Added an ekstra argument - s, that gives you the option to match for a string in the given eventid
Version 1.2
Bug fix - when using -C custom critical text
Version 1.3
added to the -t, -e, -s, -S and -l argument , so that you can select multipel arguments.
Version 1.4
Bug fix .. error in script when -c or -w wasn't set
Version 1.5 by rojobull
Bug fix - getops line Was missing a colon after the S optin which would ignor the source name provided.
Bug fix - adjust WQL_Constructor function so that spaces are not used as a delimiter.
Bug fix - changed $USER variable to $UNAME. $USER is a system variable and will always be set.
Improvement. Changed the date option to convert time into UTC instead of specifying an offset
Added option to use a credentials file instead of passing
Reviews (5)
byJVD, May 4, 2021
I was hapopy with this tool, but when i want to search through sub directory's in eventviewer i cannot find the eventviewer file.
For instance:
Microsoft-Windows-WFP%4Operational.evtx
delivers nothing. I ended up printing the tmp file before it is deleted and it is always empty.
It would be great if i also can view the following event viewer logs:
Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
For the eventlogs in the root this tool just works fine!
For instance:
Microsoft-Windows-WFP%4Operational.evtx
delivers nothing. I ended up printing the tmp file before it is deleted and it is always empty.
It would be great if i also can view the following event viewer logs:
Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
For the eventlogs in the root this tool just works fine!
Great plugin!
I use to discover 6008 errors on windows machine..the infamous Blue Screen
I use to discover 6008 errors on windows machine..the infamous Blue Screen
byjeffw888, March 16, 2016
Works well for the default event logs (Application,Security,System). Can't make it work with other logs - IE: Microsoft-Windows-FailoverClustering/Operational. Need this to check if a cluster resource went offline (1204) or online (1201)
Works great for its purpose.
I don't understand why the NOW-variable is declared with "000000+120" in the end. This caused the script always to pull 1 hour extra events. I changed this to "000000+60" and it works better for me.
I don't understand why the NOW-variable is declared with "000000+120" in the end. This caused the script always to pull 1 hour extra events. I changed this to "000000+60" and it works better for me.
Hi Team,
I have tested this plugin on my FAN server. It's working from command line perfect.
But while fetching the information in GUI of FAN server, It show no output from the plugin.
Thanks in Advance.
I have tested this plugin on my FAN server. It's working from command line perfect.
But while fetching the information in GUI of FAN server, It show no output from the plugin.
Thanks in Advance.