CheckEventLog

`CheckEventLog` — CheckEventLog¶

Check for errors and warnings in the event log.

Queries (Overview):

A list of all available queries (check commands)

Command	Description
`check_eventlog`	Check for errors in the event log.
`checkeventlog`	Legacy version of check_eventlog

Commands (Overview):

TODO: Add a list of all external commands (this is not check commands)

Configuration (Overview):

Common Keys:

Path / Section	Key	Description
`/settings/eventlog`	`buffer size`	BUFFER_SIZE
`/settings/eventlog`	`debug`	DEBUG
`/settings/eventlog`	`lookup names`	LOOKUP NAMES
`/settings/eventlog`	`syntax`	SYNTAX
`/settings/eventlog/real-time`	`debug`	DEBUG
`/settings/eventlog/real-time`	`enabled`	REAL TIME CHECKING
`/settings/eventlog/real-time`	`log`	LOGS TO CHECK
`/settings/eventlog/real-time`	`startup age`	STARTUP AGE
`/settings/eventlog/real-time/filters`	`default`	default

Sample keys:

Path / Section	Key	Default Value
`/settings/eventlog/real-time/filters/sample`	`alias`	ALIAS
`/settings/eventlog/real-time/filters/sample`	`command`	COMMAND NAME
`/settings/eventlog/real-time/filters/sample`	`critical`	CRITICAL FILTER
`/settings/eventlog/real-time/filters/sample`	`debug`	DEBUG
`/settings/eventlog/real-time/filters/sample`	`destination`	DESTINATION
`/settings/eventlog/real-time/filters/sample`	`detail syntax`	SYNTAX
`/settings/eventlog/real-time/filters/sample`	`empty message`	EMPTY MESSAGE
`/settings/eventlog/real-time/filters/sample`	`filter`	FILTER
`/settings/eventlog/real-time/filters/sample`	`is template`	IS TEMPLATE
`/settings/eventlog/real-time/filters/sample`	`log`	FILE
`/settings/eventlog/real-time/filters/sample`	`logs`	FILES
`/settings/eventlog/real-time/filters/sample`	`maximum age`	MAGIMUM AGE
`/settings/eventlog/real-time/filters/sample`	`ok`	OK FILTER
`/settings/eventlog/real-time/filters/sample`	`ok syntax`	SYNTAX
`/settings/eventlog/real-time/filters/sample`	`parent`	PARENT
`/settings/eventlog/real-time/filters/sample`	`perf config`	PERF CONFIG
`/settings/eventlog/real-time/filters/sample`	`severity`	SEVERITY
`/settings/eventlog/real-time/filters/sample`	`target`	DESTINATION
`/settings/eventlog/real-time/filters/sample`	`top syntax`	SYNTAX
`/settings/eventlog/real-time/filters/sample`	`warning`	WARNING FILTER

Queries¶

A quick reference for all available queries (check commands) in the CheckEventLog module.

`check_eventlog`¶

CheckEventLogcheck_eventlog

Usage:

Option	Default Value	Description
`help`	N/A	Show help screen (this screen)
`help-pb`	N/A	Show help screen as a protocol buffer payload
`show-default`	N/A	Show default values for a given command
`help-short`	N/A	Show help screen (short format).
`debug`	N/A	Show debugging information in the log
`show-all`	N/A	Show debugging information in the log
`filter`	level in (‘error’, ‘warning’)	Filter which marks interesting items.
`warning`	count > 0	Filter which marks items which generates a warning state.
`warn`		Short alias for warning
`critical`	count > 5	Filter which marks items which generates a critical state.
`crit`		Short alias for critical.
`ok`		Filter which marks items which generates an ok state.
`empty-state`	ok	Return status to use when nothing matched filter.
`perf-config`		Performance data generation configuration
`unique-index`		Unique syntax.
`top-syntax`	${status}: ${problem_count}/${count} ${problem_list}	Top level syntax.
`ok-syntax`	%(status): Event log seems fine	ok syntax.
`empty-syntax`	%(status): No entries found	Empty syntax.
`detail-syntax`	${file} ${source} (${message})	Detail level syntax.
`perf-syntax`	${file}_${source}	Performance alias syntax.
`file`		File to read (can be specified multiple times to check multiple files.
`scan-range`		Date range to scan.
`truncate-message`		Maximum length of message for each event log message text.
`unique`	1	Shorthand for setting default unique index: ${log}-${source}-${id}.

Arguments¶

help (CheckEventLog, check_eventlog)¶: Show help screen (this screen)

help-pb (CheckEventLog, check_eventlog)¶: Show help screen as a protocol buffer payload

show-default (CheckEventLog, check_eventlog)¶: Show default values for a given command

help-short (CheckEventLog, check_eventlog)¶: Show help screen (short format).

debug (CheckEventLog, check_eventlog)¶: Show debugging information in the log

show-all (CheckEventLog, check_eventlog)¶: Show debugging information in the log

filter (CheckEventLog, check_eventlog)¶

Filter which marks interesting items.
Interesting items are items which will be included in the check.
They do not denote warning or critical state but they are checked use this to filter out unwanted items.
Available options:

Key	Value
category	TODO
computer	Which computer generated the message
customer	TODO
file	The logfile name
id	Eventlog id
level	Severity level (error, warning, info, success, auditSucess, auditFailure)
log	alias for file
message	The message rendered as a string.
rawid	Raw message id (contains many other fields all baked into a single number)
source	Source system.
type	alias for level (old, deprecated)
written	When the message was written to file
count	Number of items matching the filter
total	Total number of items
ok_count	Number of items matched the ok criteria
warn_count	Number of items matched the warning criteria
crit_count	Number of items matched the critical criteria
problem_count	Number of items matched either warning or critical criteria
list	A list of all items which matched the filter
ok_list	A list of all items which matched the ok criteria
warn_list	A list of all items which matched the warning criteria
crit_list	A list of all items which matched the critical criteria
problem_list	A list of all items which matched either the critical or the warning criteria
detail_list	A special list with critical, then warning and fainally ok
status	The returned status (OK/WARN/CRIT/UNKNOWN)

warning (CheckEventLog, check_eventlog)¶

Filter which marks items which generates a warning state.
If anything matches this filter the return status will be escalated to warning.
Available options:

Key	Value
category	TODO
computer	Which computer generated the message
customer	TODO
file	The logfile name
id	Eventlog id
level	Severity level (error, warning, info, success, auditSucess, auditFailure)
log	alias for file
message	The message rendered as a string.
rawid	Raw message id (contains many other fields all baked into a single number)
source	Source system.
type	alias for level (old, deprecated)
written	When the message was written to file
count	Number of items matching the filter
total	Total number of items
ok_count	Number of items matched the ok criteria
warn_count	Number of items matched the warning criteria
crit_count	Number of items matched the critical criteria
problem_count	Number of items matched either warning or critical criteria
list	A list of all items which matched the filter
ok_list	A list of all items which matched the ok criteria
warn_list	A list of all items which matched the warning criteria
crit_list	A list of all items which matched the critical criteria
problem_list	A list of all items which matched either the critical or the warning criteria
detail_list	A special list with critical, then warning and fainally ok
status	The returned status (OK/WARN/CRIT/UNKNOWN)

warn (CheckEventLog, check_eventlog)¶: Short alias for warning

critical (CheckEventLog, check_eventlog)¶

Filter which marks items which generates a critical state.
If anything matches this filter the return status will be escalated to critical.
Available options:

Key	Value
category	TODO
computer	Which computer generated the message
customer	TODO
file	The logfile name
id	Eventlog id
level	Severity level (error, warning, info, success, auditSucess, auditFailure)
log	alias for file
message	The message rendered as a string.
rawid	Raw message id (contains many other fields all baked into a single number)
source	Source system.
type	alias for level (old, deprecated)
written	When the message was written to file
count	Number of items matching the filter
total	Total number of items
ok_count	Number of items matched the ok criteria
warn_count	Number of items matched the warning criteria
crit_count	Number of items matched the critical criteria
problem_count	Number of items matched either warning or critical criteria
list	A list of all items which matched the filter
ok_list	A list of all items which matched the ok criteria
warn_list	A list of all items which matched the warning criteria
crit_list	A list of all items which matched the critical criteria
problem_list	A list of all items which matched either the critical or the warning criteria
detail_list	A special list with critical, then warning and fainally ok
status	The returned status (OK/WARN/CRIT/UNKNOWN)

crit (CheckEventLog, check_eventlog)¶: Short alias for critical.

ok (CheckEventLog, check_eventlog)¶

Filter which marks items which generates an ok state.
If anything matches this any previous state for this item will be reset to ok.
Available options:

Key	Value
category	TODO
computer	Which computer generated the message
customer	TODO
file	The logfile name
id	Eventlog id
level	Severity level (error, warning, info, success, auditSucess, auditFailure)
log	alias for file
message	The message rendered as a string.
rawid	Raw message id (contains many other fields all baked into a single number)
source	Source system.
type	alias for level (old, deprecated)
written	When the message was written to file
count	Number of items matching the filter
total	Total number of items
ok_count	Number of items matched the ok criteria
warn_count	Number of items matched the warning criteria
crit_count	Number of items matched the critical criteria
problem_count	Number of items matched either warning or critical criteria
list	A list of all items which matched the filter
ok_list	A list of all items which matched the ok criteria
warn_list	A list of all items which matched the warning criteria
crit_list	A list of all items which matched the critical criteria
problem_list	A list of all items which matched either the critical or the warning criteria
detail_list	A special list with critical, then warning and fainally ok
status	The returned status (OK/WARN/CRIT/UNKNOWN)

empty-state (CheckEventLog, check_eventlog)¶: Return status to use when nothing matched filter.

If no filter is specified this will never happen unless the file is empty.

perf-config (CheckEventLog, check_eventlog)¶: Performance data generation configuration

TODO: obj ( key: value; key: value) obj (key:valuer;key:value)

unique-index (CheckEventLog, check_eventlog)¶

Unique syntax.

Used to filter unique items (counted will still increase but messages will not repeaters:

Key	Value
%(category)	TODO
%(computer)	Which computer generated the message
%(customer)	TODO
%(file)	The logfile name
%(id)	Eventlog id
%(level)	Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log)	alias for file
%(message)	The message rendered as a string.
%(rawid)	Raw message id (contains many other fields all baked into a single number)
%(source)	Source system.
%(type)	alias for level (old, deprecated)
%(written)	When the message was written to file
${count}	Number of items matching the filter
${total}	Total number of items
${ok_count}	Number of items matched the ok criteria
${warn_count}	Number of items matched the warning criteria
${crit_count}	Number of items matched the critical criteria
${problem_count}	Number of items matched either warning or critical criteria
${list}	A list of all items which matched the filter
${ok_list}	A list of all items which matched the ok criteria
${warn_list}	A list of all items which matched the warning criteria
${crit_list}	A list of all items which matched the critical criteria
${problem_list}	A list of all items which matched either the critical or the warning criteria
${detail_list}	A special list with critical, then warning and fainally ok
${status}	The returned status (OK/WARN/CRIT/UNKNOWN)

top-syntax (CheckEventLog, check_eventlog)¶

Top level syntax.

Used to format the message to return can include strings as well as special keywords such as:

Key	Value
%(category)	TODO
%(computer)	Which computer generated the message
%(customer)	TODO
%(file)	The logfile name
%(id)	Eventlog id
%(level)	Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log)	alias for file
%(message)	The message rendered as a string.
%(rawid)	Raw message id (contains many other fields all baked into a single number)
%(source)	Source system.
%(type)	alias for level (old, deprecated)
%(written)	When the message was written to file
${count}	Number of items matching the filter
${total}	Total number of items
${ok_count}	Number of items matched the ok criteria
${warn_count}	Number of items matched the warning criteria
${crit_count}	Number of items matched the critical criteria
${problem_count}	Number of items matched either warning or critical criteria
${list}	A list of all items which matched the filter
${ok_list}	A list of all items which matched the ok criteria
${warn_list}	A list of all items which matched the warning criteria
${crit_list}	A list of all items which matched the critical criteria
${problem_list}	A list of all items which matched either the critical or the warning criteria
${detail_list}	A special list with critical, then warning and fainally ok
${status}	The returned status (OK/WARN/CRIT/UNKNOWN)

ok-syntax (CheckEventLog, check_eventlog)¶: ok syntax.

DEPRECATED! This is the syntax for when an ok result is returned.

This value will not be used if your syntax contains %(list) or %(count).

empty-syntax (CheckEventLog, check_eventlog)¶

Empty syntax.
DEPRECATED! This is the syntax for when nothing matches the filter.
Possible values are:

Key	Value
%(category)	TODO
%(computer)	Which computer generated the message
%(customer)	TODO
%(file)	The logfile name
%(id)	Eventlog id
%(level)	Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log)	alias for file
%(message)	The message rendered as a string.
%(rawid)	Raw message id (contains many other fields all baked into a single number)
%(source)	Source system.
%(type)	alias for level (old, deprecated)
%(written)	When the message was written to file
${count}	Number of items matching the filter
${total}	Total number of items
${ok_count}	Number of items matched the ok criteria
${warn_count}	Number of items matched the warning criteria
${crit_count}	Number of items matched the critical criteria
${problem_count}	Number of items matched either warning or critical criteria
${list}	A list of all items which matched the filter
${ok_list}	A list of all items which matched the ok criteria
${warn_list}	A list of all items which matched the warning criteria
${crit_list}	A list of all items which matched the critical criteria
${problem_list}	A list of all items which matched either the critical or the warning criteria
${detail_list}	A special list with critical, then warning and fainally ok
${status}	The returned status (OK/WARN/CRIT/UNKNOWN)

detail-syntax (CheckEventLog, check_eventlog)¶

Detail level syntax.
This is the syntax of each item in the list of top-syntax (see above).
Possible values are:

Key	Value
%(category)	TODO
%(computer)	Which computer generated the message
%(customer)	TODO
%(file)	The logfile name
%(id)	Eventlog id
%(level)	Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log)	alias for file
%(message)	The message rendered as a string.
%(rawid)	Raw message id (contains many other fields all baked into a single number)
%(source)	Source system.
%(type)	alias for level (old, deprecated)
%(written)	When the message was written to file
${count}	Number of items matching the filter
${total}	Total number of items
${ok_count}	Number of items matched the ok criteria
${warn_count}	Number of items matched the warning criteria
${crit_count}	Number of items matched the critical criteria
${problem_count}	Number of items matched either warning or critical criteria
${list}	A list of all items which matched the filter
${ok_list}	A list of all items which matched the ok criteria
${warn_list}	A list of all items which matched the warning criteria
${crit_list}	A list of all items which matched the critical criteria
${problem_list}	A list of all items which matched either the critical or the warning criteria
${detail_list}	A special list with critical, then warning and fainally ok
${status}	The returned status (OK/WARN/CRIT/UNKNOWN)

perf-syntax (CheckEventLog, check_eventlog)¶

Performance alias syntax.
This is the syntax for the base names of the performance data.
Possible values are:

Key	Value
%(category)	TODO
%(computer)	Which computer generated the message
%(customer)	TODO
%(file)	The logfile name
%(id)	Eventlog id
%(level)	Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log)	alias for file
%(message)	The message rendered as a string.
%(rawid)	Raw message id (contains many other fields all baked into a single number)
%(source)	Source system.
%(type)	alias for level (old, deprecated)
%(written)	When the message was written to file
${count}	Number of items matching the filter
${total}	Total number of items
${ok_count}	Number of items matched the ok criteria
${warn_count}	Number of items matched the warning criteria
${crit_count}	Number of items matched the critical criteria
${problem_count}	Number of items matched either warning or critical criteria
${list}	A list of all items which matched the filter
${ok_list}	A list of all items which matched the ok criteria
${warn_list}	A list of all items which matched the warning criteria
${crit_list}	A list of all items which matched the critical criteria
${problem_list}	A list of all items which matched either the critical or the warning criteria
${detail_list}	A special list with critical, then warning and fainally ok
${status}	The returned status (OK/WARN/CRIT/UNKNOWN)

file (CheckEventLog, check_eventlog)¶: File to read (can be specified multiple times to check multiple files.

Notice that specifying multiple files will create an aggregate set you will not check each file individually.In other words if one file contains an error the entire check will result in error.

scan-range (CheckEventLog, check_eventlog)¶: Date range to scan.

This is the approximate dates to search through this speeds up searching a lot but there is no guarantee messages are ordered.

truncate-message (CheckEventLog, check_eventlog)¶: Maximum length of message for each event log message text.

unique (CheckEventLog, check_eventlog)¶: Shorthand for setting default unique index: ${log}-${source}-${id}.

`checkeventlog`¶

CheckEventLogcheckeventlog

Usage:

Option	Default Value	Description
`help`	N/A	Show help screen (this screen)
`help-pb`	N/A	Show help screen as a protocol buffer payload
`show-default`	N/A	Show default values for a given command
`help-short`	N/A	Show help screen (short format).
`MaxWarn`		Maximum value before a warning is returned.
`MaxCrit`		Maximum value before a critical is returned.
`MinWarn`		Minimum value before a warning is returned.
`MinCrit`		Minimum value before a critical is returned.
`warn`		Maximum value before a warning is returned.
`crit`		Maximum value before a critical is returned.
`filter`		The filter to use.
`file`		The file to check
`debug`	1	The file to check
`truncate`		Deprecated and has no meaning
`descriptions`	1	Deprecated and has no meaning
`unique`	1
`syntax`	%source%, %strings%	The syntax string
`top-syntax`	${list}	The top level syntax string
`scan-range`		TODO

Arguments¶

help (CheckEventLog, checkeventlog)¶: Show help screen (this screen)

help-pb (CheckEventLog, checkeventlog)¶: Show help screen as a protocol buffer payload

show-default (CheckEventLog, checkeventlog)¶: Show default values for a given command

help-short (CheckEventLog, checkeventlog)¶: Show help screen (short format).

MaxWarn (CheckEventLog, checkeventlog)¶: Maximum value before a warning is returned.

MaxCrit (CheckEventLog, checkeventlog)¶: Maximum value before a critical is returned.

MinWarn (CheckEventLog, checkeventlog)¶: Minimum value before a warning is returned.

MinCrit (CheckEventLog, checkeventlog)¶: Minimum value before a critical is returned.

warn (CheckEventLog, checkeventlog)¶: Maximum value before a warning is returned.

crit (CheckEventLog, checkeventlog)¶: Maximum value before a critical is returned.

filter (CheckEventLog, checkeventlog)¶: The filter to use.

file (CheckEventLog, checkeventlog)¶: The file to check

debug (CheckEventLog, checkeventlog)¶: The file to check

truncate (CheckEventLog, checkeventlog)¶: Deprecated and has no meaning

descriptions (CheckEventLog, checkeventlog)¶: Deprecated and has no meaning

unique (CheckEventLog, checkeventlog)¶

syntax (CheckEventLog, checkeventlog)¶: The syntax string

top-syntax (CheckEventLog, checkeventlog)¶: The top level syntax string

scan-range (CheckEventLog, checkeventlog)¶: TODO

/ settings/ eventlog¶

/settings/eventlog (CheckEventLog)¶

EVENT LOG SECTION

Section for the EventLog Checker (CheckEventLog.dll).

Key Default Value Description

buffer size 131072 BUFFER_SIZE

debug 0 DEBUG

lookup names 1 LOOKUP NAMES

syntax SYNTAX

Sample:
# EVENT LOG SECTION
# Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]
buffer size=131072
debug=0
lookup names=1
syntax=
buffer size (CheckEventLog, /settings/eventlog)¶
BUFFER_SIZE

The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.

Path: /settings/eventlog

Key: buffer size

Default value: 131072

Used by: CheckEventLog

Sample:
[/settings/eventlog]
# BUFFER_SIZE
buffer size=131072
debug (CheckEventLog, /settings/eventlog)¶
DEBUG

Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.

Path: /settings/eventlog

Key: debug

Default value: 0

Used by: CheckEventLog

Sample:
[/settings/eventlog]
# DEBUG
debug=0
lookup names (CheckEventLog, /settings/eventlog)¶
LOOKUP NAMES

Lookup the names of eventlog files

Path: /settings/eventlog

Key: lookup names

Default value: 1

Used by: CheckEventLog

Sample:
[/settings/eventlog]
# LOOKUP NAMES
lookup names=1
syntax (CheckEventLog, /settings/eventlog)¶
SYNTAX

Set this to use a specific syntax string for all commands (that don’t specify one).

Path: /settings/eventlog

Key: syntax

Default value:

Used by: CheckEventLog

Sample:
[/settings/eventlog]
# SYNTAX
syntax=

… / real-time¶

/settings/eventlog/real-time (CheckEventLog)¶

CONFIGURE REALTIME CHECKING

A set of options to configure the real time checks

Key Default Value Description

debug 0 DEBUG

enabled 0 REAL TIME CHECKING

log application,system LOGS TO CHECK

startup age 30m STARTUP AGE

Sample:
# CONFIGURE REALTIME CHECKING
# A set of options to configure the real time checks
[/settings/eventlog/real-time]
debug=0
enabled=0
log=application,system
startup age=30m
debug (CheckEventLog, /settings/eventlog/real-time)¶
DEBUG

Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.

Path: /settings/eventlog/real-time

Key: debug

Default value: 0

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time]
# DEBUG
debug=0
enabled (CheckEventLog, /settings/eventlog/real-time)¶
REAL TIME CHECKING

Spawns a background thread which detects issues and reports them back instantly.

Path: /settings/eventlog/real-time

Key: enabled

Default value: 0

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time]
# REAL TIME CHECKING
enabled=0
log (CheckEventLog, /settings/eventlog/real-time)¶
LOGS TO CHECK

Comma separated list of logs to check

Path: /settings/eventlog/real-time

Key: log

Default value: application,system

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time]
# LOGS TO CHECK
log=application,system
startup age (CheckEventLog, /settings/eventlog/real-time)¶
STARTUP AGE

The initial age to scan when starting NSClient++

Path: /settings/eventlog/real-time

Key: startup age

Default value: 30m

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time]
# STARTUP AGE
startup age=30m

… / real-time / filters¶

/settings/eventlog/real-time/filters (CheckEventLog)¶

REALTIME FILTERS

A set of filters to use in real-time mode

Key Default Value Description

default default

Sample:
# REALTIME FILTERS
# A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]
default=
default (CheckEventLog, /settings/eventlog/real-time/filters)¶
default

Filter for default. To configure this item add a section called: /settings/eventlog/real-time/filters/default

Path: /settings/eventlog/real-time/filters

Key: default

Default value:

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters]
# default
default=

… / real-time / filters / sample¶

/settings/eventlog/real-time/filters/sample (CheckEventLog)¶

REAL TIME FILTER DEFENITION

Definition for real time filter: sample

Key Default Value Description

alias ALIAS

command COMMAND NAME

critical CRITICAL FILTER

debug 0 DEBUG

destination DESTINATION

detail syntax SYNTAX

empty message eventlog found no records EMPTY MESSAGE

filter FILTER

is template 0 IS TEMPLATE

log FILE

logs FILES

maximum age 5m MAGIMUM AGE

ok OK FILTER

ok syntax SYNTAX

parent default PARENT

perf config PERF CONFIG

severity SEVERITY

target DESTINATION

top syntax SYNTAX

warning WARNING FILTER

Sample:
# REAL TIME FILTER DEFENITION
# Definition for real time filter: sample
[/settings/eventlog/real-time/filters/sample]
alias=
command=
critical=
debug=0
destination=
detail syntax=
empty message=eventlog found no records
filter=
is template=0
log=
logs=
maximum age=5m
ok=
ok syntax=
parent=default
perf config=
severity=
target=
top syntax=
warning=
alias (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
ALIAS

The alias (service name) to report to server

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: alias

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# ALIAS
alias=
command (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
COMMAND NAME

The name of the command (think nagios service name) to report up stream (defaults to alias if not set)

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: command

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# COMMAND NAME
command=
critical (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
CRITICAL FILTER

If any rows match this filter severity will escalated to CRITICAL

Path: /settings/eventlog/real-time/filters/sample

Key: critical

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# CRITICAL FILTER
critical=
debug (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
DEBUG

Enable this to display debug information for this match filter

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: debug

Default value: 0

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# DEBUG
debug=0
destination (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
DESTINATION

The destination for intercepted messages

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: destination

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# DESTINATION
destination=
detail syntax (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
SYNTAX

Format string for dates

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: detail syntax

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# SYNTAX
detail syntax=
empty message (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
EMPTY MESSAGE

The message to display if nothing matches the filter (generally considered the ok state).

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: empty message

Default value: eventlog found no records

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# EMPTY MESSAGE
empty message=eventlog found no records
filter (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
FILTER

Scan files for matching rows for each matching rows an OK message will be submitted

Path: /settings/eventlog/real-time/filters/sample

Key: filter

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# FILTER
filter=
is template (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
IS TEMPLATE

Declare this object as a template (this means it will not be available as a separate object)

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: is template

Default value: 0

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# IS TEMPLATE
is template=0
log (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
FILE

The eventlog record to filter on (if set to ‘all’ means all enabled logs)

Path: /settings/eventlog/real-time/filters/sample

Key: log

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# FILE
log=
logs (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
FILES

The eventlog record to filter on (if set to ‘all’ means all enabled logs)

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: logs

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# FILES
logs=
maximum age (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
MAGIMUM AGE

How long before reporting “ok”.

If this is set to “false” no periodic ok messages will be reported only errors.

Path: /settings/eventlog/real-time/filters/sample

Key: maximum age

Default value: 5m

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# MAGIMUM AGE
maximum age=5m
ok (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
OK FILTER

If any rows match this filter severity will escalated down to OK

Path: /settings/eventlog/real-time/filters/sample

Key: ok

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# OK FILTER
ok=
ok syntax (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
SYNTAX

Format string for dates

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: ok syntax

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# SYNTAX
ok syntax=
parent (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
PARENT

The parent the target inherits from

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: parent

Default value: default

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# PARENT
parent=default
perf config (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
PERF CONFIG

Performance data configuration

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: perf config

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# PERF CONFIG
perf config=
severity (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
SEVERITY

THe severity of this message (OK, WARNING, CRITICAL, UNKNOWN)

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: severity

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# SEVERITY
severity=
target (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
DESTINATION

Same as destination

Path: /settings/eventlog/real-time/filters/sample

Key: target

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# DESTINATION
target=
top syntax (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
SYNTAX

Format string for dates

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: top syntax

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# SYNTAX
top syntax=
warning (CheckEventLog, /settings/eventlog/real-time/filters/sample)¶
WARNING FILTER

If any rows match this filter severity will escalated to WARNING

Path: /settings/eventlog/real-time/filters/sample

Key: warning

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:
[/settings/eventlog/real-time/filters/sample]
# WARNING FILTER
warning=

comments powered by Disqus

`CheckEventLog` — CheckEventLog¶

Queries¶

`check_eventlog`¶

Arguments¶

`checkeventlog`¶

Arguments¶

/ settings/ eventlog¶

… / real-time¶

… / real-time / filters¶

… / real-time / filters / sample¶

Table Of Contents

Previous topic

Next topic

This Page

Key	Default Value	Description
`buffer size`	131072	BUFFER_SIZE
`debug`	0	DEBUG
`lookup names`	1	LOOKUP NAMES
`syntax`		SYNTAX

CheckEventLog — CheckEventLog¶

Queries¶

check_eventlog¶

Arguments¶

checkeventlog¶

Arguments¶

/ settings/ eventlog¶

… / real-time¶

… / real-time / filters¶

… / real-time / filters / sample¶

`CheckEventLog` — CheckEventLog¶

`check_eventlog`¶

`checkeventlog`¶