2

I am using CheckEventLog of NSClient++0.4.1 to do a real-time monitoring.

And according to official documentation, there were warn and crit options.

warn

  Expression which raises a warning status.

  Syntax: warn=ARGUMENT

  Sample:

    check_eventlog ... warn=ARGUMENT ...

crit

  Expression which raises a critical status.

  Syntax: crit=ARGUMENT

  Sample:

    check_eventlog ... crit=ARGUMENT ...

But it didn't explain how to use the options.

What does ARGUMENT mean?

Can I use it like the filter option, for example: crit=type = warning AND source = 'System'?

Need some help, thanks.

txworking
  • 479
  • 2
  • 6
  • 15

1 Answers1

1

The documentation you refer (I am guessing http://docs.nsclient.org) to is for 0.4.2. ANd yes in 0.4.2 you can use them exactly like filter so you could do:

check_eventlog "warn=id=23 and source = 'foo'"

In 0.4.1 warn/crit only matches number of hits. 0.4.2 uses check_eventlog where as the old version has CheckEventLog. So whenever you use check_eventlog you can use the "new way" The following shows the difference.

# 0.3.9 and later (still valid in 0.4.2 but not the best way)
CheckEventLog warn=>5
# 0.4.2 and later
check_eventlog "warn=count>5"

If you ask me anything except crit=>0 does not really make sense in versions previous to 0.4.2 and instead you have to use multiple checks.

Michael Medin
  • 605
  • 3
  • 5