CheckEventLog
Check for errors and warnings in the event log.

CheckEventLog — CheckEventLog

Check for errors and warnings in the event log.

Queries (Overview):

A list of all available queries (check commands)

Command Description
check_eventlog Check for errors in the event log.
checkeventlog Legacy version of check_eventlog

Commands (Overview):

TODO: Add a list of all external commands (this is not check commands)

Configuration (Overview):

Common Keys:

Path / Section Key Description
/settings/eventlog buffer size BUFFER_SIZE
/settings/eventlog debug DEBUG
/settings/eventlog lookup names LOOKUP NAMES
/settings/eventlog syntax SYNTAX
/settings/eventlog/real-time debug DEBUG
/settings/eventlog/real-time enabled REAL TIME CHECKING
/settings/eventlog/real-time log LOGS TO CHECK
/settings/eventlog/real-time startup age STARTUP AGE
/settings/eventlog/real-time/filters default default

Sample keys:

Path / Section Key Default Value Description
/settings/eventlog/real-time/filters/sample alias ALIAS  
/settings/eventlog/real-time/filters/sample command COMMAND NAME  
/settings/eventlog/real-time/filters/sample critical CRITICAL FILTER  
/settings/eventlog/real-time/filters/sample debug DEBUG  
/settings/eventlog/real-time/filters/sample destination DESTINATION  
/settings/eventlog/real-time/filters/sample detail syntax SYNTAX  
/settings/eventlog/real-time/filters/sample empty message EMPTY MESSAGE  
/settings/eventlog/real-time/filters/sample filter FILTER  
/settings/eventlog/real-time/filters/sample is template IS TEMPLATE  
/settings/eventlog/real-time/filters/sample log FILE  
/settings/eventlog/real-time/filters/sample logs FILES  
/settings/eventlog/real-time/filters/sample maximum age MAGIMUM AGE  
/settings/eventlog/real-time/filters/sample ok OK FILTER  
/settings/eventlog/real-time/filters/sample ok syntax SYNTAX  
/settings/eventlog/real-time/filters/sample parent PARENT  
/settings/eventlog/real-time/filters/sample perf config PERF CONFIG  
/settings/eventlog/real-time/filters/sample severity SEVERITY  
/settings/eventlog/real-time/filters/sample target DESTINATION  
/settings/eventlog/real-time/filters/sample top syntax SYNTAX  
/settings/eventlog/real-time/filters/sample warning WARNING FILTER  

Queries

A quick reference for all available queries (check commands) in the CheckEventLog module.

check_eventlog

CheckEventLogcheck_eventlog
Check for errors in the event log.

Usage:

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
debug N/A Show debugging information in the log
show-all N/A Show debugging information in the log
filter level in (‘error’, ‘warning’) Filter which marks interesting items.
warning count > 0 Filter which marks items which generates a warning state.
warn   Short alias for warning
critical count > 5 Filter which marks items which generates a critical state.
crit   Short alias for critical.
ok   Filter which marks items which generates an ok state.
empty-state ok Return status to use when nothing matched filter.
perf-config   Performance data generation configuration
unique-index   Unique syntax.
top-syntax ${status}: ${problem_count}/${count} ${problem_list} Top level syntax.
ok-syntax %(status): Event log seems fine ok syntax.
empty-syntax %(status): No entries found Empty syntax.
detail-syntax ${file} ${source} (${message}) Detail level syntax.
perf-syntax ${file}_${source} Performance alias syntax.
file   File to read (can be specified multiple times to check multiple files.
scan-range   Date range to scan.
truncate-message   Maximum length of message for each event log message text.
unique 1 Shorthand for setting default unique index: ${log}-${source}-${id}.

Arguments

help (CheckEventLog, check_eventlog)
Show help screen (this screen)
help-pb (CheckEventLog, check_eventlog)
Show help screen as a protocol buffer payload
show-default (CheckEventLog, check_eventlog)
Show default values for a given command
help-short (CheckEventLog, check_eventlog)
Show help screen (short format).
debug (CheckEventLog, check_eventlog)
Show debugging information in the log
show-all (CheckEventLog, check_eventlog)
Show debugging information in the log
filter (CheckEventLog, check_eventlog)
Filter which marks interesting items.
Interesting items are items which will be included in the check.
They do not denote warning or critical state but they are checked use this to filter out unwanted items.
Available options:
Key Value
category TODO
computer Which computer generated the message
customer TODO
file The logfile name
id Eventlog id
level Severity level (error, warning, info, success, auditSucess, auditFailure)
log alias for file
message The message rendered as a string.
rawid Raw message id (contains many other fields all baked into a single number)
source Source system.
type alias for level (old, deprecated)
written When the message was written to file
count Number of items matching the filter
total Total number of items
ok_count Number of items matched the ok criteria
warn_count Number of items matched the warning criteria
crit_count Number of items matched the critical criteria
problem_count Number of items matched either warning or critical criteria
list A list of all items which matched the filter
ok_list A list of all items which matched the ok criteria
warn_list A list of all items which matched the warning criteria
crit_list A list of all items which matched the critical criteria
problem_list A list of all items which matched either the critical or the warning criteria
detail_list A special list with critical, then warning and fainally ok
status The returned status (OK/WARN/CRIT/UNKNOWN)
warning (CheckEventLog, check_eventlog)
Filter which marks items which generates a warning state.
If anything matches this filter the return status will be escalated to warning.
Available options:
Key Value
category TODO
computer Which computer generated the message
customer TODO
file The logfile name
id Eventlog id
level Severity level (error, warning, info, success, auditSucess, auditFailure)
log alias for file
message The message rendered as a string.
rawid Raw message id (contains many other fields all baked into a single number)
source Source system.
type alias for level (old, deprecated)
written When the message was written to file
count Number of items matching the filter
total Total number of items
ok_count Number of items matched the ok criteria
warn_count Number of items matched the warning criteria
crit_count Number of items matched the critical criteria
problem_count Number of items matched either warning or critical criteria
list A list of all items which matched the filter
ok_list A list of all items which matched the ok criteria
warn_list A list of all items which matched the warning criteria
crit_list A list of all items which matched the critical criteria
problem_list A list of all items which matched either the critical or the warning criteria
detail_list A special list with critical, then warning and fainally ok
status The returned status (OK/WARN/CRIT/UNKNOWN)
warn (CheckEventLog, check_eventlog)
Short alias for warning
critical (CheckEventLog, check_eventlog)
Filter which marks items which generates a critical state.
If anything matches this filter the return status will be escalated to critical.
Available options:
Key Value
category TODO
computer Which computer generated the message
customer TODO
file The logfile name
id Eventlog id
level Severity level (error, warning, info, success, auditSucess, auditFailure)
log alias for file
message The message rendered as a string.
rawid Raw message id (contains many other fields all baked into a single number)
source Source system.
type alias for level (old, deprecated)
written When the message was written to file
count Number of items matching the filter
total Total number of items
ok_count Number of items matched the ok criteria
warn_count Number of items matched the warning criteria
crit_count Number of items matched the critical criteria
problem_count Number of items matched either warning or critical criteria
list A list of all items which matched the filter
ok_list A list of all items which matched the ok criteria
warn_list A list of all items which matched the warning criteria
crit_list A list of all items which matched the critical criteria
problem_list A list of all items which matched either the critical or the warning criteria
detail_list A special list with critical, then warning and fainally ok
status The returned status (OK/WARN/CRIT/UNKNOWN)
crit (CheckEventLog, check_eventlog)
Short alias for critical.
ok (CheckEventLog, check_eventlog)
Filter which marks items which generates an ok state.
If anything matches this any previous state for this item will be reset to ok.
Available options:
Key Value
category TODO
computer Which computer generated the message
customer TODO
file The logfile name
id Eventlog id
level Severity level (error, warning, info, success, auditSucess, auditFailure)
log alias for file
message The message rendered as a string.
rawid Raw message id (contains many other fields all baked into a single number)
source Source system.
type alias for level (old, deprecated)
written When the message was written to file
count Number of items matching the filter
total Total number of items
ok_count Number of items matched the ok criteria
warn_count Number of items matched the warning criteria
crit_count Number of items matched the critical criteria
problem_count Number of items matched either warning or critical criteria
list A list of all items which matched the filter
ok_list A list of all items which matched the ok criteria
warn_list A list of all items which matched the warning criteria
crit_list A list of all items which matched the critical criteria
problem_list A list of all items which matched either the critical or the warning criteria
detail_list A special list with critical, then warning and fainally ok
status The returned status (OK/WARN/CRIT/UNKNOWN)
empty-state (CheckEventLog, check_eventlog)
Return status to use when nothing matched filter.
If no filter is specified this will never happen unless the file is empty.
perf-config (CheckEventLog, check_eventlog)
Performance data generation configuration
TODO: obj ( key: value; key: value) obj (key:valuer;key:value)
unique-index (CheckEventLog, check_eventlog)
Unique syntax.
Used to filter unique items (counted will still increase but messages will not repeaters:
Key Value
%(category) TODO
%(computer) Which computer generated the message
%(customer) TODO
%(file) The logfile name
%(id) Eventlog id
%(level) Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log) alias for file
%(message) The message rendered as a string.
%(rawid) Raw message id (contains many other fields all baked into a single number)
%(source) Source system.
%(type) alias for level (old, deprecated)
%(written) When the message was written to file
${count} Number of items matching the filter
${total} Total number of items
${ok_count} Number of items matched the ok criteria
${warn_count} Number of items matched the warning criteria
${crit_count} Number of items matched the critical criteria
${problem_count} Number of items matched either warning or critical criteria
${list} A list of all items which matched the filter
${ok_list} A list of all items which matched the ok criteria
${warn_list} A list of all items which matched the warning criteria
${crit_list} A list of all items which matched the critical criteria
${problem_list} A list of all items which matched either the critical or the warning criteria
${detail_list} A special list with critical, then warning and fainally ok
${status} The returned status (OK/WARN/CRIT/UNKNOWN)
top-syntax (CheckEventLog, check_eventlog)
Top level syntax.
Used to format the message to return can include strings as well as special keywords such as:
Key Value
%(category) TODO
%(computer) Which computer generated the message
%(customer) TODO
%(file) The logfile name
%(id) Eventlog id
%(level) Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log) alias for file
%(message) The message rendered as a string.
%(rawid) Raw message id (contains many other fields all baked into a single number)
%(source) Source system.
%(type) alias for level (old, deprecated)
%(written) When the message was written to file
${count} Number of items matching the filter
${total} Total number of items
${ok_count} Number of items matched the ok criteria
${warn_count} Number of items matched the warning criteria
${crit_count} Number of items matched the critical criteria
${problem_count} Number of items matched either warning or critical criteria
${list} A list of all items which matched the filter
${ok_list} A list of all items which matched the ok criteria
${warn_list} A list of all items which matched the warning criteria
${crit_list} A list of all items which matched the critical criteria
${problem_list} A list of all items which matched either the critical or the warning criteria
${detail_list} A special list with critical, then warning and fainally ok
${status} The returned status (OK/WARN/CRIT/UNKNOWN)
ok-syntax (CheckEventLog, check_eventlog)
ok syntax.
DEPRECATED! This is the syntax for when an ok result is returned.
This value will not be used if your syntax contains %(list) or %(count).
empty-syntax (CheckEventLog, check_eventlog)
Empty syntax.
DEPRECATED! This is the syntax for when nothing matches the filter.
Possible values are:
Key Value
%(category) TODO
%(computer) Which computer generated the message
%(customer) TODO
%(file) The logfile name
%(id) Eventlog id
%(level) Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log) alias for file
%(message) The message rendered as a string.
%(rawid) Raw message id (contains many other fields all baked into a single number)
%(source) Source system.
%(type) alias for level (old, deprecated)
%(written) When the message was written to file
${count} Number of items matching the filter
${total} Total number of items
${ok_count} Number of items matched the ok criteria
${warn_count} Number of items matched the warning criteria
${crit_count} Number of items matched the critical criteria
${problem_count} Number of items matched either warning or critical criteria
${list} A list of all items which matched the filter
${ok_list} A list of all items which matched the ok criteria
${warn_list} A list of all items which matched the warning criteria
${crit_list} A list of all items which matched the critical criteria
${problem_list} A list of all items which matched either the critical or the warning criteria
${detail_list} A special list with critical, then warning and fainally ok
${status} The returned status (OK/WARN/CRIT/UNKNOWN)
detail-syntax (CheckEventLog, check_eventlog)
Detail level syntax.
This is the syntax of each item in the list of top-syntax (see above).
Possible values are:
Key Value
%(category) TODO
%(computer) Which computer generated the message
%(customer) TODO
%(file) The logfile name
%(id) Eventlog id
%(level) Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log) alias for file
%(message) The message rendered as a string.
%(rawid) Raw message id (contains many other fields all baked into a single number)
%(source) Source system.
%(type) alias for level (old, deprecated)
%(written) When the message was written to file
${count} Number of items matching the filter
${total} Total number of items
${ok_count} Number of items matched the ok criteria
${warn_count} Number of items matched the warning criteria
${crit_count} Number of items matched the critical criteria
${problem_count} Number of items matched either warning or critical criteria
${list} A list of all items which matched the filter
${ok_list} A list of all items which matched the ok criteria
${warn_list} A list of all items which matched the warning criteria
${crit_list} A list of all items which matched the critical criteria
${problem_list} A list of all items which matched either the critical or the warning criteria
${detail_list} A special list with critical, then warning and fainally ok
${status} The returned status (OK/WARN/CRIT/UNKNOWN)
perf-syntax (CheckEventLog, check_eventlog)
Performance alias syntax.
This is the syntax for the base names of the performance data.
Possible values are:
Key Value
%(category) TODO
%(computer) Which computer generated the message
%(customer) TODO
%(file) The logfile name
%(id) Eventlog id
%(level) Severity level (error, warning, info, success, auditSucess, auditFailure)
%(log) alias for file
%(message) The message rendered as a string.
%(rawid) Raw message id (contains many other fields all baked into a single number)
%(source) Source system.
%(type) alias for level (old, deprecated)
%(written) When the message was written to file
${count} Number of items matching the filter
${total} Total number of items
${ok_count} Number of items matched the ok criteria
${warn_count} Number of items matched the warning criteria
${crit_count} Number of items matched the critical criteria
${problem_count} Number of items matched either warning or critical criteria
${list} A list of all items which matched the filter
${ok_list} A list of all items which matched the ok criteria
${warn_list} A list of all items which matched the warning criteria
${crit_list} A list of all items which matched the critical criteria
${problem_list} A list of all items which matched either the critical or the warning criteria
${detail_list} A special list with critical, then warning and fainally ok
${status} The returned status (OK/WARN/CRIT/UNKNOWN)
file (CheckEventLog, check_eventlog)
File to read (can be specified multiple times to check multiple files.
Notice that specifying multiple files will create an aggregate set you will not check each file individually.In other words if one file contains an error the entire check will result in error.
scan-range (CheckEventLog, check_eventlog)
Date range to scan.
This is the approximate dates to search through this speeds up searching a lot but there is no guarantee messages are ordered.
truncate-message (CheckEventLog, check_eventlog)
Maximum length of message for each event log message text.
unique (CheckEventLog, check_eventlog)
Shorthand for setting default unique index: ${log}-${source}-${id}.

checkeventlog

CheckEventLogcheckeventlog
Legacy version of check_eventlog

Usage:

Option Default Value Description
help N/A Show help screen (this screen)
help-pb N/A Show help screen as a protocol buffer payload
show-default N/A Show default values for a given command
help-short N/A Show help screen (short format).
MaxWarn   Maximum value before a warning is returned.
MaxCrit   Maximum value before a critical is returned.
MinWarn   Minimum value before a warning is returned.
MinCrit   Minimum value before a critical is returned.
warn   Maximum value before a warning is returned.
crit   Maximum value before a critical is returned.
filter   The filter to use.
file   The file to check
debug 1 The file to check
truncate   Deprecated and has no meaning
descriptions 1 Deprecated and has no meaning
unique 1  
syntax %source%, %strings% The syntax string
top-syntax ${list} The top level syntax string
scan-range   TODO

Arguments

help (CheckEventLog, checkeventlog)
Show help screen (this screen)
help-pb (CheckEventLog, checkeventlog)
Show help screen as a protocol buffer payload
show-default (CheckEventLog, checkeventlog)
Show default values for a given command
help-short (CheckEventLog, checkeventlog)
Show help screen (short format).
MaxWarn (CheckEventLog, checkeventlog)
Maximum value before a warning is returned.
MaxCrit (CheckEventLog, checkeventlog)
Maximum value before a critical is returned.
MinWarn (CheckEventLog, checkeventlog)
Minimum value before a warning is returned.
MinCrit (CheckEventLog, checkeventlog)
Minimum value before a critical is returned.
warn (CheckEventLog, checkeventlog)
Maximum value before a warning is returned.
crit (CheckEventLog, checkeventlog)
Maximum value before a critical is returned.
filter (CheckEventLog, checkeventlog)
The filter to use.
file (CheckEventLog, checkeventlog)
The file to check
debug (CheckEventLog, checkeventlog)
The file to check
truncate (CheckEventLog, checkeventlog)
Deprecated and has no meaning
descriptions (CheckEventLog, checkeventlog)
Deprecated and has no meaning
unique (CheckEventLog, checkeventlog)
syntax (CheckEventLog, checkeventlog)
The syntax string
top-syntax (CheckEventLog, checkeventlog)
The top level syntax string
scan-range (CheckEventLog, checkeventlog)
TODO

/ settings/ eventlog

/settings/eventlog (CheckEventLog)

EVENT LOG SECTION

Section for the EventLog Checker (CheckEventLog.dll).
Key Default Value Description
buffer size 131072 BUFFER_SIZE
debug 0 DEBUG
lookup names 1 LOOKUP NAMES
syntax   SYNTAX

Sample:

# EVENT LOG SECTION
# Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]
buffer size=131072
debug=0
lookup names=1
syntax=
buffer size (CheckEventLog, /settings/eventlog)

BUFFER_SIZE

The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.

Path: /settings/eventlog

Key: buffer size

Default value: 131072

Used by: CheckEventLog

Sample:

[/settings/eventlog]
# BUFFER_SIZE
buffer size=131072
debug (CheckEventLog, /settings/eventlog)

DEBUG

Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.

Path: /settings/eventlog

Key: debug

Default value: 0

Used by: CheckEventLog

Sample:

[/settings/eventlog]
# DEBUG
debug=0
lookup names (CheckEventLog, /settings/eventlog)

LOOKUP NAMES

Lookup the names of eventlog files

Path: /settings/eventlog

Key: lookup names

Default value: 1

Used by: CheckEventLog

Sample:

[/settings/eventlog]
# LOOKUP NAMES
lookup names=1
syntax (CheckEventLog, /settings/eventlog)

SYNTAX

Set this to use a specific syntax string for all commands (that don’t specify one).

Path: /settings/eventlog

Key: syntax

Default value:

Used by: CheckEventLog

Sample:

[/settings/eventlog]
# SYNTAX
syntax=

… / real-time

/settings/eventlog/real-time (CheckEventLog)

CONFIGURE REALTIME CHECKING

A set of options to configure the real time checks
Key Default Value Description
debug 0 DEBUG
enabled 0 REAL TIME CHECKING
log application,system LOGS TO CHECK
startup age 30m STARTUP AGE

Sample:

# CONFIGURE REALTIME CHECKING
# A set of options to configure the real time checks
[/settings/eventlog/real-time]
debug=0
enabled=0
log=application,system
startup age=30m
debug (CheckEventLog, /settings/eventlog/real-time)

DEBUG

Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.

Path: /settings/eventlog/real-time

Key: debug

Default value: 0

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time]
# DEBUG
debug=0
enabled (CheckEventLog, /settings/eventlog/real-time)

REAL TIME CHECKING

Spawns a background thread which detects issues and reports them back instantly.

Path: /settings/eventlog/real-time

Key: enabled

Default value: 0

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time]
# REAL TIME CHECKING
enabled=0
log (CheckEventLog, /settings/eventlog/real-time)

LOGS TO CHECK

Comma separated list of logs to check

Path: /settings/eventlog/real-time

Key: log

Default value: application,system

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time]
# LOGS TO CHECK
log=application,system
startup age (CheckEventLog, /settings/eventlog/real-time)

STARTUP AGE

The initial age to scan when starting NSClient++

Path: /settings/eventlog/real-time

Key: startup age

Default value: 30m

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time]
# STARTUP AGE
startup age=30m

… / real-time / filters

/settings/eventlog/real-time/filters (CheckEventLog)

REALTIME FILTERS

A set of filters to use in real-time mode
Key Default Value Description
default   default

Sample:

# REALTIME FILTERS
# A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]
default=
default (CheckEventLog, /settings/eventlog/real-time/filters)

default

Filter for default. To configure this item add a section called: /settings/eventlog/real-time/filters/default

Path: /settings/eventlog/real-time/filters

Key: default

Default value:

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters]
# default
default=

… / real-time / filters / sample

/settings/eventlog/real-time/filters/sample (CheckEventLog)

REAL TIME FILTER DEFENITION

Definition for real time filter: sample
Key Default Value Description
alias   ALIAS
command   COMMAND NAME
critical   CRITICAL FILTER
debug 0 DEBUG
destination   DESTINATION
detail syntax   SYNTAX
empty message eventlog found no records EMPTY MESSAGE
filter   FILTER
is template 0 IS TEMPLATE
log   FILE
logs   FILES
maximum age 5m MAGIMUM AGE
ok   OK FILTER
ok syntax   SYNTAX
parent default PARENT
perf config   PERF CONFIG
severity   SEVERITY
target   DESTINATION
top syntax   SYNTAX
warning   WARNING FILTER

Sample:

# REAL TIME FILTER DEFENITION
# Definition for real time filter: sample
[/settings/eventlog/real-time/filters/sample]
alias=
command=
critical=
debug=0
destination=
detail syntax=
empty message=eventlog found no records
filter=
is template=0
log=
logs=
maximum age=5m
ok=
ok syntax=
parent=default
perf config=
severity=
target=
top syntax=
warning=
alias (CheckEventLog, /settings/eventlog/real-time/filters/sample)

ALIAS

The alias (service name) to report to server

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: alias

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# ALIAS
alias=
command (CheckEventLog, /settings/eventlog/real-time/filters/sample)

COMMAND NAME

The name of the command (think nagios service name) to report up stream (defaults to alias if not set)

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: command

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# COMMAND NAME
command=
critical (CheckEventLog, /settings/eventlog/real-time/filters/sample)

CRITICAL FILTER

If any rows match this filter severity will escalated to CRITICAL

Path: /settings/eventlog/real-time/filters/sample

Key: critical

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# CRITICAL FILTER
critical=
debug (CheckEventLog, /settings/eventlog/real-time/filters/sample)

DEBUG

Enable this to display debug information for this match filter

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: debug

Default value: 0

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# DEBUG
debug=0
destination (CheckEventLog, /settings/eventlog/real-time/filters/sample)

DESTINATION

The destination for intercepted messages

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: destination

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# DESTINATION
destination=
detail syntax (CheckEventLog, /settings/eventlog/real-time/filters/sample)

SYNTAX

Format string for dates

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: detail syntax

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# SYNTAX
detail syntax=
empty message (CheckEventLog, /settings/eventlog/real-time/filters/sample)

EMPTY MESSAGE

The message to display if nothing matches the filter (generally considered the ok state).

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: empty message

Default value: eventlog found no records

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# EMPTY MESSAGE
empty message=eventlog found no records
filter (CheckEventLog, /settings/eventlog/real-time/filters/sample)

FILTER

Scan files for matching rows for each matching rows an OK message will be submitted

Path: /settings/eventlog/real-time/filters/sample

Key: filter

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# FILTER
filter=
is template (CheckEventLog, /settings/eventlog/real-time/filters/sample)

IS TEMPLATE

Declare this object as a template (this means it will not be available as a separate object)

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: is template

Default value: 0

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# IS TEMPLATE
is template=0
log (CheckEventLog, /settings/eventlog/real-time/filters/sample)

FILE

The eventlog record to filter on (if set to ‘all’ means all enabled logs)

Path: /settings/eventlog/real-time/filters/sample

Key: log

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# FILE
log=
logs (CheckEventLog, /settings/eventlog/real-time/filters/sample)

FILES

The eventlog record to filter on (if set to ‘all’ means all enabled logs)

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: logs

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# FILES
logs=
maximum age (CheckEventLog, /settings/eventlog/real-time/filters/sample)

MAGIMUM AGE

How long before reporting “ok”.
If this is set to “false” no periodic ok messages will be reported only errors.

Path: /settings/eventlog/real-time/filters/sample

Key: maximum age

Default value: 5m

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# MAGIMUM AGE
maximum age=5m
ok (CheckEventLog, /settings/eventlog/real-time/filters/sample)

OK FILTER

If any rows match this filter severity will escalated down to OK

Path: /settings/eventlog/real-time/filters/sample

Key: ok

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# OK FILTER
ok=
ok syntax (CheckEventLog, /settings/eventlog/real-time/filters/sample)

SYNTAX

Format string for dates

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: ok syntax

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# SYNTAX
ok syntax=
parent (CheckEventLog, /settings/eventlog/real-time/filters/sample)

PARENT

The parent the target inherits from

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: parent

Default value: default

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# PARENT
parent=default
perf config (CheckEventLog, /settings/eventlog/real-time/filters/sample)

PERF CONFIG

Performance data configuration

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: perf config

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# PERF CONFIG
perf config=
severity (CheckEventLog, /settings/eventlog/real-time/filters/sample)

SEVERITY

THe severity of this message (OK, WARNING, CRITICAL, UNKNOWN)

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: severity

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# SEVERITY
severity=
target (CheckEventLog, /settings/eventlog/real-time/filters/sample)

DESTINATION

Same as destination

Path: /settings/eventlog/real-time/filters/sample

Key: target

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# DESTINATION
target=
top syntax (CheckEventLog, /settings/eventlog/real-time/filters/sample)

SYNTAX

Format string for dates

Advanced (means it is not commonly used)

Path: /settings/eventlog/real-time/filters/sample

Key: top syntax

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# SYNTAX
top syntax=
warning (CheckEventLog, /settings/eventlog/real-time/filters/sample)

WARNING FILTER

If any rows match this filter severity will escalated to WARNING

Path: /settings/eventlog/real-time/filters/sample

Key: warning

Default value:

Sample key: This key is provided as a sample to show how to configure objects

Used by: CheckEventLog

Sample:

[/settings/eventlog/real-time/filters/sample]
# WARNING FILTER
warning=
comments powered by Disqus