alias_event_log_test = CheckEventLog file="DNS 服务器" MaxWarn=1 MaxCrit=1 "filter=generated gt -1d AND severity NOT IN ('success', 'informational')" truncate=800 unique descriptions "syntax=%severity%: %source%: %id%: %message% (%count%)"
CheckEventLog is part of the wiki:CheckEventLog module. This page describes the new syntax, for the old
syntax refer to the old page: CheckEventLogOld The new syntax is a bit sketchy in the docs as of yet... I shall
try to fix some better examples.. but the best idea would be for someone that uses this to help me with that :)
Before you start using CheckEventLog use this command (it is long but a good place to start):
CheckEventLog file=application file=system filter=new filter=out
filter-generated=>2d filter-severity==success filter-severity==informational
truncate=1023 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
This check enumerates all event in the event log and filters out (or in) events and then the resulting list is used
to determine state.
Option Values Description
An event log file
security, system, etc.)
The name of an eventlog file the default ones are Application,
Security and System. If the specified eventlog was not found
due to some idiotic reason windows opens the "application" log
filter in, out, any, all Specify the way you want to filter things. (See section below)
filter new Has to be set to use this syntax
descriptions None Flag to specify if you want to include string representation of
the error messages.
truncate length of the returned
This will truncate the output after the specified length. As
NRPE can only handle 1024 chars you need to truncate the
MaxWarn number of records The maximum records to allow before reporting a warning
MaxCrit number of records The maximum records to allow before reporting a critical state.
A string to use to represent each matched eventlog entry the
following keywords will be replaced with corresponding
values: %source%, %generated%, %written%, %type%,
%severity%, %strings%, %id% and %message% (%message%
requires you to set the description flag.) %count% (requires the
unique flag) can be used to display a count of the records
filter<mode><type> <filter value> A number of strings to use for filtering the event log
unique Flag to indicate unique filtering is used.
The CheckEventLog uses filters to define the "interesting" records from the eventlog.
来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/30936525/viewspace-2097978/，如需转载，请注明出处，否则将追究法律责任。