check event log with check_wmi_plus

Badge +2

I want to check for specific IDs in a windows server event log and raise a critical alert when there is at least one line with that event.

I create this command 

$USER1$/ -H $HOSTADDRESS$ -A $WMIU$ -m checkeventlog -a Application -o 1 --inifile=/usr/lib/nagios/plugins/libexec/events.ini -4 $ARG1$  --warnings="*_Itemcount>0" --critical="*_Itemcount>=1"

I have created a service attached to the host that I have to test but I have an ok result while there are 12 events.
How to make the service critical when there is more than one event.


Thank for your help



Best answer by pnl 5 May 2023, 02:44

View original

2 replies

Badge +2


I found a solution, I modified the command :

$USER1$/ -H $HOSTADDRESS$ -A $WMIU$ -m checkeventlog -a Application -o 1 --inifile=/usr/lib/nagios/plugins/libexec/events.ini -3 1 -4 $ARG1$  -c 1

When there are one or more error events in the application log the service is critical.


Best regards

Userlevel 4
Badge +10

Thanks for sharing the solution, you're spreading good karma in the community. I'm sure someone out there will benefit from it : )