WMI

Check eventlog/eventid by WMI

Write a Review

Description:

Check_wmi_eventid is a script to check windows event log , for a certian eventid..

Current Version

1.5

Last Release Date

2018-10-24

Compatible With

  • Nagios 3.x

Owner

Kenneth Moller

Website

https://github.com/pulsejets/check_wmi_eventid

Download URL

https://github.com/pulsejets/check_wmi_eventid

License

GPL

Copy Page Link Recommend Contact Owner Login to Add to Favorites
Project Notes
Simple example : check application log , for eventtype error(-t) and eventid 9003(-e) with in the last 60 mins(-m60), set warning (-w) if greater than 1 ,and set error(-c) if greater than 3 check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60 example : same as above , but with arguments -O -W -C, these are custom plugin output for OK,Warning and Critical Marco $MARCOLIST , can be used!! check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60 -O "Every thing is OK" -W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events" Version 1.1 Added an ekstra argument - s, that gives you the option to match for a string in the given eventid Version 1.2 Bug fix - when using -C custom critical text Version 1.3 added to the -t, -e, -s, -S and -l argument , so that you can select multipel arguments. Version 1.4 Bug fix .. error in script when -c or -w wasn't set Version 1.5 by rojobull Bug fix - getops line Was missing a colon after the S optin which would ignor the source name provided. Bug fix - adjust WQL_Constructor function so that spaces are not used as a delimiter. Bug fix - changed $USER variable to $UNAME. $USER is a system variable and will always be set. Improvement. Changed the date option to convert time into UTC instead of specifying an offset Added option to use a credentials file instead of passing
Reviews (5) Add a Review
Need to view sub directorys of eventviewer
by JVD, May 31, 2021

I was hapopy with this tool, but when i want to search through sub directory's in eventviewer i cannot find the eventviewer file. For instance: Microsoft-Windows-WFP%4Operational.evtx delivers nothing. I ended up printing the tmp file before it is deleted and it is always empty. It would be great if i also can view the following event viewer logs: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall %SystemRoot%System32WinevtLogsMicrosoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx For the eventlogs in the root this tool just works fine!


Great
by damned, August 31, 2018

Great plugin! I use to discover 6008 errors on windows machine..the infamous Blue Screen


Works good for standard event logs
by jeffw888, March 31, 2016

Works well for the default event logs (Application,Security,System). Can't make it work with other logs - IE: Microsoft-Windows-FailoverClustering/Operational. Need this to check if a cluster resource went offline (1204) or online (1201)


Great little check
by tompaah, February 29, 2016

Works great for its purpose. I don't understand why the NOW-variable is declared with "000000+120" in the end. This caused the script always to pull 1 hour extra events. I changed this to "000000+60" and it works better for me.


no output in fan nagios
by pjai, July 31, 2015

Hi Team, I have tested this plugin on my FAN server. It's working from command line perfect. But while fetching the information in GUI of FAN server, It show no output from the plugin. Thanks in Advance.


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Notes Reviews
Project Stats
Rating
4 (6)
Favorites
1
Views
90,606