Build precise queries to find exactly what you need
Press ESC to close
Join our next live webinar: “Advanced Nagios Monitoring Techniques” – Register Now
Your review has been submitted and is pending approval.
Check_wmi_eventid is a script to check windows event log , for a certian eventid..
Current Version
1.5
Last Release Date
2018-10-24
Owner
Kenneth Moller
Website
https://github.com/pulsejets/check_wmi_eventid
Download URL
License
GPL
Compatible With
Simple example : check application log , for eventtype error(-t) and eventid 9003(-e) with in the last 60 mins(-m60), set warning (-w) if greater than 1 ,and set error(-c) if greater than 3 check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60 example : same as above , but with arguments -O -W -C, these are custom plugin output for OK,Warning and Critical Marco $MARCOLIST , can be used!! check_wmi_eventid -H 172.10.10.10 -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60 -O "Every thing is OK" -W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events" Version 1.1 Added an ekstra argument - s, that gives you the option to match for a string in the given eventid Version 1.2 Bug fix - when using -C custom critical text Version 1.3 added to the -t, -e, -s, -S and -l argument , so that you can select multipel arguments. Version 1.4 Bug fix .. error in script when -c or -w wasn't set Version 1.5 by rojobull Bug fix - getops line Was missing a colon after the S optin which would ignor the source name provided. Bug fix - adjust WQL_Constructor function so that spaces are not used as a delimiter. Bug fix - changed $USER variable to $UNAME. $USER is a system variable and will always be set. Improvement. Changed the date option to convert time into UTC instead of specifying an offset Added option to use a credentials file instead of passing
I was hapopy with this tool, but when i want to search through sub directory's in eventviewer i cannot find the eventviewer file. For instance: Microsoft-Windows-WFP%4Operational.evtx delivers nothing. I ended up printing the tmp file before it is deleted and it is always empty. It would be great if i also can view the following event viewer logs: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall %SystemRoot%System32WinevtLogsMicrosoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx For the eventlogs in the root this tool just works fine!
Great plugin! I use to discover 6008 errors on windows machine..the infamous Blue Screen
Works well for the default event logs (Application,Security,System). Can't make it work with other logs - IE: Microsoft-Windows-FailoverClustering/Operational. Need this to check if a cluster resource went offline (1204) or online (1201)
Works great for its purpose. I don't understand why the NOW-variable is declared with "000000+120" in the end. This caused the script always to pull 1 hour extra events. I changed this to "000000+60" and it works better for me.
Hi Team, I have tested this plugin on my FAN server. It's working from command line perfect. But while fetching the information in GUI of FAN server, It show no output from the plugin. Thanks in Advance.
You must be logged in to submit a review.
To:
From: