You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to pull VEEAMs Backup entries in the EventLog via NSClient++ (5.2.035) to a LibreNMS server.
LibreNMS receives the output from the NSClient without a hitch. The way the check is implemented in LibreNMS is to basically run the check_nrpe script with various options etc.
My problem is that I am specifically filtering for warnings in the "Veeam Backup" log and/or for entries by the provider "Veeam Backup" and "Veeam MP". The names of the log and provider have been copied and checked for leading spaces etc. I also filter for entries written within in the polling intervall. What I am getting back is some .NET related entry written way outside the filtered timeframe. The script also doesn't seem to tell me where I have srewed up.
I have tried the following permutations to filter out what I want:
The Outpu I am getting is always:
.NET Runtime, Category: Veeam.GCP.PlatformService.WebApi.Framework.Common.Middleware.CUnhandledOperationsMiddleware Ev:00000002 RequestPath: /api/v1/proxies/configurationBackupProperties SpanId: |7ee851d5-4728d2d709c98da2. TraceId: 7ee8th: [/api/v1/proxies/configurationBackupProperties] |'problem_count'=1;0;0
Within the NS Client I have extended the INI file with the following:
After each change of the INI file the NSClient service has been restarted.
Since I am getting a somewhat valid response (i.e. the same output I get when I just run the check with the eventlog command) I think my filters are screwed up.
Where am I wrong?
Thanks in advance
Fabian
Details
NSClient++ version: 0.5.2.035
OS and Version: Windows Server 2019
Checking from: LibreNMS
Checking with: check_nrpe and "CheckEventLog" command
The text was updated successfully, but these errors were encountered:
Hi community,
I am trying to pull VEEAMs Backup entries in the EventLog via NSClient++ (5.2.035) to a LibreNMS server.
LibreNMS receives the output from the NSClient without a hitch. The way the check is implemented in LibreNMS is to basically run the check_nrpe script with various options etc.
My problem is that I am specifically filtering for warnings in the "Veeam Backup" log and/or for entries by the provider "Veeam Backup" and "Veeam MP". The names of the log and provider have been copied and checked for leading spaces etc. I also filter for entries written within in the polling intervall. What I am getting back is some .NET related entry written way outside the filtered timeframe. The script also doesn't seem to tell me where I have srewed up.
I have tried the following permutations to filter out what I want:
./check_nrpe -2 -H my-VEEAM-host -n -c checkeventlog file='Veeam Backup' "filter=severity = 'warning' AND generated > -5m"
./check_nrpe -2 -H my-VEEAM-host -n -c checkeventlog scan-range=-5m file='Veeam Backup' "filter=level in ('warning', 'error', 'critical')" "warning=level = 'warning', problem_count > 0" "critical=level in ('error', 'critical'), problem_count > 0" "empty-state=ok" "provider = 'Veeam Backup' OR provider = 'Veeam MP'"
The Outpu I am getting is always:
.NET Runtime, Category: Veeam.GCP.PlatformService.WebApi.Framework.Common.Middleware.CUnhandledOperationsMiddleware Ev:00000002 RequestPath: /api/v1/proxies/configurationBackupProperties SpanId: |7ee851d5-4728d2d709c98da2. TraceId: 7ee8th: [/api/v1/proxies/configurationBackupProperties] |'problem_count'=1;0;0
Within the NS Client I have extended the INI file with the following:
[/settings/eventlog/real-time]
enabled = true
...
[/settings/eventlog/real-time/filters/my_alert]
log='Veeam Backup'
destination=log
filter=level='none'
maximum age=300s
;debug=true
...
[/modules]
...
; Undocumented key
CheckEventLog = enabled
...
After each change of the INI file the NSClient service has been restarted.
Since I am getting a somewhat valid response (i.e. the same output I get when I just run the check with the eventlog command) I think my filters are screwed up.
Where am I wrong?
Thanks in advance
Fabian
Details
The text was updated successfully, but these errors were encountered: