ispmonsupporto
commented
3 weeks ago I also want to highlight that the official Icinga documentation (https://icinga.com/docs/icinga-for-windows/latest/plugins/doc/plugins/06-Invoke-IcingaCheckEventlog/) lacks specific examples to assist with understanding this scenario.
I am attempting to monitor Event IDs 11 and 15 in a single command using Invoke-IcingaCheckEventlog for the Application event log (-LogName Application) with the parameters -IncludeSource AdmPwd and -IncludeEntryType Information. However, despite trying multiple combinations with the -IncludeEventId parameter, the desired results are not achieved.
Details: I want to configure a single service template to capture only these two specific Event IDs (11 and 15). However, with the commands I’ve tried so far, I am experiencing inconsistent results:
Here are some of the commands tested and their outcomes:
Invoke-IcingaCheckEventlog -Warning 0 -Critical 0 -LogName Application -IncludeSource AdmPwd -IncludeEntryType Information -Verbosity 3 -DisableTimeCache -IncludeEventId '15' Result: Event 15 is successfully captured.
Invoke-IcingaCheckEventlog -Warning 0 -Critical 0 -LogName Application -IncludeSource AdmPwd -IncludeEntryType Information -Verbosity 3 -DisableTimeCache -IncludeEventId '11' Result: Event 11 is successfully captured.
Invoke-IcingaCheckEventlog -Warning 0 -Critical 0 -LogName Application -IncludeSource AdmPwd -IncludeEntryType Information -Verbosity 3 -DisableTimeCache -IncludeEventId '15','11' Result: No events are returned, even though log entries for IDs 11 and 15 are present.
I would appreciate support in configuring the command so that it only includes Event IDs 11 and 15, without capturing additional events like ID 14. Please see the attached images for reference.
other commands tested