I am trying to pull VEEAMs Backup entries in the EventLog via NSClient++ (5.2.035) to a LibreNMS server.
LibreNMS receives the output from the NSClient without a hitch. The way the check is implemented in LibreNMS is to basically run the check_nrpe script with various options etc.
My problem is that I am specifically filtering for warnings in the "Veeam Backup" log and/or for entries by the provider "Veeam Backup" and "Veeam MP". The names of the log and provider have been copied and checked for leading spaces etc. I also filter for entries written within in the polling intervall. What I am getting back is some .NET related entry written way outside the filtered timeframe. The script also doesn't seem to tell me where I have srewed up.
I have tried the following permutations to filter out what I want:
The Outpu I am getting is always:
.NET Runtime, Category: Veeam.GCP.PlatformService.WebApi.Framework.Common.Middleware.CUnhandledOperationsMiddleware Ev:00000002 RequestPath: /api/v1/proxies/configurationBackupProperties SpanId: |7ee851d5-4728d2d709c98da2. TraceId: 7ee8th: [/api/v1/proxies/configurationBackupProperties] |'problem_count'=1;0;0
Within the NS Client I have extended the INI file with the following:
After each change of the INI file the NSClient service has been restarted.
Since I am getting a somewhat valid response (i.e. the same output I get when I just run the check with the eventlog command) I think my filters are screwed up.
Where am I wrong?
Thanks in advance
Fabian
Details
NSClient++ version: 0.5.2.035
OS and Version: Windows Server 2019
Checking from: LibreNMS
Checking with: check_nrpe and "CheckEventLog" command
Hi community,
I am trying to pull VEEAMs Backup entries in the EventLog via NSClient++ (5.2.035) to a LibreNMS server.
LibreNMS receives the output from the NSClient without a hitch. The way the check is implemented in LibreNMS is to basically run the check_nrpe script with various options etc.
My problem is that I am specifically filtering for warnings in the "Veeam Backup" log and/or for entries by the provider "Veeam Backup" and "Veeam MP". The names of the log and provider have been copied and checked for leading spaces etc. I also filter for entries written within in the polling intervall. What I am getting back is some .NET related entry written way outside the filtered timeframe. The script also doesn't seem to tell me where I have srewed up.
I have tried the following permutations to filter out what I want:
./check_nrpe -2 -H my-VEEAM-host -n -c checkeventlog file='Veeam Backup' "filter=severity = 'warning' AND generated > -5m" ./check_nrpe -2 -H my-VEEAM-host -n -c checkeventlog scan-range=-5m file='Veeam Backup' "filter=level in ('warning', 'error', 'critical')" "warning=level = 'warning', problem_count > 0" "critical=level in ('error', 'critical'), problem_count > 0" "empty-state=ok" "provider = 'Veeam Backup' OR provider = 'Veeam MP'"
The Outpu I am getting is always: .NET Runtime, Category: Veeam.GCP.PlatformService.WebApi.Framework.Common.Middleware.CUnhandledOperationsMiddleware Ev:00000002 RequestPath: /api/v1/proxies/configurationBackupProperties SpanId: |7ee851d5-4728d2d709c98da2. TraceId: 7ee8th: [/api/v1/proxies/configurationBackupProperties] |'problem_count'=1;0;0
Within the NS Client I have extended the INI file with the following:
[/settings/eventlog/real-time] enabled = true ... [/settings/eventlog/real-time/filters/my_alert] log='Veeam Backup' destination=log filter=level='none' maximum age=300s ;debug=true ... [/modules] ... ; Undocumented key CheckEventLog = enabled ...
After each change of the INI file the NSClient service has been restarted.
Since I am getting a somewhat valid response (i.e. the same output I get when I just run the check with the eventlog command) I think my filters are screwed up.
Where am I wrong?
Thanks in advance
Fabian
Details