[Nagiosplug-help] NC_Net - Event Log Checks Now Implemented

[Anthony Montibello]

Hi Everyone,

I see several of you have downloaded NC_Net (the drop in replacement
for ns_client),  I hope that it has been for the most part Trouble
free.

The new version is now available for downloading. v1.07 This version
includes the ability to Check Event Logs. However, to report the
results to nagios a new version of Check_nt needs to  have this option
added.  I started working on it, and I am planning on submitting my
code to the developers very soon.  But, it can still be tested using
the test console.

You can Download it from Either the official web site www.shatterit.com/NC_Net
or from http://www.nagiosexchange.org/

The syntax for what to check will be a comma separated string. 
check_nt -H XYZ -v EVENTLOG  -l "ARG1,ARG2,ARG3,ARGList4,ARGLIST5,ARGLIST6"
Base Arguments to start the List.
1) checks any single event log or all event logs. 
- it can check custom Event logs
- instead of typing the event log name type 'any' for all logs
2)Checks for a single event type or all event types
- it can check all types by entering 'any'
- it should be able to test custom event log types (if these can be created?)
3) time interval in min
- enter a 0 for check all events in Logs.
- default is 10 min.

Additional Filters.
- the additional filters take the form of a comma separated list
- the first element(required for each filter) is the number of strings
in the list
- 0 is to ignore the filter.
- positive number is to include only entries that match the filter
- negative number is to exclude all entries that match the filter
4) Source type
- list of Source types to use as a filter
5) Message filter
- this filter list accepts regular expressions 
-(NON STANDARD) DOT NET  Regular expressions options - ignore padded
whitespace and treat ^ and $ to function on lines (inside a string
variable via \n )instead of meaning beginning and end of the string
variable.
6) event ID
- list of Event ID to look for or exclude.

for example to check any log for Information type, within the past 45
min for anything that started or stopped you should be able to use the
command:
./check_nt -H XYZ  -v EVENTLOG -l "any,Information,45,0,1,(start|stop),0
The following should give the same result:
./check_nt -H XYZ  -v EVENTLOG -l "any,Information,45,0,2,start,stop,0
(better examples will be posted on web site after a new version of check_nt)
The result should be critical if an event occurred in the time
interval,  and a list of event ID with the with the message field of
the last event that was written to the event log.

NOTE: NC_Net is also in the process of being upgraded to do Passive
checks via NSCA.  Currently a C# class for the send_nsca client has
been completed and tested.