CheckEventLog - Can't grab message as a filter


#1

Hi All,

Having a real headache trying to grab a message in an Event Log and given up looking up via Google as to finding the answer. Hopefully someone can be helpful in training my feeble mind…

Looking to grab the below…

Event code: 3001 Event message: The request has been aborted. Event time: 01/10/2018 09:16:34 Event time (UTC): 01/10/2018 08:16:34 Event ID: 29d68c3f71004387b5c2a76ba73dd465 Event sequence: 153932 Event occurrence: 1 Event detail code: 0

Application information: Application domain: /LM/W3SVC/1/ROOT/APPLE/ACEConfigManagerQueries-1-131827693642047458 Trust level: Full Application Virtual Path: /APPLE/ACEConfigManagerQueries Application Path: e:\Voice Applications\APPLE\ACEConfigManagerQueries_02_01\ Machine name:

Process information: Process ID: 4188 Process name: w3wp.exe Account name: IIS APPPOOL\ASP.NET v4.0

Exception information: Exception type: HttpException Exception message: Request timed out.

and tried the below. The first…which looks for the first line, doesn’t work, whereas the second, without the important message bit does work. Anyone got any ideas?

./check_nrpe -H -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=1 “filter=generated > -5h AND id=‘1309’ AND provider like ‘ASP.NET 4.0.30319.0’ AND message like ‘Event code: 3001’”

./check_nrpe -H -c CheckEventLog -a file=application MaxWarn=1 MaxCrit=1 “filter=generated > -5h AND id=‘1309’ AND provider like ‘ASP.NET 4.0.30319.0’”