Help check_eventlog exclude eventID


#1

Hi, I using script for check eventlog windows:

check_nrpe -n -t 120 -H x.x.x.x -c check_eventlog -a “scan-range=-1h” “file=application” “warn=count>50” “crit=count>75” “top-syntax=%(status): %(count) message(s)”

Its works fine, but I want exclude some eventID from final result, trying like:

check_nrpe -n -t 120 -H x.x.x.x -c check_eventlog -a “scan-range=-1h” “file=application” “warn=count>50” “crit=count>75” “top-syntax=%(status): %(count) message(s)” “filter!=id=1515”

But “!=” not work for " filter", does anyone know how to implement this?


#2

I think its the other way round, filter always has to be ‘=’, you do the logic after

i.e.

filter=id != 1515

or

filter=id not in (1515,1455,1930)