Unable to check error in Directory Service eventlog


#1

I am trying to use check_eventlog to check DS database corruption which occured few days ago. I assembled the command
[email protected] /usr/lib/nagios/plugins # ./check_nrpe -H -c check_eventlog -a ‘file=Directory Service’ “filter=written>-200h AND source=‘NTDS ISAM’ and level in (‘error’)” "critical=count>0"
I am unable to filter for error. If I replace word “error” for “warning”, everything works. I even tried to “invert” filter
level not in (‘information’ ‘warning’),
same result.Testing the same for System event log, it works. Using version NSCLIENT 0.4.15 64-bit on Windows 2008R2 server.


#2

Could you provide the XML event payload (can be seen in event viewer) for that event.