To NOT send a message for a particular filter, you need to create a higher-priority filter with an action of 'None'. This will take precedence, but do nothing, so a lower-priority filter can then be set up to send out messages. EG:
Filter 1: Test( messageID==1 ) Action( None )
Filter 2: Test( status==Error ) Action( Critical )
This will send a critical for all 'Error' messages, EXCEPT those with messageID 1.
With the false-matching issue on Win2k8 64bit, I have not been able to duplicate this as I do not have a 64bit development environment. I've not seen it in the 32bit environment, apart from in the past when new eventlogs were added, and the filters became associated with the wrong eventlog. From v1.9.x this should not be possible as the eventlog name/ID are checked on load. The only thing I can suggest is deleting and re-creating the filters, so that they can be certain to have the correct eventlog ID.
You might also be able to run with the 32bit agent but I think it is hard to make it work under 64bit windows.
There is also the ongoing problem with multi-byte characters in the eventlogs foiling any regexp matching and string manipulation in the code.
Statistics: Posted by stevesh — Thu Apr 04, 2013 3:25 pm
]]>
To start, I'm new with Nagios and I'm not a programmer, so I appologize up front for my basic questions
I'm Running Nagios Eventlog 1.9.2 (I downloaded nagevelog-setup-1.9.2.exe, but "About" sayed the version is 1.9.0.0). I'm running on Windows 2008 R2 and I did replaced the binaries with x64 beta versions (Beta version for 64bit windows 2008).
1st I have the exact same issue as the following post (the exact same event source and ids, as well) and wanted to see if there is a fix.
2nd - Do you have a document that shows filter examples? If I don't have a fix for above, I would like to create a filter that will match both the ("eventsource" AND "eventid") together to NOT send alert back to Nagios. I will need to setup at least two filters in the Application log for the two false alarms. In any case, I will need to add additional filter alerts that we know is save to ignore, as well.
Last - Is it possable to increase the message body size? Is there a reg setting or do I have to re-compile the source code? If I have to recompile, a push in the right direction on how-to will be greatly appreciated.
Thank you!
Don
Statistics: Posted by monshyn — Wed Mar 20, 2013 8:49 am
]]>