-
Help with module_max? No report when entered
I noticed someone had previously entered a request to be able to view the number of Errors in the Windows Event logs, when I started to code this I got 90% of the way there but I can’t make Pandora generate a alert.
Here is my code:
module_begin
module_name SystemErrorEvents
module_type generic_proc
module_exec logparser.exe -i:EVT -o:NAT “SELECT EventTypeName FROM System WHERE TimeWritten >= SUB( TO_LOCALTIME(SYSTEM_TIMESTAMP()), TIMESTAMP(‘0000-01-02’, ‘yyyy-MM-dd’) )” -rtp:-1 | grep “Error event” | wc -l | tr -d ” ”
#module_max 1
module_description Check for the number of Errors in the Event Log
module_endThis outputs the number 10, for a total of 10 errors in my event log.
If I uncomment the line module max = 1 then this module does not send any data to the server.As is, it shows up on my main page with a total a value of 10, but I need pandora to know that if the number >0 to generate an alert.
I have tried with and without the
part, the result is the same. Anyone have any ideas?
———-
For the ones who are interested, logparser.exe is a tool from microsoft to take event logs from Windows and manipulate them. The code that I have above will show the last days events with the tag “Error event”.
Slight modificiations to the above code would also alow you to track ‘warning’ events as well as enteries the ‘application’ log.
This works on ALL microsoft operating systems to my knowledge, I used it on Server 2003 (various editions) as well as my home PC Vista X64 Enterprise edition.
-
4 Replies
-
“It is the maximum valid value for the data generated in this module. If the module has not been defined in the web console, this value will be taken from this directive. This directive is not compulsory and is not supported by the Windows agent. This value does not override the value defined in the agent. If the module does not exist in the management console, it is created automatically when working on learning mode. ”
Raul
-
I forgot, to configure the alert: http://www.openideas.info/wiki/index.php?title=Pandora_1.3:Documentation_en:Advanced_Setup#Assigning_Alerts_to_modules
By the way, tr -d ” “ delete the space character, so it doesn’t do nothing in this case, because you obtain a number and then you try to delete the space 😀
As example:
In [code:1]LogParser -i:EVT -o:NAT “SELECT EventTypeName FROM System WHERE TimeWritten >=
SUB( TO_LOCALTIME(SYSTEM_TIMESTAMP()), TIMESTAMP(‘0000-01-02’, ‘yyyy-MM-dd’) )”
-rtp:-1 | grep “Information”I get:
Information event
Information event
Information event
Information event
Information event
Information event
Information eventadding | tr -d ” “
I get:
Informationevent
Informationevent
Informationevent
Informationevent
Informationevent
Informationevent
Informationevent -
Thansk for the configure alert link, I’ll read this tonight and give it a try.
Are there any books out there on Pandora?
As for the tr -d ” “, I know it deletes spaces but when I ran the command from the command line it put in two line spaces before the number and one after, I thought adding it would clear that up.
I’m anxious to see what else I can make this program do!
