Home Directory Plugins Operating Systems Windows WMI Check eventlog/eventid by WMI

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com


Remember Me

Check eventlog/eventid by WMI

Current Version
Last Release Date
Compatible With
  • Nagios 3.x
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
Check_wmi_eventid is a script to check windows event log , for a certian eventid..
Simple example : check application log , for eventtype error(-t) and eventid 9003(-e) with in the last 60 mins(-m60),
set warning (-w) if greater than 1 ,and set error(-c) if greater than 3

check_wmi_eventid -H -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60

example : same as above , but with arguments -O -W -C, these are custom plugin output for OK,Warning and Critical
Marco $MARCOLIST , can be used!!

check_wmi_eventid -H -u domain/user -p password -l application -e 9003 -w 1 -c 3 -t1 -m60 -O "Every thing is OK"
-W "Warning : something is not right" -C "It is totaly bad , found ITEMCOUNT events"

Version 1.1

Added an ekstra argument - s, that gives you the option to match for a string in the given eventid

Version 1.2

Bug fix - when using -C custom critical text

Version 1.3

added to the -t, -e, -s, -S and -l argument , so that you can select multipel arguments.

Version 1.4

Bug fix .. error in script when -c or -w wasn't set

Version 1.5 by rojobull

Bug fix - getops line Was missing a colon after the S optin which would ignor the source name provided.

Bug fix - adjust WQL_Constructor function so that spaces are not used as a delimiter.

Bug fix - changed $USER variable to $UNAME. $USER is a system variable and will always be set.

Improvement. Changed the date option to convert time into UTC instead of specifying an offset

Added option to use a credentials file instead of passing

Reviews (4)
bydamned, August 1, 2018
1 of 1 people found this review helpful
Great plugin!
I use to discover 6008 errors on windows machine..the infamous Blue Screen
Works well for the default event logs (Application,Security,System). Can't make it work with other logs - IE: Microsoft-Windows-FailoverClustering/Operational. Need this to check if a cluster resource went offline (1204) or online (1201)
bytompaah, February 14, 2016
1 of 1 people found this review helpful
Works great for its purpose.
I don't understand why the NOW-variable is declared with "000000+120" in the end. This caused the script always to pull 1 hour extra events. I changed this to "000000+60" and it works better for me.
bypjai, July 27, 2015
1 of 1 people found this review helpful
Hi Team,

I have tested this plugin on my FAN server. It's working from command line perfect.

But while fetching the information in GUI of FAN server, It show no output from the plugin.

Thanks in Advance.