Hy,
I would like to use the warn option in check_eventlog to check if only 2 messages are found.
e.g.
/usr/lib/nagios/plugins/check_nrpe -H fs2.paulitsch.local -c Check_EventLog -a “file=Microsoft-Windows-Backup” file=Application “scan-range=-2d” “filter=id=4 ” “ok=id=4″ “warn=count<2″ “crit=count=0″
But this always outputs a warning state. It seems check_eventlog is checking the warn option for each message, and at the first message the Log Count is only 1.
Is there a way to tell it to only check the WARN option after going through all entries.
As the commandline above only checks for success messages it is not possible to detect a warning through the message itself.
Regards, RB.