Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invoke-IcingaCheckEventlog Unable to Monitor Multiple Event IDs #423

Open
ispmonsupporto opened this issue Oct 29, 2024 · 2 comments
Open

Invoke-IcingaCheckEventlog Unable to Monitor Multiple Event IDs #423

ispmonsupporto opened this issue Oct 29, 2024 · 2 comments

Comments

@ispmonsupporto
Copy link

I am attempting to monitor Event IDs 11 and 15 in a single command using Invoke-IcingaCheckEventlog for the Application event log (-LogName Application) with the parameters -IncludeSource AdmPwd and -IncludeEntryType Information. However, despite trying multiple combinations with the -IncludeEventId parameter, the desired results are not achieved.

Details:
I want to configure a single service template to capture only these two specific Event IDs (11 and 15). However, with the commands I’ve tried so far, I am experiencing inconsistent results:

  1. Using -IncludeEventId '15','11' or @('15','11') does not return any events, even though log entries for IDs 11 and 15 are present.
  2. Running the command without -IncludeEventId captures additional, unwanted events like ID 14, which I do not need.

Here are some of the commands tested and their outcomes:

Invoke-IcingaCheckEventlog -Warning 0 -Critical 0 -LogName Application -IncludeSource AdmPwd -IncludeEntryType Information -Verbosity 3 -DisableTimeCache -IncludeEventId '15'
Result: Event 15 is successfully captured.

Invoke-IcingaCheckEventlog -Warning 0 -Critical 0 -LogName Application -IncludeSource AdmPwd -IncludeEntryType Information -Verbosity 3 -DisableTimeCache -IncludeEventId '11'
Result: Event 11 is successfully captured.

Invoke-IcingaCheckEventlog -Warning 0 -Critical 0 -LogName Application -IncludeSource AdmPwd -IncludeEntryType Information -Verbosity 3 -DisableTimeCache -IncludeEventId '15','11'
Result: No events are returned, even though log entries for IDs 11 and 15 are present.

I would appreciate support in configuring the command so that it only includes Event IDs 11 and 15, without capturing additional events like ID 14. Please see the attached images for reference.

image

other commands tested

image
@ispmonsupporto
Copy link
Author

I also want to highlight that the official Icinga documentation **_(https://icinga.com/docs/icinga-for-windows/latest/plugins/doc/plugins/06-Invoke-IcingaCheckEventlog_**/) lacks specific examples to assist with understanding this scenario.

@ispmonsupporto
Copy link
Author

additional informations:

** Icinga PowerShell Framework v1.12.3 **
Installed components on this system:

  • Component Version
  • cluster v.1.3.0
  • custom v.1.0.0
  • framework v.1.12.3
  • hyperv v.1.3.0
  • mssql v. 1.5.0
  • plugins v.1.12.0
  • remediations v. 1.0.0
  • service v. 1.2.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ispmonsupporto