You are here

Help creating Windows Event Log Monitor

1 post / 0 new
robp2175
robp2175's picture
Help creating Windows Event Log Monitor

I am trying to write a service check to monitor my Lync Servers event log for the follwing event and notify me if it occurs with the last hour, but I am completely lost. Could someone please help poiting me in the right direction. I have this over and over but I guess I am dense beause it is not sinking in

http://www.nsclient.org/nscp/wiki/CheckEventLog/check_eventlog/samples

Any assistance is greatly appreciated.

This is what I have tried, but it alwsy gives me the error "Unknown argument: Server ".  I assume of course this is due to the fact I am trying to look in the Lync Server log and it does not recognize it. However, Lync records everything in its own log called Lync Server

-H $HOSTADDRESS$ -c nsc_checkeventlog -a 'filter=new file="Lync Server" filter+generated=<1h filter-eventType==info  filter=in filter=all descriptions "syntax=%source% (ID:%id%), %message% ---END---" truncate=990 unique MaxWarn=1 MaxCrit=2'

 

Log Name:      Lync Server
Source:        LS User Services
Date:          3/17/2015 9:14:59 AM
Event ID:      32134
Task Category: (1006)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      emsrv-lync1.domain.com
Description:
Failed to connect to back-end database.  Lync Server will continuously attempt to reconnect to the back-end.  While this condition persists, incoming messages will receive error responses.

Back-end Database: rtcxds  Connection string of:
driver={SQL Server Native Client 11.0};Trusted_Connection=yes;AutoTranslate=no;server=emsrv-msdb1.domain.com;database=rtcxds;
Cause: Possible issues with back-end database.
Resolution:
Ensure the back-end is functioning correctly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="LS User Services" />
    <EventID Qualifiers="50158">32134</EventID>
    <Level>2</Level>
    <Task>1006</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-03-17T13:14:59.000000000Z" />
    <EventRecordID>255648</EventRecordID>
    <Channel>Lync Server</Channel>
    <Computer>emsrv-lync1.domain.comComputer>
    <Security />
  </System>
  <EventData>
    <Data>rtcxds</Data>
    <Data>driver={SQL Server Native Client 11.0};Trusted_Connection=yes;AutoTranslate=no;server=server.domain.edu;database=rtcxds;</Data>
  </EventData>
</Event>