I have recently configured my systems to run the check_event_log command. Everything works great. My question is:
Is there a way to filter out unwanted eventID’s from the returned set? For example, If I return an error in the event log, but it is an eventID that shows up all of the time and isn’t really important, can I filter that out?
This command will return all events in the last 8 hours with an error status and matching event ID 12023. Is there a way to change this so that it is not equal to 12023? I can’t seem to change the last == to any kind of ‘not equal’ operator.
check_nrpe -H 172.26.1.122 -p 5666 -c CheckEventLog -a file=“Application” MaxWarn=1 MaxCrit=1 filter=new filter+generated=<8h filter+eventType==warning filter+eventID==12023
Any input is appreciated.