Hi,
I am looking to use check_winevent to detect certain event IDs in the AD logs, things that could indicate potential issues on a Windows 2008 AD DC.
However, it would appear that the command only "sees" the standard logs (Application, System and Security). Is there any way to make it look at other logs?
Thanks,
Otto
If you run check_winevent in verbose mode, it will list all available eventlogs on the system. Example on a Windows 2008 R2 system:
check_winevent --verbose
Event log(s): System, Key Management Service, Windows PowerShell, HardwareEvents, Internet Explorer, Directory Service, DFS Replication, Application, Active Directory Web Services, DNS Server
Event code(s): all
Event type(s): all
Event sources: all
Time window: 3600 seconds, timestamp: 20130213082425.000000+000
Eventlog System - 2 selected events
Eventlog Key Management Service - 0 selected events
Eventlog Windows PowerShell - 0 selected events
Eventlog HardwareEvents - 0 selected events
Eventlog Internet Explorer - 0 selected events
Eventlog Directory Service - 0 selected events
Eventlog DFS Replication - 0 selected events
Eventlog Application - 0 selected events
Eventlog Active Directory Web Services - 0 selected events
Eventlog DNS Server - 0 selected events
Total number of events selected: 2
EVENT OK - 2 events|events=2;;;
Event log name "Directory Service" can be used to filter out AD-related events:
check_winevent --verbose --log "Directory Service"
Event log(s): Directory Service
Event code(s): all
Event type(s): all
Event sources: all
Time window: 3600 seconds, timestamp: 20130213083000.000000+000
Eventlog Directory Service - 0 selected events
Total number of events selected: 0
Thanks!