Hello
As suggested by @log1c opening new thread
I had been exploring the PowerShell Module Event Log Monitoring. I have defined an include EventID with a count threshold greater than 0.
template Service "XXX-tmplService-MS-PS_EventLog" {
import "XXX-tmplService-Default"
check_command = "Invoke-IcingaCheckEventlog"
check_interval = 3m
command_endpoint = host_name
vars.IcingaCheckEventlog_Int32_Verbosity = "3"
}
So as you see there is no Max Check Attempt defined in the template neither we have Retry Interval
The single Service looks like below
apply Service "XXX-P_MS_P_EvtLogID14265" {
import "XXX-tmplService-MS-PS_EventLog"
assign where "XXX-tmplHost-MS" in host.templates
vars.IcingaCheckEventlog_Array_IncludeEventId = [ "14265" ]
vars.IcingaCheckEventlog_Object_Warning = "~:0"
vars.IcingaCheckEventlog_String_LogName = "Application"
vars.IcingaCheckEventlog_Switchparameter_DisableTimeCache = false
import DirectorOverrideTemplate
}
what I observe is when there is a event generated with ID = 14265 I expect it to be directly going to hard state as there is no retry interval or max check attempt is defined. But it is going in soft state
Also observed that the retry interval becomes 60s and the next check is executed in next 60s even though i have not defined retry interval and sampling interval is 180s
Another Question:
.PARAMETER IncludeMessage
Used to specify an array of messages within the eventlog to be included.
-> Can it take a regex entry like ^.backup[ ]database.