Ticket #346 (new defect)
0.3.7 CheckEventLog ntdll.dll crash
| Reported by: | jhmccoy_lbl | Owned by: | mickem |
|---|---|---|---|
| Priority: | 1 | Milestone: | |
| Component: | Core | Version: | 0.3.7 |
| Severity: | Bugs | Keywords: | CheckEventLog ntdll.dll |
| Cc: | jhmccoy@… |
Description (last modified by mickem) (diff)
still crashing in 0.3.7 on Win2K3R2_SP2
This was working fine until MS patch KB973917 reveled a dll mismatch with IIS6. WE followed the recommendation to re-install SP2 which fixed our IIS issue but broke CheckEventLog in NSClient 0.3.7 In truth I'm willing to bet this is just exposing a new dll mismatch but which I wish I knew how to tell.
This line fails:
check_eventlog = inject CheckEventLog file=application file=system filter=new filter=out MaxWarn=1 MaxCrit=4 filter-generated=>24h filter+severity==warning filter-severity==success filter-severity==informational filter-eventSource=substr:SCCGina filter-eventSource=substr:eRoom truncate=994 unique descriptions "syntax=%severity%: %source%: %message% (%count%)" ;
Removing file=system fixes it or removing description sort of works but causes some tests to fail removing both descriptions and syntax= also resolves the crash.
This works:
check_eventlog = inject CheckEventLog file=application file=system filter=new filter=out MaxWarn=1 MaxCrit=1 filter-generated=>24h filter+severity==warning filter-severity==success filter-severity==informational filter-eventSource=substr:SCCGina filter-eventSource=substr:eRoom truncate=994 unique
C:\Program Files\Nagios>".\nsclient++.exe" /test Launching test mode - client mode d NSClient++.cpp(1145) Enabling debug mode... d NSClient++.cpp(533) Attempting to start NSCLient++ - 0.3.7.493 2009-10-12 d NSClient++.cpp(936) Loading plugin: CheckDisk... d NSClient++.cpp(936) Loading plugin: Event log Checker.... d NSClient++.cpp(936) Loading plugin: Helper function... d NSClient++.cpp(936) Loading plugin: CheckSystem... d NSClient++.cpp(936) Loading plugin: File logger... d \PDHCollector.cpp(66) Autodetected w2k or later, using w2k PDH counters. d \PDHCollector.cpp(103) Using index to retrive counternames l \FileLogger.cpp(93) Log path is: C:\Program Files\Nagios\\nsclient.log d NSClient++.cpp(936) Loading plugin: NRPE server (w/ SSL)... d \NRPEListener.cpp(91) Loading all commands (from NRPE) d \PDHCollector.cpp(123) Found countername: CPU: \Processor(_total)\% Process or Time d \NRPEListener.cpp(121) Starting NRPE socket... d \PDHCollector.cpp(124) Found countername: UPTIME: \System\System Up Time d \PDHCollector.cpp(125) Found countername: MCL: \Memory\Commit Limit d \PDHCollector.cpp(126) Found countername: MCB: \Memory\Committed Bytes d NSClient++.cpp(638) NSCLient++ - 0.3.7.493 2009-10-12 Started! d \Socket.h(669) Bound to: 0.0.0.0:5666 l NSClient++.cpp(437) Using settings from: INI-file l NSClient++.cpp(438) Enter command to inject or exit to terminate... exit Exiting... d NSClient++.cpp(693) Attempting to stop NSCLient++ - 0.3.7.493 2009-10-12 d NSClient++.cpp(696) Stopping: NON Message Handling Plugins d NSClient++.cpp(893) Unloading plugin: NRPEListener... d \Socket.h(711) Socket listener is preparing to shutdown... d NSClient++.cpp(896) Skipping log plugin: FileLogger... d NSClient++.cpp(893) Unloading plugin: CheckSystem... d NSClient++.cpp(893) Unloading plugin: CheckHelpers... d NSClient++.cpp(893) Unloading plugin: CheckEventLog... d NSClient++.cpp(893) Unloading plugin: CheckDisk... d NSClient++.cpp(704) Stopping: COM helper d NSClient++.cpp(712) Stopping: Socket Helpers d NSClient++.cpp(720) Stopping: Settings instance d NSClient++.cpp(744) Stopping: Message handling Plugins d NSClient++.cpp(893) Unloading plugin: FileLogger... d NSClient++.cpp(751) NSCLient++ - 0.3.7.493 2009-10-12 Stopped succcessfully C:\Program Files\Nagios>
Change History
comment:2 Changed 2 years ago by mickem
- Owner changed from MickeM to mickem
The effect of the descriptions flag should not impact checks. All it does is "allow" rendering of correct message (which apparently causes a crash).
It would be helpfull if you could look into the debug guide and see if that can resolve the "exact place" in the code I "crash".
And it is possible one of your DLLs are somehow broken and causing a crash. I shall see if I can find any issues in my code but most likely one of our messages are from a broken program.
It would be interesting to know if the message works in regular event viewer?
Michael Medin
cleaned up the description a bit...