Checking Logfiles on Windows Endpoint

Hello @all,

I am trying to use the check_logfiles command on a windows machine. Therefore I downloaded and unpacked it.
After installing perl and running the I am able to execute the command from the commandline.

But when I try to use it in icinga, i get the error message:

"Command D:\icinga2/sbin/check_logfiles-3.9/plugin-scripts/ --criticalpattern ERROR --logfile D:\logs\error.log --tag error-Log failed to execute: 2, “The system cannot find the file specified.”

Does Icinga mean the file for the command or the logfile?
I tried to change the Path into a windows path using “” instead of “/”, but it didn’t work.

Is it even possible to use the perl script with the icinga agent wich is installed on the windows machine, or do I have to install the NSClient++?

Thanks in advace!

Running the command at the command line is done with the security context of the logged in user (often: Administrator). Via Icinga Agent the command runs under the security context of the Icinga Service (which is NetworkService by default).


the files and directories can be executed by “NETWORK SERVICE”.
So i guess this should not be the problem.

What about trying to start with a simple script e.g. just print perl’s version to check if everyting is in place to run a perl script. I’ve no perl on Windows otherwise I’d check environment variables and .pl assignment and so on.

1 Like

Are you sure that the Networkservice has permissions to access the Eventlog ?

I could solve it.
I didn’t know that I have to seperate the “perl” and the path to the Plugin in the check command definition.

command = ["perl", "D:\\icinga2\\sbin\\check_logfiles-3.9\\plugins-scripts\\check_logfiles"]

Permissions were right, except for the TEMP directory on C:\ but that fixed quickly.
Now everything is working.
Thanks for the help!

1 Like