Check manual page of logwatch
Check Logfiles for Relevant New Messages
| Included in | All Checkmk editions |
|---|---|
| Source Code License | Open Source |
| Supported Agents | Linux Windows AIX Solaris |
This check processes the output of agents with the logwatch plugin.
The Windows agent has built-in this extension and does not need any configuration but sends all log files in the Windows event log. It uses the warning/error classification of Windows.
The logwatch extension of the Linux/UNIX agents needs a configuration file that lists all relevant logfiles and lists possible log lines that should result in warning or critical state.
For AIX the UNIX version can be used, but there is also the mk_errpt.aix agent plugin which is a low dependency Korn-shell plugin that will forward all errors reported by the command line tool "errpt".
Relevant log messages found by the agent are stored locally into a text file. The check is
critical, if at least one new or old log message exists that is classified as critical. If
at least one warning message exists but no critical, the check results in a warning state.
The only way to bring the state back to OK is to delete the text file with the stored log
messages. This is stored below ~/var/check_mk/logwatch. Usually the logwatch webpage is
used to browse and delete the messages. Please refer to the online documentation of check_mk
for more details about logwatch.
Item
The name of the logfile. For Linux/UNIX this is the complete absolute path name of the logfile.
For Windows this is the name as shown in the Windows Event Log, for example Application
(case sensitive!).
Discovery
One service is created for each logfile when the option logwatch_forward_to_ec
is not configured or set to False.
Please use standard inventory configuration methods if you want to ignore certain log files.