[Check_mk (english)] windows event log matching

Tost, Lance LTost at armada.net
Wed Jul 13 15:15:23 CEST 2016

I think this is either a bug or I'm not understanding something.  Basically, I want to ignore all events in the Application event logs, regardless of criticality, with the exception of if it matches this regex:

.*SQL Server Scheduled Job.*Priority 1.*Status: Failed.*

I set up logwatch patterns. The second matches my string and the fourth should ignore all other matches.


When I test with the logfile pattern analyzer, it looks correct.  The second rule is green, the fourth orange.. meaning the fourth matches but does not apply because because the second matches first.


But in reality, I never get alerted.  I generate an eventlog, but the LOG Application service status stays green.  If I disable the 4th rule, it then matches (the problem is, so does every other error in an Application log).

What am I doing wrong here?  Seems like a bug to me.

Running version 1.2.8p4.


The information contained in this e-mail and any attachments is confidential and
intended only for the recipient. If you are not the intended recipient, the
information contained in this message may not be used, copied, or forwarded to
third parties or otherwise distributed for any other purpose. Please notify the
sender if you received this e-mail in error and delete the e-mail and its
attachments promptly.  Nothing in this e-mail may be used or deemed to form the
basis of a contractual or any other legally binding obligation unless separately
confirmed in writing by an authorized representative of ARMADA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mathias-kettner.de/pipermail/checkmk-en/attachments/20160713/7aa6dcea/attachment.html>

More information about the checkmk-en mailing list