[Check_mk (english)] Windows individual files logwatch does not work

Paul Dott pauldott at gmail.com
Fri Feb 1 16:41:07 CET 2019


Log monitoring of custom text files in Windows goes under the [logfiles]
section, not logwatch.

See Logfile monitoring here (old article, but mostly valid)
https://mathias-kettner.de/checkmk_windows.html

On Fri, Feb 1, 2019 at 2:30 AM Volker A Mönch <volker at moench.net> wrote:

> But if "c:\Program Files (x86)\check_mk\check_mk_agent.exe"  doesn't give
> me any output, then there is nothing for the analyzer. (?)  The output ist
> still only
>
> <<<logwatch>>>
>
> [[[c:\TL12\schueco.log]]]
>
> [[[c:\TL12\gdp-edi.log]]]
>
>
> nothing more. Although I have entered "error" in the log for testing
> purposes
>
>
> Regards
>
>
> On Thu, Jan 31, 2019 at 6:35 PM Paul Dott <pauldott at gmail.com> wrote:
>
>> You need a corresponding rule in WATO to classify the log entries. You
>> can also test your rules out with the Logfile Pattern Analyzer module in
>> WATO.
>>
>> On Thu, Jan 31, 2019 at 9:30 AM Matthew.Stier at us.fujitsu.com <
>> Matthew.Stier at us.fujitsu.com> wrote:
>>
>>> And as I was pointing out, if the entries were in the log file, before
>>> the entries were placed in the configuration file, mk_logwatch will assume
>>> it was already processed, and won’t notify on it.
>>>
>>>
>>>
>>>
>>>
>>> *From:* Volker A Mönch <volker at moench.net>
>>> *Sent:* Thursday, January 31, 2019 9:51 AM
>>> *To:* Stier, Matthew <Matthew.Stier at us.fujitsu.com>;
>>> checkmk-en at lists.mathias-kettner.de
>>> *Subject:* RE: [Check_mk (english)] Windows individual files logwatch
>>> does not work
>>>
>>>
>>>
>>> Sorry, that's not my question, but also informative. The problem is:
>>>
>>> I don't have a result although the keywords are included in the logfile.
>>> (windows-agent)
>>>
>>>
>>> "Matthew.Stier at us.fujitsu.com" <Matthew.Stier at us.fujitsu.com> hat am
>>> 31. Januar 2019 um 16:35 geschrieben:
>>>
>>> In the Unix/Linux environment, mk_logwatch maintains a record of the
>>> line count, the last time the check was run, and only processes the lines
>>> after that count, and then updates the record to refect the new count of
>>> lines.
>>>
>>>
>>>
>>> The script also checks to see if the number of lines has been reduced,
>>> and if so, assumes the log has been cycled, and restarts processing from
>>> line 1.
>>>
>>>
>>>
>>> *From:* checkmk-en <checkmk-en-bounces at lists.mathias-kettner.de> *On
>>> Behalf Of *Volker A Mönch
>>> *Sent:* Thursday, January 31, 2019 6:29 AM
>>> *To:* checkmk-en at lists.mathias-kettner.de
>>> *Subject:* [Check_mk (english)] Windows individual files logwatch does
>>> not work
>>>
>>>
>>>
>>> Hello,
>>>
>>>
>>>
>>> I thought this would be an easy job and I'm sure it'll work right away.
>>> Unfortunately not again. Therefore I have to bother with a question.
>>>
>>>
>>>
>>> My entry in check_mk.ini:
>>>
>>>
>>>
>>> [logfiles]
>>>
>>>     textfile = c:\TL12\schueco.log | c:\TL12\gdp-edi.log
>>>
>>>     crit = *Error*
>>>
>>>     ok = *Login Time*
>>>
>>>
>>>
>>> get me at local test:
>>>
>>>
>>>
>>> <<<logwatch>>>
>>>
>>> [[c:\TL12\schueco.log]]]
>>>
>>> [[[c:\TL12\gdp-edi.log]]]
>>>
>>>
>>>
>>> That's all it is.
>>>
>>>
>>>
>>> In the mentioned data there are entries of the kind:
>>>
>>>
>>>
>>> . 2019-01-24 09:09:23.472 Error code: 4
>>>
>>> . 2019-01-31 08:03:15.922 Login time: Thursday, January 31 2019 08:03:15
>>>
>>>
>>>
>>> Sure I'm doing something wrong, just what? I didn't find anything in the
>>> docu. Or is there another, maybe better way to watch my own log files?
>>>
>>>
>>>
>>> Many greetings and many thanks for every tip.
>>>
>>>
>>>
>>> Volker
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> checkmk-en mailing list
>>> checkmk-en at lists.mathias-kettner.de
>>> Manage your subscription or unsubscribe
>>> https://lists.mathias-kettner.de/cgi-bin/mailman/listinfo/checkmk-en
>>
>>
>
> --
> ...........................................
>
> *Volker A Mönch*
>
> Mobil    0172  8625166                               |
> Festnetz 02051 24666
>
> ...........................................
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.mathias-kettner.de/pipermail/checkmk-en/attachments/20190201/cc0c3f7c/attachment-0001.html>


More information about the checkmk-en mailing list