[Check_mk (english)] Windows individual files logwatch does not work

Volker A Mönch volker at moench.net
Tue Feb 5 14:52:43 CET 2019


Good hint, but I wrote into the  INI

[logfiles]
    textfile = c:\TL12\eb\Wilhelm_May_GmbH\ftp_gdp-edi.log |
c:\TL12\eb\Wilhelm_May_GmbH\ftp-edi\1_11483\ftp_ftp-edi.log
    crit = *Error*
    ok = *Login Time*

and receive that

<<<logwatch>>>
[[[Active Directory Web Services]]]
[[[Application]]]
[[[DFS Replication]]]
[[[Directory Service]]]
[[[DNS Server]]]
[[[File Replication Service]]]
[[[HardwareEvents]]]
[[[Internet Explorer]]]
[[[Key Management Service]]]
[[[Security]]]
[[[System]]]
[[[Windows PowerShell]]]
<<<logwatch>>>
[[[c:\TL12\eb\Wilhelm_May_GmbH\ftp_gdp-edi.log]]]
[[[c:\TL12\eb\Wilhelm_May_GmbH\ftp-edi\1_11483\ftp_ftp-edi.log]]]

Two section <<<logwatch>>>, no section <<logfiles>>  Bug or feature?








On Fri, Feb 1, 2019 at 4:41 PM Paul Dott <pauldott at gmail.com> wrote:

> Log monitoring of custom text files in Windows goes under the [logfiles]
> section, not logwatch.
>
> See Logfile monitoring here (old article, but mostly valid)
> https://mathias-kettner.de/checkmk_windows.html
>
> On Fri, Feb 1, 2019 at 2:30 AM Volker A Mönch <volker at moench.net> wrote:
>
>> But if "c:\Program Files (x86)\check_mk\check_mk_agent.exe"  doesn't give
>> me any output, then there is nothing for the analyzer. (?)  The output ist
>> still only
>>
>> <<<logwatch>>>
>>
>> [[[c:\TL12\schueco.log]]]
>>
>> [[[c:\TL12\gdp-edi.log]]]
>>
>>
>> nothing more. Although I have entered "error" in the log for testing
>> purposes
>>
>>
>> Regards
>>
>>
>> On Thu, Jan 31, 2019 at 6:35 PM Paul Dott <pauldott at gmail.com> wrote:
>>
>>> You need a corresponding rule in WATO to classify the log entries. You
>>> can also test your rules out with the Logfile Pattern Analyzer module in
>>> WATO.
>>>
>>> On Thu, Jan 31, 2019 at 9:30 AM Matthew.Stier at us.fujitsu.com <
>>> Matthew.Stier at us.fujitsu.com> wrote:
>>>
>>>> And as I was pointing out, if the entries were in the log file, before
>>>> the entries were placed in the configuration file, mk_logwatch will assume
>>>> it was already processed, and won’t notify on it.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:* Volker A Mönch <volker at moench.net>
>>>> *Sent:* Thursday, January 31, 2019 9:51 AM
>>>> *To:* Stier, Matthew <Matthew.Stier at us.fujitsu.com>;
>>>> checkmk-en at lists.mathias-kettner.de
>>>> *Subject:* RE: [Check_mk (english)] Windows individual files logwatch
>>>> does not work
>>>>
>>>>
>>>>
>>>> Sorry, that's not my question, but also informative. The problem is:
>>>>
>>>> I don't have a result although the keywords are included in the
>>>> logfile. (windows-agent)
>>>>
>>>>
>>>> "Matthew.Stier at us.fujitsu.com" <Matthew.Stier at us.fujitsu.com> hat am
>>>> 31. Januar 2019 um 16:35 geschrieben:
>>>>
>>>> In the Unix/Linux environment, mk_logwatch maintains a record of the
>>>> line count, the last time the check was run, and only processes the lines
>>>> after that count, and then updates the record to refect the new count of
>>>> lines.
>>>>
>>>>
>>>>
>>>> The script also checks to see if the number of lines has been reduced,
>>>> and if so, assumes the log has been cycled, and restarts processing from
>>>> line 1.
>>>>
>>>>
>>>>
>>>> *From:* checkmk-en <checkmk-en-bounces at lists.mathias-kettner.de> *On
>>>> Behalf Of *Volker A Mönch
>>>> *Sent:* Thursday, January 31, 2019 6:29 AM
>>>> *To:* checkmk-en at lists.mathias-kettner.de
>>>> *Subject:* [Check_mk (english)] Windows individual files logwatch does
>>>> not work
>>>>
>>>>
>>>>
>>>> Hello,
>>>>
>>>>
>>>>
>>>> I thought this would be an easy job and I'm sure it'll work right away.
>>>> Unfortunately not again. Therefore I have to bother with a question.
>>>>
>>>>
>>>>
>>>> My entry in check_mk.ini:
>>>>
>>>>
>>>>
>>>> [logfiles]
>>>>
>>>>     textfile = c:\TL12\schueco.log | c:\TL12\gdp-edi.log
>>>>
>>>>     crit = *Error*
>>>>
>>>>     ok = *Login Time*
>>>>
>>>>
>>>>
>>>> get me at local test:
>>>>
>>>>
>>>>
>>>> <<<logwatch>>>
>>>>
>>>> [[c:\TL12\schueco.log]]]
>>>>
>>>> [[[c:\TL12\gdp-edi.log]]]
>>>>
>>>>
>>>>
>>>> That's all it is.
>>>>
>>>>
>>>>
>>>> In the mentioned data there are entries of the kind:
>>>>
>>>>
>>>>
>>>> . 2019-01-24 09:09:23.472 Error code: 4
>>>>
>>>> . 2019-01-31 08:03:15.922 Login time: Thursday, January 31 2019 08:03:15
>>>>
>>>>
>>>>
>>>> Sure I'm doing something wrong, just what? I didn't find anything in
>>>> the docu. Or is there another, maybe better way to watch my own log files?
>>>>
>>>>
>>>>
>>>> Many greetings and many thanks for every tip.
>>>>
>>>>
>>>>
>>>> Volker
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> checkmk-en mailing list
>>>> checkmk-en at lists.mathias-kettner.de
>>>> Manage your subscription or unsubscribe
>>>> https://lists.mathias-kettner.de/cgi-bin/mailman/listinfo/checkmk-en
>>>
>>>
>>
>> --
>> ...........................................
>>
>> *Volker A Mönch*
>>
>> Mobil    0172  8625166                               |
>> Festnetz 02051 24666
>>
>> ...........................................
>>
>>
>>

-- 
...........................................

*Volker A Mönch*

Mobil    0172  8625166                               |
Festnetz 02051 24666

...........................................
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.mathias-kettner.de/pipermail/checkmk-en/attachments/20190205/1bb3fa58/attachment-0001.html>


More information about the checkmk-en mailing list