[Check_mk (english)] unsubscribe

martin.bruenn at advanced.info martin.bruenn at advanced.info
Tue Feb 5 17:06:34 CET 2019




Beste Grüße / best regards
Martin Brünn

Martin Brünn | Geschäftsführer | ADVANCED Systemhaus GmbH
Borsteler Chaussee 85-99a | Haus 12 | 22453 Hamburg |  Tel. +49(0)40-253050-0  |  Fax: +49 (0)40-253050-500
Bankverbindung: Commerzbank Hamburg |  IBAN DE62 2004 0000 08207 88800 | BIC COBADEHHXXX
Handelsregister HRB 47594  |  Gerichtsstand und Erfüllungsort ist Hamburg
Geschäftsführer: Martin Brünn, Lars Nowak  |  Ust-ID: DE118609680
----------------------------------------------------------------------------
 I h r   I T - S y s t e m h a u s   i n   H a m b u r g  
----------------------------------------------------------------------------


Von: checkmk-en [mailto:checkmk-en-bounces at lists.mathias-kettner.de] Im Auftrag von Paul Dott
Gesendet: Dienstag, 5. Februar 2019 15:24
An: Volker A Mönch <volker at moench.net>
Cc: checkmk-en at lists.mathias-kettner.de
Betreff: Re: [Check_mk (english)] Windows individual files logwatch does not work

That is expected. Did you also create the rule in WATO (logwatch patterns)?

On Tue, Feb 5, 2019 at 05:53 Volker A Mönch <volker at moench.net<mailto:volker at moench.net>> wrote:
Good hint, but I wrote into the  INI

[logfiles]
    textfile = c:\TL12\eb\Wilhelm_May_GmbH\ftp_gdp-edi.log | c:\TL12\eb\Wilhelm_May_GmbH\ftp-edi\1_11483\ftp_ftp-edi.log
    crit = *Error*
    ok = *Login Time*

and receive that

<<<logwatch>>>
[[[Active Directory Web Services]]]
[[[Application]]]
[[[DFS Replication]]]
[[[Directory Service]]]
[[[DNS Server]]]
[[[File Replication Service]]]
[[[HardwareEvents]]]
[[[Internet Explorer]]]
[[[Key Management Service]]]
[[[Security]]]
[[[System]]]
[[[Windows PowerShell]]]
<<<logwatch>>>
[[[c:\TL12\eb\Wilhelm_May_GmbH\ftp_gdp-edi.log]]]
[[[c:\TL12\eb\Wilhelm_May_GmbH\ftp-edi\1_11483\ftp_ftp-edi.log]]]

Two section <<<logwatch>>>, no section <<logfiles>>  Bug or feature?








On Fri, Feb 1, 2019 at 4:41 PM Paul Dott <pauldott at gmail.com<mailto:pauldott at gmail.com>> wrote:
Log monitoring of custom text files in Windows goes under the [logfiles] section, not logwatch.

See Logfile monitoring here (old article, but mostly valid)
https://mathias-kettner.de/checkmk_windows.html

On Fri, Feb 1, 2019 at 2:30 AM Volker A Mönch <volker at moench.net<mailto:volker at moench.net>> wrote:
But if "c:\Program Files (x86)\check_mk\check_mk_agent.exe"  doesn't give me any output, then there is nothing for the analyzer. (?)  The output ist still only

<<<logwatch>>>
[[[c:\TL12\schueco.log]]]
[[[c:\TL12\gdp-edi.log]]]

nothing more. Although I have entered "error" in the log for testing purposes

Regards

On Thu, Jan 31, 2019 at 6:35 PM Paul Dott <pauldott at gmail.com<mailto:pauldott at gmail.com>> wrote:
You need a corresponding rule in WATO to classify the log entries. You can also test your rules out with the Logfile Pattern Analyzer module in WATO.

On Thu, Jan 31, 2019 at 9:30 AM Matthew.Stier at us.fujitsu.com<mailto:Matthew.Stier at us.fujitsu.com> <Matthew.Stier at us.fujitsu.com<mailto:Matthew.Stier at us.fujitsu.com>> wrote:
And as I was pointing out, if the entries were in the log file, before the entries were placed in the configuration file, mk_logwatch will assume it was already processed, and won’t notify on it.


From: Volker A Mönch <volker at moench.net<mailto:volker at moench.net>>
Sent: Thursday, January 31, 2019 9:51 AM
To: Stier, Matthew <Matthew.Stier at us.fujitsu.com<mailto:Matthew.Stier at us.fujitsu.com>>; checkmk-en at lists.mathias-kettner.de<mailto:checkmk-en at lists.mathias-kettner.de>
Subject: RE: [Check_mk (english)] Windows individual files logwatch does not work

Sorry, that's not my question, but also informative. The problem is:

I don't have a result although the keywords are included in the logfile. (windows-agent)

"Matthew.Stier at us.fujitsu.com<mailto:Matthew.Stier at us.fujitsu.com>" <Matthew.Stier at us.fujitsu.com<mailto:Matthew.Stier at us.fujitsu.com>> hat am 31. Januar 2019 um 16:35 geschrieben:
In the Unix/Linux environment, mk_logwatch maintains a record of the line count, the last time the check was run, and only processes the lines after that count, and then updates the record to refect the new count of lines.

The script also checks to see if the number of lines has been reduced, and if so, assumes the log has been cycled, and restarts processing from line 1.

From: checkmk-en <checkmk-en-bounces at lists.mathias-kettner.de<mailto:checkmk-en-bounces at lists.mathias-kettner.de>> On Behalf Of Volker A Mönch
Sent: Thursday, January 31, 2019 6:29 AM
To: checkmk-en at listsmathias-kettner.de<mailto:checkmk-en at lists.mathias-kettner.de>
Subject: [Check_mk (english)] Windows individual files logwatch does not work

Hello,

I thought this would be an easy job and I'm sure it'll work right away. Unfortunately not again. Therefore I have to bother with a question.

My entry in check_mk.ini:

[logfiles]
    textfile = c:\TL12\schueco.log | c:\TL12\gdp-edi.log
    crit = *Error*
    ok = *Login Time*

get me at local test:

<<<logwatch>>>
[[c:\TL12\schueco.log]]]
[[[c:\TL12\gdp-edi.log]]]

That's all it is.

In the mentioned data there are entries of the kind:

. 2019-01-24 09:09:23.472 Error code: 4
. 2019-01-31 08:03:15.922 Login time: Thursday, January 31 2019 08:03:15

Sure I'm doing something wrong, just what? I didn't find anything in the docu. Or is there another, maybe better way to watch my own log files?

Many greetings and many thanks for every tip.

Volker





_______________________________________________
checkmk-en mailing list
checkmk-en at lists.mathias-kettner.de<mailto:checkmk-en at lists.mathias-kettner.de>
Manage your subscription or unsubscribe
https://lists.mathias-kettner.de/cgi-bin/mailman/listinfo/checkmk-en


--
...........................................

Volker A Mönch

Mobil    0172  8625166                               |
Festnetz 02051 24666

..........................................




--
..........................................

Volker A Mönch

Mobil    0172  8625166                               |
Festnetz 02051 24666

...........................................


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.mathias-kettner.de/pipermail/checkmk-en/attachments/20190205/f5efd5e4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6178 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.mathias-kettner.de/pipermail/checkmk-en/attachments/20190205/f5efd5e4/attachment-0001.bin>


More information about the checkmk-en mailing list