Hi,
cant find answer if its possible to add advanced Windows logs to CheckMK, for example located at:
Applications and Service logs-> Microsoft->Windows->Backup ?
Thanks
Leos
Hi,
cant find answer if its possible to add advanced Windows logs to CheckMK, for example located at:
Applications and Service logs-> Microsoft->Windows->Backup ?
Thanks
Leos
Hi.
You can add the path tothe windows log in the YAML File. Here is an example based on Print Service, e.g.
- âMicrosoft-Windows-PrintService/Operationalâ: all nocontext
Rg, Christian
Hi,
do you mean to C:\Program Files (x86)\checkmk\service\check_mk.yml like this:
logwatch:
enabled: yes
sendall: no # this value is MANDATORY, yes is useful only for debugging
vista_api: no # this is RECOMMENDED
max_size: 500000 #
max_line_length: -1 # -1 to ignore, or any positive, max lingth of the line
max_entries: -1 # -1 to ignore, or any positive, max count to receive
timeout: -1 # -1 to ignore, or any positive, in seconds
logfile: # entries in the windows eventlog
- 'Parameters': ignore
- 'State': ignore
- '*': warn nocontext # This is default params for not missing entries
- âMicrosoft-Windows-Backup/Operationalâ: all nocontext
Did this and restarted the service, but I dont get anything new discovered.
Thanks for help
Actually the configuration I shared made my checkmk service to eat 15% cpu constantly and timed out on result execution. I guess I did something wrong.
I think you need the entry on the right ident.
This must be set to yes for such log files.
The ident is OK, it was just wrongly formatted by the forum.
I did vista_api to yes, but still, when I initialize a full service scan from CheckMK site I get the agent service on target machine to constantly eat 15% of CPU and return no result to the core.
Hi Leo,
not sure if the solution is in there, but @robin.gierse just did a video on monitoring custom log files on Windows: Episode 38: Monitoring Windows Event Log and Custom Log Files with Checkmk - YouTube
Best
Elias
Example from one of my servers.
There i need to monitor the print service log.
logwatch:
enabled: true
logfile:
- system: warn nocontext
- application: warn nocontext
- Microsoft-Windows-PrintService/Admin: warn nocontext
- '*': off context
sendall: false
skip_duplicated: true
vista_api: true
Result inside CMK is then
The problem in your example are possible the single quotes.
OK I copy pasted your file, added my logs. For Cobian its OK, I can see it in the core. But the Backup no way, its not getting discovered. Am I missing something?
Hello,
I tried as per your example with Print log on different server. That works well, Print log is show immediately.
However the Backup log has the same result on another server - nothing shown in core.
Any idea?
thx
Pay attention.
vs.
This comes from the point that inside the âBackupâ folder is only one log file. In this case there is no â/Operationalâ as suffix.
The print service folder has two log files inside. To see the real path name make a right click on the wanted log file and select the properties.
Right, problem solved! I was taking the name from a log entry, where it says /Operational.
Thanks!
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.