So, when I do Analyze Patterns for a log message (Windows) that I want to filter out (IGNORE), and I go to save, I get the red error message: Unable to analyze matching, because “service” parameter is missing
I go elsewhere in WATO to apply the change, everything works, but why the error? I’d like to have the Change pending button on the analyzer page like I used to instead of the error.
1.6.0p11 Trial
Same in 1.6.0.p13 cee stable
I too am an 1.6.0p13 CEE and yes, the problem is still there. If I get to the log analyzer via View Logs when there’s an issue and try to update rules for some sets, I get the message. But I believe if I go to log analyzer and just make the changes from there without going the View Logs for a service problem, things seem to work fine.
Issue still exists in 1.6.0p16 and I can confirm @cjcox thoughts.
Steps to reproduce:
-> Go to Open Log
-> Analyze this Line:
-> Edit this rule:
-> Try to edit something and click save
->Error message appreas “Unable to analyze matching, because “service” parameter is missing”
When editing via Host & Service Parameters, editing works.
We switched to sending all that as Events and using the Event Console. So… in our case, this isn’t a problem anymore.
Why did we do this? We installed Netwrix on our network and it pumps out tons of non-error messages into the logs. The problem is once an error is triggered for logwatch, it watches all messages in case a more important message comes in with higher state. And all of this is good, but Netwrix fills the logs up with no much irrelevant noise (overflowing the checkmk buffer quickly, even if configured for a fairly large number)… anyway, we decided to do things the Event Console way.