Hello folks,
I have some questions regarding the Personal Information that CMK extract using the normal monitoring.
For example. The part of the logwatch on windows servers, these logs extract personal information of the users when a error occurs, this information coming from the Windows event log:
Logs definition: This check processes the output of agents with the logwatch plugin. The windows agent has built in this extension. The logwatch extension of the Linux/UNIX agents needs a configuration file that lists all relevant logfiles and lists possible log lines that should result in warning or critical state. The windows agents does not need any configuration but sends all log files in the Windows event log. It uses the warning/error classification of Windows.
Relevant log messages found by the agent are stored locally into a text file. The check is critical, if at least one new
or old
log message exists that is classified as critical. If at least one warning message exists but no critical, the check results in a warning state.The only way to bring the state back to OK is to delete the text file with the stored log messages. This is stored below
~/var/check_mk/logwatch
. Usually the logwatch webpage is used to browse and delete the messages. Please refer to the online documentation of check_mk for more details about logwatch.
This logs show information like username, id, phone, email, etc, as i mention only when a error occurs, and i know there is a way to avoid this information on check_mk.user.yml : disabled_sections: [logwatch].
But i would like to know if CMK use another kind of check with this particular function, another check that can extract personal information from the users on the consoles or databases, and i also would like to know if the information of the service logs on the host, disable or enabled, send the information to the nagios logs.
Thank you very much!