The relevant portion of the logwatch file is:
/var/log/messages
W kernel: nfs: server.*not responding, still trying
W kernel: device.* entered promiscuous mode
C kernel: EXT3-fs error
C kernel: Remounting filesystem read-only
W kernel: \[Hardware Error\]:
C MK_CRIT
W MK_ERR
W MK_WARN
When I add anything starting with <space>O<space><pattern> at the third line(just after the one about NFS not responding), it breaks.
It does not matter what pattern I use after the 'O', even a simple text makes it break.
So I'm wondering if the 'O' option works at all in our version 1.1.12p6, or that it has a bug, that simply nobody has encountered. Since as you put it 'Why have a logwatch entry for something you want to be OK?'
Well obviously, the creators of check_mk found some use for it, and I was hoping it would make logfile that have
Mar 21 14:17:13 server001 kernel: nfs: server shares.nfs.local not responding, still trying
Mar 21 14:17:14 server001 kernel: nfs: server shares.nfs.local OK
be OK, instead of in warning. Because the NFS notice of OK is already there, which means the connectivity the problem is already solved.
Arguments can be made to want to see when it has been unavailable, but in our particular case the network to these particular shares is regularly unavailable for a few seconds, and we don't want to see these things if there also is an OK notice in the same check_mk run. If a share is unavailable for more then one check_mk period (I think we have it at 4 minutes) we'd be notified anyway by other checks on the NFS share itself.
So basically I hope the logwatch config can make something OK after having been 'not OK' for a short period.
//Danny.
-----Oorspronkelijk bericht-----
···
Van: Paul Dott [mailto:pauldott@gmail.com]
Verzonden: woensdag 27 maart 2013 12:00
Aan: Kip, Danny (DID)
CC: checkmk-en@lists.mathias-kettner.de
Onderwerp: Re: [Check_mk (english)] logwatch config with OK messages
Why have a logwatch entry for something that you want to be OK? Logwatch.cfg is for adding error exceptions that you want to know about.
Can you show us the full logwatch.cfg file on this server?
On Mar 27, 2013, at 5:17, "Kip, Danny (DID)" <danny.kip@rws.nl> wrote:
While reading the logwatch documentation I read about the 'O' option to make lines be 'OK'. http://mathias-kettner.de/checkmk_logfiles.html
Since we have a flaky NFS server that regularly throws fits, which will result in messages about the NFS server being unreachable, but then being OK within seconds, we are getting a bit tired of acknowledging those logfiles.
I figured I could use a line like:
O nfs: server.*OK
But when I add that to /etc/check_mk/logwatch.cfg, or any line starting with that O(even the one from the docs), it breaks. And I am not forgetting the space.
Next check run it throws "UNKNOWN - log not present anymore" messages for all configured logfiles (not just the /var/log/messages section I edited)
Our check_mk version is old 1.1.12p6, is that perhaps too old to use the OK facility in logwatch? I could not really find a version restriction in the docs.
Kind regards,
Danny Kip.
_______________________________________________
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en