On 31 Jul 2014, at 20:31, Lance Tost <Lance.Tost@key-stone.com> wrote:

What is the recommended way for monitoring Linux logs?

Mk_logwatch plugin?
Point all syslogs at Nagios server and use the Event Monitor?

What about for non-syslog logs (ie., applications that log to their own dir)? Can you use a mix of the above to methods?

I’m trying to use mk_logwatch, but cannot get anything to show up in inventory. I’ve created a logwatch.cfg and tested it locally by manually running logwatch –d. It reports the logs it’s watching… but nothing in inventory. What am I missing?

Thanks,
Lance

On Thu, Jul 31, 2014 at 3:50 PM, Pawel Grzesik pawel.grzesik@brainstorm.co.uk wrote:

On 31 Jul 2014, at 20:31, Lance Tost Lance.Tost@key-stone.com wrote:

What is the recommended way for monitoring Linux logs?

Mk_logwatch plugin?

Point all syslogs at Nagios server and use the Event Monitor?

What about for non-syslog logs (ie., applications that log to their own dir)? Can you use a mix of the above to methods?

I’m trying to use mk_logwatch, but cannot get anything to show up in inventory. I’ve created a logwatch.cfg and tested it locally by manually running logwatch –d. It reports the logs it’s watching… but nothing in inventory. What am I missing?

Thanks,

Lance

I will choose logstash

Thanks,

Pawel

---

checkmk-en mailing list

checkmk-en@lists.mathias-kettner.de

http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

I will second the logstash (http://logstash.net/ )
and add on Elastic Search and Kibana (http://www.elasticsearch.org/overview/kibana/ )
to slice and dice the logs as needed.

On Thu, Jul 31, 2014 at 3:50 PM, Pawel Grzesik pawel.grzesik@brainstorm.co.uk wrote:

On 31 Jul 2014, at 20:31, Lance Tost Lance.Tost@key-stone.com wrote:

What is the recommended way for monitoring Linux logs?

Mk_logwatch plugin?

Point all syslogs at Nagios server and use the Event Monitor?

What about for non-syslog logs (ie., applications that log to their own dir)? Can you use a mix of the above to methods?

I’m trying to use mk_logwatch, but cannot get anything to show up in inventory. I’ve created a logwatch.cfg and tested it locally by manually running logwatch –d. It reports
the logs it’s watching… but nothing in inventory. What am I missing?

Thanks,

Lance

I will choose logstash

Thanks,

Pawel

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

I will second the logstash (http://logstash.net/ )
and add on Elastic Search and Kibana (http://www.elasticsearch.org/overview/kibana/ )
to slice and dice the logs as needed.

On Thu, Jul 31, 2014 at 3:50 PM, Pawel Grzesik pawel.grzesik@brainstorm.co.uk wrote:

On 31 Jul 2014, at 20:31, Lance Tost Lance.Tost@key-stone.com wrote:

What is the recommended way for monitoring Linux logs?

Mk_logwatch plugin?

Point all syslogs at Nagios server and use the Event Monitor?

What about for non-syslog logs (ie., applications that log to their own dir)? Can you use a mix of the above to methods?

I’m trying to use mk_logwatch, but cannot get anything to show up in inventory. I’ve created a logwatch.cfg and tested it locally by manually running logwatch –d. It reports
the logs it’s watching… but nothing in inventory. What am I missing?

Thanks,

Lance

I will choose logstash

Thanks,

Pawel

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

However, I cannot get the service to show up when inventorying the server.

Thanks,

Lance Tost

Sr. Network Administrator

Keystone Automotive Operations, Inc.

From: Paul - Monitoring [mailto:paulmonitoring@gmail.com]
Sent: Monday, August 04, 2014 1:37 PM
To: Lance Tost
Cc: Bill Jacqmein; Pawel Grzesik; checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Monitoring Linux logs

Which version of check_mk do you run? Do you have the logwatch check on your monitoring host? Please provide your logwatch cfg file also for initial troubleshooting.

On Aug 4, 2014, at 13:24, Lance Tost Lance.Tost@key-stone.com wrote:

These seem more like solutions to “dig into logs” for troubleshooting. I want something simple that will raise an alert in Check_Mk if a specific string is found in a logfile. I’m not looking to correlate logs, etc.

Thanks,

Lance Tost

Sr. Network Administrator

Keystone Automotive Operations, Inc.

From: Bill Jacqmein [mailto:wrjacqmein@gmail.com]
Sent: Thursday, July 31, 2014 4:25 PM
To: Pawel Grzesik
Cc: Lance Tost; checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Monitoring Linux logs

I will second the logstash (http://logstash.net/) and add on Elastic Search and Kibana (http://www.elasticsearch.org/overview/kibana/) to slice and dice the logs as needed.

On Thu, Jul 31, 2014 at 3:50 PM, Pawel Grzesik pawel.grzesik@brainstorm.co.uk wrote:

On 31 Jul 2014, at 20:31, Lance Tost Lance.Tost@key-stone.com wrote:

What is the recommended way for monitoring Linux logs?

Mk_logwatch plugin?

Point all syslogs at Nagios server and use the Event Monitor?

What about for non-syslog logs (ie., applications that log to their own dir)? Can you use a mix of the above to methods?

I’m trying to use mk_logwatch, but cannot get anything to show up in inventory. I’ve created a logwatch.cfg and tested it locally by manually running logwatch –d. It reports the logs it’s watching… but nothing in inventory. What am I missing?

Thanks,

Lance

I will choose logstash

Thanks,

Pawel

---

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

Please consider the environment before printing

---

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

Am 04.08.2014 21:19 schrieb “Lance Tost” Lance.Tost@key-stone.com:

Cmk version 1.2.4p5

Logwatch.cfg:

cat logwatch.cfg

/var/log/messages

W foobar

/opt/Linoma_Software/GoAnywhere_Services/userdata/logs/gaservices.log

C Failed to start proxy server

W Proxy server .* started

So I do a logger –pdaemon.info foobar which syslogs foobar to my /var/log/messages file. If I run the plugin manually or the agent manually on the host, it works:

<<>>

[[[/var/log/messages]]]

W Aug 4 15:03:15 : foobar

[[[/opt/Linoma_Software/GoAnywhere_Services/userdata/logs/gaservices.log]]]

However, I cannot get the service to show up when inventorying the server.

Thanks,

Lance Tost

Sr. Network Administrator

Keystone Automotive Operations, Inc.

From: Paul - Monitoring [mailto:paulmonitoring@gmail.com]
Sent: Monday, August 04, 2014 1:37 PM
To: Lance Tost
Cc: Bill Jacqmein; Pawel Grzesik; checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Monitoring Linux logs

Which version of check_mk do you run? Do you have the logwatch check on your monitoring host? Please provide your logwatch cfg file also for initial troubleshooting.

On Aug 4, 2014, at 13:24, Lance Tost Lance.Tost@key-stone.com wrote:

These seem more like solutions to “dig into logs” for troubleshooting. I want something simple that will raise an alert in Check_Mk if a specific string is found in a logfile. I’m not looking to correlate logs, etc.

Thanks,

Lance Tost

Sr. Network Administrator

Keystone Automotive Operations, Inc.

From: Bill Jacqmein [mailto:wrjacqmein@gmail.com]
Sent: Thursday, July 31, 2014 4:25 PM
To: Pawel Grzesik
Cc: Lance Tost; checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Monitoring Linux logs

I will second the logstash (http://logstash.net/) and add on Elastic Search and Kibana (http://www.elasticsearch.org/overview/kibana/) to slice and dice the logs as needed.

On Thu, Jul 31, 2014 at 3:50 PM, Pawel Grzesik pawel.grzesik@brainstorm.co.uk wrote:

On 31 Jul 2014, at 20:31, Lance Tost Lance.Tost@key-stone.com wrote:

What is the recommended way for monitoring Linux logs?

Mk_logwatch plugin?

Point all syslogs at Nagios server and use the Event Monitor?

What about for non-syslog logs (ie., applications that log to their own dir)? Can you use a mix of the above to methods?

I’m trying to use mk_logwatch, but cannot get anything to show up in inventory. I’ve created a logwatch.cfg and tested it locally by manually running logwatch –d. It reports the logs it’s watching… but nothing in inventory. What am I missing?

Thanks,

Lance

I will choose logstash

Thanks,

Pawel

---

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

Please consider the environment before printing

---

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

---

checkmk-en mailing list

checkmk-en@lists.mathias-kettner.de

http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

From: checkmk-en-bounces@lists.mathias-kettner.de [mailto:checkmk-en-bounces@lists.mathias-kettner.de] On Behalf Of Lance Tost
Sent: Monday, August 04, 2014 3:09 PM
To: Paul - Monitoring
Cc: checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Monitoring Linux logs

Cmk version 1.2.4p5

Logwatch.cfg:

cat logwatch.cfg

/var/log/messages

W foobar

/opt/Linoma_Software/GoAnywhere_Services/userdata/logs/gaservices.log

C Failed to start proxy server

W Proxy server .* started

So I do a logger –pdaemon.info foobar which syslogs foobar to my /var/log/messages file. If I run the plugin manually or the agent manually on the host, it works:

<<>>

[[[/var/log/messages]]]

W Aug 4 15:03:15 : foobar

[[[/opt/Linoma_Software/GoAnywhere_Services/userdata/logs/gaservices.log]]]

However, I cannot get the service to show up when inventorying the server.

Thanks,

Lance Tost

Sr. Network Administrator

Keystone Automotive Operations, Inc.

From: Paul - Monitoring [mailto:paulmonitoring@gmail.com]
Sent: Monday, August 04, 2014 1:37 PM
To: Lance Tost
Cc: Bill Jacqmein; Pawel Grzesik; checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Monitoring Linux logs

Which version of check_mk do you run? Do you have the logwatch check on your monitoring host? Please provide your logwatch cfg file also for initial troubleshooting.

On Aug 4, 2014, at 13:24, Lance Tost Lance.Tost@key-stone.com wrote:

These seem more like solutions to “dig into logs” for troubleshooting. I want something simple that will raise an alert in Check_Mk if a specific string is found in a logfile. I’m not looking to correlate logs, etc.

Thanks,

Lance Tost

Sr. Network Administrator

Keystone Automotive Operations, Inc.

From: Bill Jacqmein [mailto:wrjacqmein@gmail.com]
Sent: Thursday, July 31, 2014 4:25 PM
To: Pawel Grzesik
Cc: Lance Tost; checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] Monitoring Linux logs

I will second the logstash (http://logstash.net/) and add on Elastic Search and Kibana (http://www.elasticsearch.org/overview/kibana/) to slice and dice the logs as needed.

On Thu, Jul 31, 2014 at 3:50 PM, Pawel Grzesik pawel.grzesik@brainstorm.co.uk wrote:

On 31 Jul 2014, at 20:31, Lance Tost Lance.Tost@key-stone.com wrote:

What is the recommended way for monitoring Linux logs?

Mk_logwatch plugin?

Point all syslogs at Nagios server and use the Event Monitor?

What about for non-syslog logs (ie., applications that log to their own dir)? Can you use a mix of the above to methods?

I’m trying to use mk_logwatch, but cannot get anything to show up in inventory. I’ve created a logwatch.cfg and tested it locally by manually running logwatch –d. It reports the logs it’s watching… but nothing in inventory. What am I missing?

Thanks,

Lance

I will choose logstash

Thanks,

Pawel

---

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

Please consider the environment before printing

---

checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en