Custom log forwarding to EC

drk-it · August 1, 2023, 8:59am

CMK version: Checkmk Enterprise Edition 2.1.0p20
OS version: SUSE Linux Enterprise Server 15 SP4

Description of the problem: We have a Program that gives us logs about every 2 hours. We would like to monitor these logs for specific lines of text that should be in them.
For that i configured " [Text logfiles (Linux, Solaris, Windows)" for a specific Host with “Configure a logfile section” for “C:\backups\logs*”
I also enabled a rule for Logwatch Event Console Forwarding with “Forward Message to Event Console” and “Local: Spooling - Send events to local event console in same OMD site”.
For Test purposes i also configured a “Test” Rule Pack with a Rule that only matches the host.

My Problem now is that the only Entrys that the EC gets are from the Windows event log and not from the logs i actually want to monitor.

Can someone please help me figure out what i have configured wrong?

ChristianM · August 1, 2023, 2:40pm

Hi.

What’s happens when you remove the host filter? Did you check if your forwarding rule match the given host?

Rg, Christian

drk-it · August 2, 2023, 5:33am

Hi,

If i remove the host filter from the Rule Pack i just get a couple of Trap and Port Events from other Hosts.
My forwarding Rule is set to Forward Everything from “Explicit Host” with no other Restrictions.
The Log Forwarding Service hay was too few forwarded Messages for the amount of logs that are being produces, it seems only the Windows logs are being forwarded right now. Heres what i currently have for my forwarding Rule

Regards
Dennis Rode