On some Windows servers, I need the CheckMK agent to send an additional eventlog category to the CheckMK server.
So I have added the following to C:\ProgramData\checkmk\agent\check_mk.user.yml. However, I would like to keep configuration files as brief as possible, so I would like to remove lines which just state the default. My two questions:
- What are the defaults are for the logwatch agent plugin on Windows?
- In addition to web searches, I’ve tried finding the code for the logwatch plugin, but I cannot find it; where is the source code for the logwatch plugin for Windows?
logwatch:
enabled: yes
sendall: no
vista_api: yes
skip_duplicated: no
max_size: 500000
max_line_length: -1
max_entries: -1
timeout: -1
logfile:
- 'Microsoft-Windows-Windows Defender/Operational': warn context