I have spent 4 hours looking at docs and trying various things. Under “Parameters for this service” I have tried to get it so that certain messages that I cannot fix under ‘Log Application’ and ‘Log System’ do not notify as critical events.
Tried ‘Disable notifications for services’ which will only disable notifications. Tried disabling active checks. Looked at docs.
you can use either the event console (little more complex, but more powerful Die Event Console - Logs und SNMP-Traps in Checkmk verarbeiten) or when you want to stay with classical log monitoring (also a valid approach :)) the rule you are looking for is called => Logfile patterns, where you can set events that should not be considered CRITICAL to OK or even ignore
I can see how to create RegEx and DROP messages I don’t want Event Console to process, but where is the Logfile Patterns that Gred mentions? Where is that found?
I went into Event Console and practiced my RegEx with the tool there. I applied the Event, insured that it matched (green light) and applied it as a DROP rule, and the logs keep coming in and turning the hexagons red.
I couldn’t understand, so I applied the RegEx (.*) matching everything, set it to DROP and still, does not work. Do I have to apply Rule Packs in some special way? The documentation on this is unclear. Thanks.
Apologies for the typo. I followed Elias method and put the wildcard (.*) into a Logfile Pattern, instructed that Logfile pattern to demote CRITICAL log messages from CRITICAL to IGNORE (just to see since it matched everything if it would work.)
I went into each host and did CLear log and waited. All the CRITICAL logs came back. The Logfile pattern was matching (for sure) but no IGNORE of the CRITICAL messages using this method either.
Yes, that worked. Thank you, Mr. Stolz. I see now how it works.
I can only imagine that each and every customer should like to baseline their Windows hosts and filter down the CRIT messages that they cannot prevent from occurring, to baseline what is normal and abnormal CRIT errors that require response. I should hope this is helpful to others.