Graylog Special Agent

Discussions and feedback on the Graylog Special Agent that is part of the Feature Pack 1

1 Like

what does the graylog check do exactly?
I ve a rancher2.3 setup but logfiles checks via ELK or syslog aren working well,
Rancher 2.3 has a graylog output option and my idea is to check if I can see more output using this way.
Is it possible to check the greylog for recorded events like failed logins?

Hi Ralf,

it’s more about monitoring the graylog instance itself.
You find a detailed list of checks on the exchange page.


this special agent is not working with a password from the pwstore.

CRIT - [special_graylog] Agent exited with code 2: usage: agent_graylog [-h] [-u USER] [-s PASSWORD] [-P PROTO] [-p PORT]
[–display_node_details {host,node}]
[–display_sidecar_details {host,sidecar}]
[–display_source_details {host,source}] [–debug]
agent_graylog: error: unrecognized arguments: --pwstore=10@0@APP_GRAYLOG

When I store the password inside the WATO rule, cmk discovers the Graylog services. But all other services from cmk agent on this host where unknown. I am the only one facing this issue?

CMK 1.6.0p9 EE

problem with password from store will be fixed with Werk #10941 (currently reviewed).
Thanks for reporting that.

Related to the missing services of the agent…
What datasource do you use?

Should be “Normal Checkmk agent, all configured special agents” if you want data from “normal” agent and the special agent.

1 Like

Hi _rb,
yes it is configured to this. Downloaded agent output contains only Graylog data and ESX piggyback, but not data from cmk agent on this host (connected with ssh).

Edit: problem solved. The rule “Individual program call instead of agent access” was not configured for the option “Normal Checkmk agent, all configured special agents”. Now it is working, thank you!