How to Config logfile monitoring at Windows Agent Version 2.0.0

Hi, I’m trying to upgrade checkmk agents from Version 1.4.03 to Version 2.0.0 on Windows Server. The big difference between both Agents is the config file who is now written in yaml. At the Config File /C:/ProgramData/checkmk/check_mk.users.yml its written at line 199:

_logfiles:
enabled: no
# We do not support logfiles monitoring in agent at the moment
# Please, use plugin mk_logwatch

How can i use the Logwatch plugin to monitor a logfile not generated from the Eventlog like C:/tmp/test.log ?

logwatch:
# enabled: yes
# sendall: no # this is MANDATORY
# vista_api: no # this is RECOMMENDED
# max_size: 500000 # default value

 # entries in the windows eventlog
logfile:
    # - 'EventLogName': <crit|warn|all|off> + [context|nocontext]
    # - 'Application': crit context # example
    # - 'System': warn nocontext    # another example
    # - 'YourOwn': all nocontext    # yet another example
    # - '*': warn nocontext         # This is default params for not missing entries
1 Like

You need to create a config file for the mk_logwatch plugin. There you can define what file you want to be monitored.
An example for this config file can be found here.

Pay attention that you need to deploy also the Python runtime environment inside the agent if you want to use the mk_logwatch.py plugin.

2 Likes

Hi Andreas thanks for your fast Reply :slight_smile:. I tried that with the logwatch.cfg. Is it correct to put the logwatch.cfg in the folder C:/ProgramData/agent/config/ ?. I tried to load the logwatch.cfg from this Path. It didnt seem to work. On the CheckMk Documentation i didn’t found any solution where i have to put the .cfg file at Windows Agent

Testet it with telnet port agent and a C:/tmp/test.log with the String to monitor.

First you need to check that the mk_logwatch.py is executed correctly. Inspect the agent log if it executes the plugin and also that it gets some output.

1 Like

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.