Is syslog removed from the free edition of Checkmk?

Im evaluating the Checkmk virtual appliance (checkmk virt1 (Trial/Free)) along with Checkmk Appliance 1.4+ (check-mk-free-2.0.0p15-2-x86_64.cma) and the SNMP graphing worked like a charm along with pdf-reporting :slight_smile:

So a big plus for the hassel-free VM appliance + cma approach.

However I fail to make my Checkmk instance to accept incoming syslogs…

The manual over The Event Console - Processing logs and SNMP traps claims that one need to setup a rule in “Setup → Events → Event Console rule packages” which are simply not available.

Only thing available in the web-gui under Events is Notifications!?

I have enabled “Enable processing of external messages (Event Console)” aswell as “Receive messages via syslog/UDP (Port 514)” and “Receive SNMP Traps (UDP Port 162)” in Properties of my site at http://checkmk/webconf/site_management.py and rebooted the VM appliance but still no go with syslogs.

Am I missing something here?

I have verified that syslogs arrives to the IP that Checkmk uses but they will simply not show up in the web-gui :frowning:

What says your site status after restarting your site? It should show that the mkeventd is running.
You can see this inside the appliance site management or on the command line with an “cmk status”.

Example output.

mkeventd:       running
liveproxyd:     running
mknotifyd:      running
rrdcached:      running
cmc:            running
apache:         running
dcd:            running
redis:          running
stunnel:        running
xinetd:         running
crontab:        running
-----------------------
Overall state:  running

If this is the case you must see inside the “Setup” menu option also the “Events” → “Event console” point.

It seems like its not possible to login to cli/ssh when using the free edition of checkmk virt1 (Trial/Free)) - I only end up with the orange backgrund and F1/F2 selections (that is root-login is disabled in free edition). Which gives that I cannot run “cmk status” unless that is somehow possible through the web-gui?

When Im at http://checkmk/webconf/site_management.py I see:

  • ACTIONS: 6 icons (Properties, Update this site, Rename this site, Clone this site, Delete this site, Login into this site)
  • SITE-ID: TEST
  • VERSION: 2.0.0p15.cfe
  • AUTOSTART: ON
  • LIVESTATUS: only local
  • RECEIVE EVENTS: SNMP Traps,Syslog/UDP,Logwatch
  • STATUS: running
  • CONTROL: Stop (button)

Looking at View Log Files at the appliance http://stats/webconf/logs.py and selecting “Site: TEST - Event Console” I get this since last reboot:

2021-11-07 19:19:48,645 [20] [cmk.mkeventd.EventServer] Starting up
2021-11-07 19:19:48,632 [20] [cmk.mkeventd.StatusServer] Starting up
2021-11-07 19:19:48,621 [20] [cmk.mkeventd] Daemonized with PID 768.
2021-11-07 19:19:48,606 [20] [cmk.mkeventd.EventServer] Rule hash: 0 rules - 0 hashed, 0 unspecific
2021-11-07 19:19:48,606 [20] [cmk.mkeventd.EventServer] Compiled 0 active rules (ignoring 0 disabled rules)
2021-11-07 19:19:48,606 [20] [cmk.mkeventd.EventStatus] Loaded event state from /omd/sites/TEST/var/mkeventd/status.
2021-11-07 19:19:48,602 [20] [cmk.mkeventd.EventServer.snmp] adding SNMPv1 system: communityIndex=snmpv2-1
2021-11-07 19:19:48,544 [20] [cmk.mkeventd.EventServer] Opened builtin snmptrap server on inherited filedescriptor 5
2021-11-07 19:19:48,544 [20] [cmk.mkeventd.EventServer] Opened builtin syslog server on inherited filedescriptor 3
2021-11-07 19:19:48,544 [20] [cmk.mkeventd.EventServer] Opened UNIX socket ‘/omd/sites/TEST/tmp/run/mkeventd/eventsocket’ for receiving events
2021-11-07 19:19:48,544 [20] [cmk.mkeventd.EventServer] Created FIFO ‘/omd/sites/TEST/tmp/run/mkeventd/events’ for receiving events
2021-11-07 19:19:48,540 [20] [cmk.mkeventd] mkeventd version 2.0.0p15 starting
2021-11-07 19:19:48,539 [20] [cmk.mkeventd] -----------------------------------------------------------------

In web-gui going to Setup → Maintenance → Analyze configuration I get all OK except for WARN at:

  • Performance: Apache number of processes (complains about default 64 will use almost 8GB of RAM)
  • Performance: Checkmk checker count (complains that the amount should not be more than available CPU cores)
  • Reliability: Backup configured (complains that backup is not setup)
  • Security: Secure GUI (HTTP) (complains that SSL is not setup)

If you open your “Setup” menu, have a look in the top right corner.
What do you see there
image
or
image
switch to the other option and look for the “Event Console”

Oh, right!

Yeah - now the missing selections beneath Events are showing:

  • Notifications
  • Event Console
  • Alert handlers

Thanks!

I’ll return with the result…

Now when I can access the Event Console options through web-gui (that “Show more” is easily missed for a beginner of Check MK) the added rule pack didnt seem to do anything to whats being displayed in Monitor → Event Console → Events.

However when I changed settings and enabled “Syslog-like message logging” along with “Force message archiving” then the incoming syslog messages directly shows up in Monitor → Event Console → Recent Event History :slight_smile:

To be continued but now I can send syslog messages to the Check MK box and have them available and searchable through the web-gui :slight_smile:

Edit: Thanks! :smiley:

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.