Hello we are using Kubernetes monitoring already and I wonder if it is somehow possible to check on all monitored pods in the pod log files for example for “%ERROR%” Wildcard and in this case inform and if a service on a pod is no longer running.
Is it somehow possible since currently we are only using this piggybag datas from what I understand?
If you have the Checkmk agent installed on the Kubernetes nodes, than you can use the logwatch plugin to monitor log files. logwatch needs to be configured to find the right log files and transmit the relevant lines to the Checkmk server.
The exact position of log files depends on your Kubernetes distribution. E.g. with K3s, the pod log files can be found under /var/log/pods/.
As far as I know, it is common practice to forward container stdout and stderr and logs to
e.g. fluentd running as deaemonset on each node and the process it further.
E.g. you could transform this with logstash to syslog format and feed this into the Checkmk Event Console.
I think the checkmk logwatch agent plugin is only useful if you are getting very few events a day.
2 Likes
This sound great, could you tell me more or give me a nudge in the right direction to set this up to sent messaged from fluentbit/d to the event console? Are these messages secure considering sensitive data?
Thank you!
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.