Logs constantly poping CRIT messages make monitoring difficult

JArdissone · January 16, 2025, 1:37pm

CMK version: Checkmk Raw Edition 2.3.0p23
**OS version:**Ubuntu 22.04.5 LTS

How can I configure the log security and other logs,how can I set what it is considered a crit log ?
Should I make exception directly on windows for some log or something like that? is there a way to keep receiving the logs but not monitor it directly so it doesn’ t stay in crit state in my dashboard because by the amount of CRIT I get in logs the important services get lost and makes the monitored process more difficult.

Here’s an example where it recognized that the sophos antivirus has privileges It does’t matter if a delete the log, it pops up everytime

r.sander · January 16, 2025, 1:56pm

You could forward them to the Event Console and handle them there.

JArdissone · January 17, 2025, 6:48pm

Thanks, how can I see the logs, where can I read them once they are forwarded ?

r.sander · January 20, 2025, 7:45am

Checkmk and the Event Console are no Log archive.

The Event Console will process log messages and show you the generated events. These can then be acked and archived and will be removed after 365 days (by default).

If you want to read log messages as they are produced you need to setup a log archive like the Elastic stack.

JArdissone · January 20, 2025, 5:46pm

Sorry, I dont know if am understanding how log fowarding works.
I configure it like this.

I added “Log Forwarding” to the monitored services of the hosts; so any log should appear in the event console? I have it in blank and I know it should’ve generated some logs events by now.

r.sander · January 20, 2025, 7:43pm

The event console only opens a new event when an incoming message matches a configured rule.

Read about it in the documentation.

system · January 20, 2026, 7:44pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.