Logwatch Event Console Forwarding service always on warning

n3m0 · October 14, 2024, 6:42pm

CMK version: Checkmk Enterprise Edition 2.3.0p2
OS version: Ubuntu 22.04.5 LTS

Configuration of rule “Logwatch Event Console Fowarding”:

State and output of service “Log forwarding”:

<<<logwatch>>>
[[[Active Directory Web Services]]]
[[[Application]]]
[[[DFS Replication]]]
[[[Directory Service]]]
[[[DNS Server]]]
[[[HardwareEvents]]]
[[[Internet Explorer]]]
[[[Key Management Service]]]
[[[Security]]]
[[[System]]]
[[[Windows PowerShell]]]
[[[*:missing]]]

Can someone explain to me why the service state is warning? Even if I reinventorize the service, as it is written in the inline help (“If this option is enabled, the check monitors the list of forwarded logfiles and will warn you if at any time a logfile is missing or exceeding when compared to the initial list that was snapshotted during service detection. Reinventorize this check in order to make it OK again.”), the state remains on warning.

Thanks in advance

mike1098 · October 15, 2024, 8:03am

your logwatch section is empty, so no log files configured at the remote site.

n3m0 · October 15, 2024, 8:17am

You’re talking about the agent?
I configured the agent rule “Finetune Windows Eventlog monitoring”:

How can I improve?

system · October 15, 2025, 8:17am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.