Logwatch for Linux systems

Hi all,

I´m using CheckMK Raw since some months, already have +150 hosts and alerts configured, all good, it works like a charm.

My manager asked me to configure Logwatch on Linux hosts and I´m having problems to find out how to do it. The documentation and videos that I saw are a little bit outdated. So far I did a test in just one host with the following:

/usr/lib/check_mk_agent/plugins/mk_logwatch.py
/etc/check_mk/logwatch/logwatch.cfg
chmod +x /usr/lib/check_mk_agent/plugins/mk_logwatch.py
chmod +x /etc/check_mk/logwatch/logwatch.cfg
python3 /usr/lib/check_mk_agent/plugins/mk_logwatch.py
systemctl restart check_mk_agent.socket

but I´m missing totally what I should do on the CheckMK GUI, I can´t find the rules that the video speak about, nor there are rules for agents. What should I do on the GUI side so the hosts is available to see the logs service?

Many thanks for your replies.

The official Checkmk documentation contains a chapter about Logwatch:

Although it is rather short and marked as draft, but it should contain everything needed for the first steps.

Note that the Checkmk Raw Edition does not contain the Agent Bakery and thus no agent rules.

thanks for your reply.

I already read the documentation and watched the video about that. Is my configuration on the host side right? What should I do on the GUI side? If I click on the “Run service discovery” for the host that I configured the .cfg and .py files, nothing appears regarding logs.

The config file is in /etc/check_mk/logwatch.cfg AFAIK.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.