Logwatch for Windows custom logfiles

Hi,

I’m trying to monitor some custom logs files on Windows using Check-MK-raw 2.0.0p5. The applications that generate these logs do not write to the Windows event logs. However I can’t seem to get it to work. This is what I’ve tried so far.

I’ve put the ‘python-3.8.zip’ file from the check_mk server in C:\ProgramData\checkmk\agent\install\modules

Then I put mk_logwatch.py in C:\ProgramData\checkmk\agent\plugins.

And I created logwatch.cfg in C:\ProgramData\checkmk\agent\config. Contents of this are simple for testing:

D:\Beheer\dagprocedure\1\dag.log
I Goed
C Fout

However, no logs appear in the services after running a full scan. Also a telnet from the check_mk server to the client on port 6556 shows no logfile entries.

If I run this on client it tells me something’s not OK:

C:\Program Files (x86)\checkmk\service>check_mk_agent.exe exec -show
Adhoc/Exec Mode,press any key to stop execution
Loading module config
Processed [1] module(s)
Module ‘python-3.8’ has no work folder, this is bad
Module ‘python-3.8’ has no bin in modules dir ‘C:\ProgramData\checkmk\agent\modules’
Pre Start actions
OHM file ‘C:\ProgramData\checkmk\agent\bin\OpenHardwareMonitorCLI.exe’ is not found
Allowed Extensions: [checkmk.py,py,exe,bat,vbs,cmd,ps1]
Left [38] files to execute
Plugin ‘C:\ProgramData\checkmk\agent\plugins\mk_logwatch.py’ is sync with age:0 timeout:60 retry:0
Plugin ‘C:\ProgramData\checkmk\agent\plugins\windows_tasks.ps1’ is sync with age:0 timeout:60 retry:0
Left [2] files to execute in ‘plugins’
Allowed Extensions: [checkmk.py,py,exe,bat,vbs,cmd,ps1]
Left [38] files to execute
Plugin ‘C:\ProgramData\checkmk\agent\plugins\mk_logwatch.py’ is sync with age:0 timeout:60 retry:0
Plugin ‘C:\ProgramData\checkmk\agent\plugins\windows_tasks.ps1’ is sync with age:0 timeout:60 retry:0
Left [2] files to execute in ‘plugins’
Allowed Extensions: [exe,bat,vbs,cmd,ps1]
Left [0] files to execute
Left [0] files to execute in ‘local’
Pre Start actions ended
Waiting for async threads [0]
Left async threads [0] after waiting 0ms
main Wait Loop
Starting IO ipv6:false, used port:6556
Applying config auto restart_on_crash:true error_mode: log
Server is going to stop
Stop Service called
Stop request is set
main Wait Loop END
Shutting down IO…
Stopping execution
Exiting process queue
cma::world::ExternalPort::ioThreadProc: terminated from outside
IO ends…
Thread is stopped

What am I missing here?

Hi,
looks like you have a install problem with your python package.
Cheers,
Christian

Hi,

Yes I figured that may be the cause. I’m wondering if the zipfile with the python-3.8 is actually correct. If, on the check_mk server, I try to see what’s in it I get this:

/opt/omd/versions/default/share/check_mk/agents/windows # unzip -v python-3.8.zip
Archive: python-3.8.zip
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitutes one disk of a multi-part archive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
unzip: cannot find zipfile directory in one of python-3.8.zip or
python-3.8.zip.zip, and cannot find python-3.8.zip.ZIP, period.

And can’t open it on Windows either.

I’ll see if I can get another version from somewhere that works as it should.

Regards,
Louis.

I would give it a try reinstalling the agent. On my 2.0 cee instance the plugin name is aswell “mk_logwatch.checkmk.py”

And the logwatch.cfg is for example:

# This file is managed via WATO, do not edit manually or you
# lose your changes next time when you update the agent.




"C:\ProgramData\FSLogix\Logs\ODFC\ODFC-*.log" overflow=W
 W [ERROR
 W (.*\[ERROR.*)
 I (.*\[INFO*)
 I ^(?!\[.*$).*

Well, I did a reinstall of the agent (2.0.0p7 this time), but still no luck. No logfiles are shown in the output.

Ok, I never got the python thing to work. But I took the mk_logwatch.exe from the 1.6p25 version and put that in the plugins directory. Now it’s working as it should.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.