Logwatch function

2.0.0p24 (CRE)
Ubuntu 18.04.06 LTS

I have a windows server that writes logs files and creates a new one daily with the date of that day as name, I would like to monitor that log file for errors

I’ve found a video tutorial explaining how to set it up from CheckMK (Episode 22: Monitoring logfiles with Checkmk - YouTube ) but that explains to use the ‘text logfiles’ option in ‘setup’ and I don’t have that.

Further I found several posts stating you should have a mk_logwatch.exe by @louis ( Logwatch for Windows custom logfiles ), I found Mk_logwatch.exe for 2.0.0p1 but that doesn’t seem to contain the whole story.
Finally I found this, Logwatch Messages exceeding file size - Check_MK raw 2.0.0 Docker but that is again only part of the story.

It can’t be that I am running the RAW edition since I’ve found evidence that other people are running it with the same edition.

What files do I need where exactly to get this to work?
do I need:
mk_logwatch.exe ?
logwatch.cfg ?
python3.8.zip ?
Does the config file need to be adjusted to enable logwatch?

Thanks for clearing this up for me.

Hi Steven,

Yes, monotoring text logfiles on Windows can be a bit tricky. The only way I got it to work is described here:
https://wiki.wevers.tv:8443/index.php/Monitoring_logfiles_on_Windows_with_Check_MK

That’s not the most elegant solution, but for me it works.

Good luck,
Louis

Please see under Agent rules:

You need to create a logfile section and then deploy the baked agent on the target host.

Hey @davidwayne
But that would only be possible with the payed variant of CheckMK, I presume then ? (We are running the RAW version)

In that case, create the logwatch.cfg manually under C:\ProgramData\checkmk\agent\config<here> and copy the agent plugin mk_logwatch under C:\ProgramData\checkmk\agent\plugins

A sample logwatch.cfg can be found here:

Hey @davidwayne

I’ve done that already, following @louis instructions, but when I test the agent by executing it on the command line, I get the normal output but I can’t find a mention anywhere from that logfile I am trying to watch.

Is there something I need to ‘enable’ or should it pick up cfg + exe on its own?

I can see it executing here:
2022-06-16 14:03:59.172 [app 1028] [Trace] Left [38] files to execute
2022-06-16 14:03:59.175 [app 1028] Plugin ‘C:\ProgramData\checkmk\agent\plugins\mk_logwatch.exe’ is sync with age:0 timeout:60 retry:0
2022-06-16 14:03:59.175 [app 1028] Plugin ‘C:\ProgramData\checkmk\agent\plugins\windows_updates.vbs’ is sync with age:0 timeout:60 retry:0
2022-06-16 14:03:59.175 [app 1028] [Trace] Left [2] files to execute in ‘plugins’

Hi

After a reinstall of the agent and a reconfigure of the agent, the detection works.
Now, the only remaining issue is that I don’t see the generated warnings in my main dashboard.
Should I do something special before the check appears?

If you now see your configured log file inside CMK, it can only be the definition of the lines it should find.
It would help if you define first a very common pattern inside the “logwatch.cfg” to see that data is transferred to CMK server.
The transferred lines should then be visible inside the “Log …” service on your monitored machine.

Hey

The lines are coded correctly

See the ‘W’ in the first line, the only issue remaining is that I don’t see it in my main dashboard, it does not show up.
Is there anything I need to ‘activate’ to get this to display on the GUI side?

The full log can be seen here:

[TCPFetcher] Fetch with cache settings: DefaultAgentFileCache(base_path=PosixPath('/omd/sites/icasa/tmp/check_mk/cache/neptunus.icasa-group.com'), max_age=MaxAge(checking=0, discovery=120, inventory=120), disabled=False, use_outdated=False, simulation=False)
Not using cache (Too old. Age is 2 sec, allowed is 0 sec)
[TCPFetcher] Execute data source
Connecting via TCP to 10.127.0.154:6556 (5.0s timeout)
Reading data from agent
Output is not encrypted
Write data to cache file /omd/sites/icasa/tmp/check_mk/cache/neptunus.icasa-group.com
Trying to acquire lock on /omd/sites/icasa/tmp/check_mk/cache/neptunus.icasa-group.com
Got lock on /omd/sites/icasa/tmp/check_mk/cache/neptunus.icasa-group.com
Releasing lock on /omd/sites/icasa/tmp/check_mk/cache/neptunus.icasa-group.com
Released lock on /omd/sites/icasa/tmp/check_mk/cache/neptunus.icasa-group.com
Closing TCP connection to 10.127.0.154:6556
Loading autochecks from /omd/sites/icasa/var/check_mk/autochecks/neptunus.icasa-group.com.mk
No persisted sections loaded
<<<check_mk>>>
Version: 2.0.0p24
BuildDate: May 11 2022
AgentOS: windows
Hostname: NEPTUNUS
Architecture: 64bit
WorkingDirectory: C:\Windows\system32
ConfigFile: C:\Program Files (x86)\checkmk\service\check_mk.yml
LocalConfigFile: C:\ProgramData\checkmk\agent\check_mk.user.yml
AgentDirectory: C:\Program Files (x86)\checkmk\service
PluginsDirectory: C:\ProgramData\checkmk\agent\plugins
StateDirectory: C:\ProgramData\checkmk\agent\state
ConfigDirectory: C:\ProgramData\checkmk\agent\config
TempDirectory: C:\ProgramData\checkmk\agent\tmp
LogDirectory: C:\ProgramData\checkmk\agent\log
SpoolDirectory: C:\ProgramData\checkmk\agent\spool
LocalDirectory: C:\ProgramData\checkmk\agent\local
OnlyFrom: 
<<<wmi_cpuload:sep(124)>>>
[system_perf]
AlignmentFixupsPersec|Caption|ContextSwitchesPersec|Description|ExceptionDispatchesPersec|FileControlBytesPersec|FileControlOperationsPersec|FileDataOperationsPersec|FileReadBytesPersec|FileReadOperationsPersec|FileWriteBytesPersec|FileWriteOperationsPersec|FloatingEmulationsPersec|Frequency_Object|Frequency_PerfTime|Frequency_Sys100NS|Name|PercentRegistryQuotaInUse|PercentRegistryQuotaInUse_Base|Processes|ProcessorQueueLength|SystemCallsPersec|SystemUpTime|Threads|Timestamp_Object|Timestamp_PerfTime|Timestamp_Sys100NS|WMIStatus
0||85001198||138909|3191022532|27443732|4886134|63852180599|3078529|24072474312|1807605|0|10000000|2246091|10000000||171716936|4294967295|75|0|1165031422|132998931514784487|1215|132999233885857520|67914433178|132999305885850000|OK
[computer_system]
AdminPasswordStatus|AutomaticManagedPagefile|AutomaticResetBootOption|AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported|BootupState|Caption|ChassisBootupState|CreationClassName|CurrentTimeZone|DaylightInEffect|Description|DNSHostName|Domain|DomainRole|EnableDaylightSavingsTime|FrontPanelResetStatus|HypervisorPresent|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|LastLoadInfo|Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|NumberOfLogicalProcessors|NumberOfProcessors|OEMLogoBitmap|OEMStringArray|PartOfDomain|PauseAfterReset|PCSystemType|PCSystemTypeEx|PowerManagementCapabilities|PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState|PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|Roles|Status|SupportContactDescription|SystemStartupDelay|SystemStartupOptions|SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|WakeUpType|Workgroup|WMIStatus
1|0|1|1|3|3|1|Normal boot|NEPTUNUS|3|Win32_ComputerSystem|120|1|AT/AT COMPATIBLE|NEPTUNUS|WORKGROUP|2|1|3|1|0|||3||VMware, Inc.|VMware Virtual Platform|NEPTUNUS||1|10|10||<array>|0|3932100000|1|1|||0|0|3||Windows User|1|65535|65535|<array>|OK|||||x64-based PC|3|137438412800||6|WORKGROUP|OK
<<<uptime>>>
30236
<<<mem>>>
MemTotal:      134217200 kB
MemFree:       102126600 kB
SwapTotal:     50331648 kB
SwapFree:      49847876 kB
PageTotal:     184548848 kB
PageFree:      151974476 kB
VirtualTotal:  137438953344 kB
VirtualFree:   137438864648 kB
<<<fileinfo:sep(124)>>>
1655449788
<<<logwatch>>>
[[[Application]]]
[[[Bullzip PDF Printer]]]
[[[HardwareEvents]]]
[[[Internet Explorer]]]
[[[Kaspersky Endpoint Security]]]
[[[Kaspersky Event Log]]]
[[[Kaspersky Security]]]
[[[Key Management Service]]]
[[[OAlerts]]]
[[[Security]]]
[[[System]]]
[[[Windows PowerShell]]]
<<<df:sep(9)>>>
C:\	NTFS	209353724	166920888	42432836	80%	C:\
Data	NTFS	314569724	187539044	127030680	60%	D:\
<<<dotnet_clrmemory:sep(124)>>>
AllocatedBytesPersec|Caption|Description|FinalizationSurvivors|Frequency_Object|Frequency_PerfTime|Frequency_Sys100NS|Gen0heapsize|Gen0PromotedBytesPerSec|Gen1heapsize|Gen1PromotedBytesPerSec|Gen2heapsize|LargeObjectHeapsize|Name|NumberBytesinallHeaps|NumberGCHandles|NumberGen0Collections|NumberGen1Collections|NumberGen2Collections|NumberInducedGC|NumberofPinnedObjects|NumberofSinkBlocksinuse|NumberTotalcommittedBytes|NumberTotalreservedBytes|PercentTimeinGC|PercentTimeinGC_Base|ProcessID|PromotedFinalizationMemoryfromGen0|PromotedMemoryfromGen0|PromotedMemoryfromGen1|Timestamp_Object|Timestamp_PerfTime|Timestamp_Sys100NS|WMIStatus
101305042208|||5368|0|2246091|10000000|510394368|4823712|10739416|1855824|30201384|7361984|_Global_|48302784|5645|1327|491|97|2|122|8404|330407936|41473007616|72029|4294967295|0|2822812|4823712|1855824|0|67914488808|132999305886160000|OK
420288032|||2366|0|2246091|10000000|163840000|2972704|2998800|1561416|1581720|2917712|w3wp|7498232|3042|4|3|2|0|5|151|91590656|13421690880|9119|3573634242|6016|2643680|2972704|1561416|0|67914488808|132999305886160000|OK
24001640|||260|0|2246091|10000000|163840000|181176|331640|0|1325896|241464|w3wp#1|1899000|641|8|3|1|0|0|34|8142848|13421690880|6|43469800|4072|50562|181176|0|0|67914488808|132999305886160000|OK
109378280|||1191|0|2246091|10000000|6291456|268224|475968|0|772544|133416|QVWebServerSettingsService|1381928|265|16|2|1|0|30|7|13246464|402644992|2236|4010203164|2416|62536|268224|0|0|67914488808|132999305886160000|OK
6200418264|||35|0|2246091|10000000|6291456|278688|276480|0|5685360|2063288|QVManagementService|8025128|599|838|290|11|2|43|37|16224256|402644992|2990|36189187|2164|2812|278688|0|0|67914488808|132999305886160000|OK
43593976736|||468|0|2246091|10000000|163840000|213440|133088|294408|7934832|1870584|QVDistributionService|9938504|824|414|189|81|0|23|80|176029696|13421690880|2760|294288320|2068|20014|213440|294408|0|67914488808|132999305886160000|OK
304458152|||1048|0|2246091|10000000|6291456|909480|6523440|0|12901032|135520|QVDirectoryServiceConnector|19559992|274|47|4|1|0|21|8095|25174016|402644992|7253|1348898771|1952|43208|909480|0|0|67914488808|132999305886160000|OK
<<<wmi_webservices:sep(124)>>>
AnonymousUsersPersec|BytesReceivedPersec|BytesSentPersec|BytesTotalPersec|Caption|CGIRequestsPersec|ConnectionAttemptsPersec|CopyRequestsPersec|CurrentAnonymousUsers|CurrentBlockedAsyncIORequests|Currentblockedbandwidthbytes|CurrentCALcountforauthenticatedusers|CurrentCALcountforSSLconnections|CurrentCGIRequests|CurrentConnections|CurrentISAPIExtensionRequests|CurrentNonAnonymousUsers|DeleteRequestsPersec|Description|FilesPersec|FilesReceivedPersec|FilesSentPersec|Frequency_Object|Frequency_PerfTime|Frequency_Sys100NS|GetRequestsPersec|HeadRequestsPersec|ISAPIExtensionRequestsPersec|LockedErrorsPersec|LockRequestsPersec|LogonAttemptsPersec|MaximumAnonymousUsers|MaximumCALcountforauthenticatedusers|MaximumCALcountforSSLconnections|MaximumCGIRequests|MaximumConnections|MaximumISAPIExtensionRequests|MaximumNonAnonymousUsers|MeasuredAsyncIOBandwidthUsage|MkcolRequestsPersec|MoveRequestsPersec|Name|NonAnonymousUsersPersec|NotFoundErrorsPersec|OptionsRequestsPersec|OtherRequestMethodsPersec|PostRequestsPersec|PropfindRequestsPersec|ProppatchRequestsPersec|PutRequestsPersec|SearchRequestsPersec|ServiceUptime|Timestamp_Object|Timestamp_PerfTime|Timestamp_Sys100NS|TotalAllowedAsyncIORequests|TotalAnonymousUsers|TotalBlockedAsyncIORequests|Totalblockedbandwidthbytes|TotalBytesReceived|TotalBytesSent|TotalBytesTransferred|TotalCGIRequests|TotalConnectionAttemptsallinstances|TotalCopyRequests|TotalcountoffailedCALrequestsforauthenticatedusers|TotalcountoffailedCALrequestsforSSLconnections|TotalDeleteRequests|TotalFilesReceived|TotalFilesSent|TotalFilesTransferred|TotalGetRequests|TotalHeadRequests|TotalISAPIExtensionRequests|TotalLockedErrors|TotalLockRequests|TotalLogonAttempts|TotalMethodRequests|TotalMethodRequestsPersec|TotalMkcolRequests|TotalMoveRequests|TotalNonAnonymousUsers|TotalNotFoundErrors|TotalOptionsRequests|TotalOtherRequestMethods|TotalPostRequests|TotalPropfindRequests|TotalProppatchRequests|TotalPutRequests|TotalRejectedAsyncIORequests|TotalSearchRequests|TotalTraceRequests|TotalUnlockRequests|TraceRequestsPersec|UnlockRequestsPersec|WMIStatus
715|3221360|18808984|22030344||0|702|0|0|0|0|0|0|0|9|0|1|0||570|0|570|0|2246091|10000000|1601|1|0|0|0|4141|2|0|0|0|13|0|1|0|0|0|_Total|2180|19|4|0|1542|0|0|0|0|30141|0|67914498446|132999305886160000|0|715|0|0|3221360|18808984|22030344|0|702|0|0|0|0|0|570|570|1601|1|0|0|0|4141|3178|3178|0|0|2180|19|4|0|1542|0|0|0|0|0|0|0|0|0|OK
715|3221360|18808984|22030344||0|702|0|0|0|0|0|0|0|9|0|1|0||570|0|570|0|2246091|10000000|1601|1|0|0|0|4141|2|0|0|0|13|0|1|0|0|0|Default Web Site|2180|19|4|0|1542|0|0|0|0|30141|0|67914498446|132999305886160000|0|715|0|0|3221360|18808984|22030344|0|702|0|0|0|0|0|570|570|1601|1|0|0|0|4141|3178|3178|0|0|2180|19|4|0|1542|0|0|0|0|0|0|0|0|0|OK
<<<services>>>
AdobeARMservice running/auto Adobe Acrobat Update Service
AeLookupSvc stopped/demand Application Experience
ALG stopped/demand Application Layer Gateway Service
angara running/auto Kaspersky Sandbox Integration
AppHostSvc running/auto Application Host Helper Service
AppIDSvc stopped/demand Application Identity
Appinfo stopped/demand Application Information
AppMgmt stopped/demand Application Management
AppReadiness stopped/demand App Readiness
AppXSvc stopped/demand AppX Deployment Service (AppXSVC)
aspnet_state stopped/demand ASP.NET State Service
AudioEndpointBuilder stopped/demand Windows Audio Endpoint Builder
Audiosrv stopped/demand Windows Audio
BFE running/auto Base Filtering Engine
BITS running/demand Background Intelligent Transfer Service
BrokerInfrastructure running/auto Background Tasks Infrastructure Service
Browser stopped/disabled Computer Browser
CertPropSvc running/demand Certificate Propagation
CheckMkService running/auto Check MK Service
COMSysApp running/demand COM+ System Application
CryptSvc running/auto Cryptographic Services
Cwbrxd stopped/demand Cwbrxd
DcomLaunch running/auto DCOM Server Process Launcher
defragsvc stopped/demand Optimize drives
DeviceAssociationService stopped/demand Device Association Service
DeviceInstall stopped/demand Device Install Service
Dhcp running/auto DHCP Client
DiagTrack running/auto Diagnostics Tracking Service
Dnscache running/auto DNS Client
dot3svc stopped/demand Wired AutoConfig
DPS running/auto Diagnostic Policy Service
DsmSvc stopped/demand Device Setup Manager
Eaphost stopped/demand Extensible Authentication Protocol
EFS running/auto Encrypting File System (EFS)
EventLog running/auto Windows Event Log
EventSystem running/auto COM+ Event System
fdPHost stopped/demand Function Discovery Provider Host
FDResPub stopped/demand Function Discovery Resource Publication
FontCache running/auto Windows Font Cache Service
FontCache3.0.0.0 stopped/demand Windows Presentation Foundation Font Cache 3.0.0.0
GoogleChromeElevationService stopped/demand Google Chrome Elevation Service (GoogleChromeElevationService)
gpsvc running/auto Group Policy Client
gupdate stopped/auto Google Update-service (gupdate)
gupdatem stopped/demand Google Update-service (gupdatem)
hidserv stopped/demand Human Interface Device Service
hkmsvc stopped/demand Health Key and Certificate Management
IEEtwCollectorService stopped/demand Internet Explorer ETW Collector Service
IISADMIN running/auto IIS Admin Service
IKEEXT running/auto IKE and AuthIP IPsec Keying Modules
iphlpsvc running/auto IP Helper
KAVFS running/auto Kaspersky Security Service
KAVFSGT stopped/demand Kaspersky Security Management Service
kavfsslp running/auto Kaspersky Security Exploit Prevention Service
KeyIso stopped/demand CNG Key Isolation
klnagent running/auto Kaspersky Security Center Network Agent
KPSSVC stopped/demand KDC Proxy Server service (KPS)
ksnproxy stopped/demand Kaspersky Security Network proxy server
KtmRm stopped/demand KtmRm for Distributed Transaction Coordinator
LanmanServer running/auto Server
LanmanWorkstation running/auto Workstation
lltdsvc stopped/demand Link-Layer Topology Discovery Mapper
lmhosts running/auto TCP/IP NetBIOS Helper
LSM running/auto Local Session Manager
MMCSS stopped/demand Multimedia Class Scheduler
MpsSvc running/auto Windows Firewall
MSDTC running/auto Distributed Transaction Coordinator
MSiSCSI stopped/demand Microsoft iSCSI Initiator Service
msiserver stopped/demand Windows Installer
napagent stopped/demand Network Access Protection Agent
NcaSvc stopped/demand Network Connectivity Assistant
Netlogon stopped/demand Netlogon
Netman stopped/demand Network Connections
netprofm running/demand Network List Service
NetTcpActivator running/auto Net.Tcp Listener Adapter
NetTcpPortSharing running/auto Net.Tcp Port Sharing Service
NlaSvc running/auto Network Location Awareness
nsi running/auto Network Store Interface Service
OCS_Inventory_Service running/auto OCS Inventory Service
ose stopped/demand Office  Source Engine
PerfHost stopped/demand Performance Counter DLL Host
pla stopped/demand Performance Logs & Alerts
PlugPlay running/demand Plug and Play
PolicyAgent running/demand IPsec Policy Agent
Power running/auto Power
PrintNotify stopped/demand Printer Extensions and Notifications
ProfSvc running/auto User Profile Service
PSEXESVC stopped/demand PSEXESVC
QlikviewDirectoryServiceConnector running/auto QlikView Directory Service Connector
QlikViewDistributionService running/auto QlikView Distribution Service
QlikviewManagementService running/auto QlikView Management Service
QlikviewServer running/auto QlikView Server
QlikViewSettingsService running/auto QlikView Settings Service
RasAuto stopped/demand Remote Access Auto Connection Manager
RasMan stopped/demand Remote Access Connection Manager
RemoteAccess stopped/disabled Routing and Remote Access
RemoteRegistry stopped/auto Remote Registry
RpcEptMapper running/auto RPC Endpoint Mapper
RpcLocator stopped/demand Remote Procedure Call (RPC) Locator
RpcSs running/auto Remote Procedure Call (RPC)
RSoPProv stopped/demand Resultant Set of Policy Provider
sacsvr stopped/demand Special Administration Console Helper
SamSs running/auto Security Accounts Manager
SCardSvr stopped/disabled Smart Card
ScDeviceEnum running/demand Smart Card Device Enumeration Service
Schedule running/auto Task Scheduler
SCPolicySvc stopped/demand Smart Card Removal Policy
seclogon running/demand Secondary Logon
SENS running/auto System Event Notification Service
SessionEnv running/demand Remote Desktop Configuration
SharedAccess stopped/disabled Internet Connection Sharing (ICS)
ShellHWDetection running/auto Shell Hardware Detection
smphost stopped/demand Microsoft Storage Spaces SMP
SNMPTRAP stopped/demand SNMP Trap
soyuz running/auto Kaspersky Endpoint Agent
Spooler running/auto Print Spooler
sppsvc running/auto Software Protection
SSDPSRV stopped/disabled SSDP Discovery
SstpSvc stopped/demand Secure Socket Tunneling Protocol Service
svsvc stopped/demand Spot Verifier
swprv stopped/demand Microsoft Software Shadow Copy Provider
SysMain stopped/demand Superfetch
SystemEventsBroker running/auto System Events Broker
TapiSrv stopped/demand Telephony
TeamViewer running/auto TeamViewer 10
TermService running/demand Remote Desktop Services
Themes running/auto Themes
THREADORDER stopped/demand Thread Ordering Server
TieringEngineService stopped/demand Storage Tiers Management
TrkWks running/auto Distributed Link Tracking Client
TrustedInstaller stopped/demand Windows Modules Installer
UALSVC running/auto User Access Logging Service
UI0Detect stopped/demand Interactive Services Detection
UmRdpService running/demand Remote Desktop Services UserMode Port Redirector
upnphost stopped/disabled UPnP Device Host
VaultSvc stopped/demand Credential Manager
vds stopped/demand Virtual Disk
VGAuthService running/auto VMware Alias Manager and Ticket Service
VM3DService running/auto VMware SVGA Helper Service
vmicguestinterface stopped/demand Hyper-V Guest Service Interface
vmicheartbeat stopped/demand Hyper-V Heartbeat Service
vmickvpexchange stopped/demand Hyper-V Data Exchange Service
vmicrdv stopped/demand Hyper-V Remote Desktop Virtualization Service
vmicshutdown stopped/demand Hyper-V Guest Shutdown Service
vmictimesync stopped/demand Hyper-V Time Synchronization Service
vmicvss stopped/demand Hyper-V Volume Shadow Copy Requestor
VMTools running/auto VMware Tools
vmvss stopped/demand VMware Snapshot Provider
vostok running/auto KATA Integration
VSS stopped/demand Volume Shadow Copy
W32Time stopped/auto Windows Time
w3logsvc stopped/demand W3C Logging Service
W3SVC running/auto World Wide Web Publishing-service
WAS running/demand Windows Process Activation Service
Wcmsvc running/auto Windows Connection Manager
WcsPlugInService stopped/demand Windows Color System
WdiServiceHost stopped/demand Diagnostic Service Host
WdiSystemHost stopped/demand Diagnostic System Host
Wecsvc stopped/demand Windows Event Collector
WEPHOSTSVC stopped/demand Windows Encryption Provider Host Service
wercplsupport stopped/demand Problem Reports and Solutions Control Panel Support
WerSvc stopped/demand Windows Error Reporting Service
WinHttpAutoProxySvc stopped/demand WinHTTP Web Proxy Auto-Discovery Service
Winmgmt running/auto Windows Management Instrumentation
WinRM running/auto Windows Remote Management (WS-Management)
wmiApSrv running/demand WMI Performance Adapter
WMSVC stopped/demand Web Management Service
WPDBusEnum stopped/demand Portable Device Enumerator Service
WSService stopped/demand Windows Store Service (WSService)
wuauserv stopped/demand Windows Update
wudfsvc stopped/demand Windows Driver Foundation - User-mode Driver Framework
Zabbix_Agent stopped/disabled Zabbix Agent
<<<ps:sep(9)>>>
(SYSTEM,64,4,0,0,0,0,2943998437500,0,10,30234)	System Idle Process
(SYSTEM,3392,268,0,4,0,0,2306250000,1021,177,30234)	System
(SYSTEM,4400,1020,0,400,0,0,4531250,55,2,30234)	smss.exe
(SYSTEM,60852,5760,0,508,2,14218750,19218750,568,22,30232)	csrss.exe
(\\NT AUTHORITY\SYSTEM,2147524796,4100,0,592,0,0,937500,86,1,30232)	wininit.exe
(SYSTEM,40132,3524,0,600,1,0,312500,99,8,30232)	csrss.exe
(\\NT AUTHORITY\SYSTEM,2147535576,5976,0,628,1,312500,781250,126,2,30232)	winlogon.exe
(SYSTEM,2147521448,9292,0,684,5,1034062500,1802500000,338,5,30232)	services.exe
(\\NT AUTHORITY\SYSTEM,2147551788,21376,0,692,11,128281250,68437500,2538,9,30232)	lsass.exe
(\\NT AUTHORITY\SYSTEM,2147557136,12312,0,760,4,7031250,6562500,440,8,30231)	svchost.exe
(\\NT AUTHORITY\NETWORK SERVICE,2147550480,9072,0,792,4,11093750,4687500,471,9,30230)	svchost.exe
(\\NT AUTHORITY\SYSTEM,2147621212,25092,0,892,12,468750,1406250,303,7,30230)	LogonUI.exe
(\\Window Manager\DWM-1,2147573320,25104,0,900,14,156250,312500,183,6,30230)	dwm.exe
(\\NT AUTHORITY\LOCAL SERVICE,2147542748,15032,0,908,11,89687500,84375000,476,13,30230)	svchost.exe
(\\NT AUTHORITY\SYSTEM,2147627468,40528,0,936,25,227968750,105937500,1431,46,30230)	svchost.exe
(\\NT AUTHORITY\LOCAL SERVICE,2147570748,11616,0,988,5,10781250,14062500,645,13,30230)	svchost.exe
(\\NT AUTHORITY\SYSTEM,150708,18476,0,452,10,6406250,2031250,233,20,30230)	proton.exe
(\\NT AUTHORITY\SYSTEM,110632,29272,0,604,16,94843750,188281250,410,11,30230)	kavfs.exe
(\\NT AUTHORITY\SYSTEM,62652,10240,0,480,3,4218750,3125000,410,6,30229)	kavfswh.exe
(\\NT AUTHORITY\SYSTEM,365256,61856,0,788,40,156406250,18906250,889,18,30229)	soyuz.exe
(\\NT AUTHORITY\SYSTEM,136312,26060,0,1064,12,2766875000,332656250,536,16,30224)	kavfswp.exe
(\\NT AUTHORITY\SYSTEM,195716,27944,0,1100,17,843125000,80468750,294,11,30224)	kavfswp.exe
(\\NT AUTHORITY\SYSTEM,376028,51580,0,1144,87,1528906250,252031250,600,33,30223)	kavfswp.exe
(\\NT AUTHORITY\NETWORK SERVICE,2147555544,11896,0,1432,5,5312500,10156250,481,16,30146)	svchost.exe
(\\NT AUTHORITY\LOCAL SERVICE,2147533576,11260,0,1600,6,1875000,2187500,363,17,30146)	svchost.exe
(\\NT AUTHORITY\SYSTEM,2147561780,11292,0,1816,4,8281250,6406250,396,10,30146)	spoolsv.exe
(\\NT AUTHORITY\SYSTEM,76804,4304,0,1864,1,0,156250,82,3,30146)	armsvc.exe
(\\NT AUTHORITY\SYSTEM,2147526444,9212,0,1880,3,156250,0,126,8,30146)	svchost.exe
(\\NT AUTHORITY\SYSTEM,88696,14216,0,1896,7,474062500,331562500,347,21,30146)	check_mk_agent.exe
(\\NT AUTHORITY\NETWORK SERVICE,2149636096,10820,0,2004,3,7968750,2031250,282,5,30145)	svchost.exe
(\\NT AUTHORITY\SYSTEM,2147583992,9244,0,2020,3,1562500,1093750,200,9,30145)	svchost.exe
(\\NT AUTHORITY\SYSTEM,69100,21628,0,1296,14,156250,312500,156,4,30145)	inetinfo.exe
(\\NT AUTHORITY\LOCAL SERVICE,557348,20504,0,1768,23,6250000,5468750,214,7,30145)	SMSvcHost.exe
(\\NEPTUNUS\SRV_Qlikview,681660,87396,0,1952,78,20312500,3281250,685,8,30144)	QVDirectoryServiceConnector.exe
(\\NEPTUNUS\SRV_Qlikview,13831624,235100,0,2068,354,401875000,130937500,1159,87,30144)	QVDistributionService.exe
(\\NEPTUNUS\SRV_Qlikview,753716,73444,0,2164,58,37656250,7968750,778,27,30144)	QVManagementService.exe
(\\NEPTUNUS\SRV_Qlikview,58821948,27876664,0,2208,27457,19505000000,2309687500,787,61,30144)	QVS.exe
(\\NEPTUNUS\SRV_Qlikview,599860,42836,0,2416,41,1250000,1250000,650,7,30143)	QVWebServerSettingsService.exe
(\\NT AUTHORITY\SYSTEM,96656,14496,0,2508,5,1562500,937500,400,24,30142)	TeamViewer_Service.exe
(\\NT AUTHORITY\SYSTEM,2150197580,14352,0,2548,11,625000,937500,369,12,30142)	svchost.exe
(\\NT AUTHORITY\SYSTEM,71248,10520,0,2576,4,937500,1718750,121,3,30142)	VGAuthService.exe
(\\NT AUTHORITY\SYSTEM,2147532008,4356,0,2624,1,468750,468750,95,3,30142)	vm3dservice.exe
(\\NT AUTHORITY\SYSTEM,2147532984,4500,0,2648,1,0,156250,87,1,30142)	vm3dservice.exe
(\\NT AUTHORITY\SYSTEM,99420,18860,0,2656,8,63437500,10000000,349,8,30142)	vmtoolsd.exe
(\\NT AUTHORITY\SYSTEM,2147535232,10660,0,2684,5,7031250,6718750,192,21,30142)	svchost.exe
(\\NT AUTHORITY\SYSTEM,73556,9192,0,2788,2,10781250,7500000,181,4,30142)	OcsService.exe
(\\NT AUTHORITY\NETWORK SERVICE,2147589584,28564,0,3096,18,707968750,282812500,617,15,30141)	WmiPrvSE.exe
(\\NT AUTHORITY\SYSTEM,2147598000,34504,0,3124,26,120468750,437500000,520,18,30141)	WmiPrvSE.exe
(\\IIS APPPOOL\DefaultAppPool,13484500,46492,0,4072,186,7031250,2500000,1080,55,30116)	w3wp.exe
(\\NEPTUNUS\Administrator,2147512040,5208,0,1652,1,156250,625000,106,2,30108)	taskeng.exe
(\\NT AUTHORITY\NETWORK SERVICE,2147692588,74196,0,4848,65,15625000,8593750,742,55,30058)	svchost.exe
(\\NT AUTHORITY\NETWORK SERVICE,2147506044,4952,0,4916,1,0,0,115,4,30058)	svchost.exe
(\\NT AUTHORITY\SYSTEM,2147535340,11224,0,4956,3,312500,468750,205,11,30058)	dllhost.exe
(\\NT AUTHORITY\NETWORK SERVICE,2147527284,7564,0,5088,2,781250,625000,159,10,30058)	msdtc.exe
(\\NT AUTHORITY\SYSTEM,260976,32112,0,1192,22,265625000,128125000,826,37,29937)	klnagent.exe
(\\NT AUTHORITY\SYSTEM,2147545116,8020,0,4420,2,156250,156250,177,4,29931)	svchost.exe
(SYSTEM,66400,25040,0,1384,1,937500,6250000,251,10,8843)	csrss.exe
(\\NT AUTHORITY\SYSTEM,2147552264,7524,0,5668,1,156250,937500,170,2,8843)	winlogon.exe
(\\Window Manager\DWM-2,2147628896,55532,0,6040,13,156250,1250000,200,8,8841)	dwm.exe
(\\NEPTUNUS\Administrator,2148755204,9356,0,1984,3,0,468750,213,5,8838)	taskhostex.exe
(SYSTEM,2147542328,13000,0,4840,4,53281250,1718750,198,3,8838)	sppsvc.exe
(\\NEPTUNUS\Administrator,2147572428,9460,0,5664,2,625000,781250,260,8,8838)	rdpclip.exe
(\\NEPTUNUS\Administrator,2148040296,126136,0,1580,58,24375000,26250000,1411,47,8835)	explorer.exe
(\\NT AUTHORITY\NETWORK SERVICE,55332,6400,0,6280,1,156250,156250,124,1,8833)	SppExtComObj.Exe
(\\NEPTUNUS\Administrator,104352,10824,0,6544,3,31093750,17343750,161,4,8824)	vmtoolsd.exe
(\\NEPTUNUS\Administrator,105004,8268,0,6588,2,156250,0,108,3,8823)	OcsSystray.exe
(\\NEPTUNUS\Administrator,70912,7104,0,6688,1,312500,781250,131,1,8823)	kmlisten.exe
(\\NEPTUNUS\Administrator,78384,7044,0,6748,2,0,0,122,4,8822)	kavtray.exe
(\\NEPTUNUS\Administrator,72680,5348,0,6820,1,468750,937500,104,2,8822)	adb.exe
(\\NEPTUNUS\SRV_Qlikview,13523480,141888,0,6016,271,47968750,8281250,920,69,8118)	w3wp.exe
(\\NEPTUNUS\Administrator,74996,72,0,5552,0,0,0,2,1,8114)	RdrCEF.exe
(\\NEPTUNUS\Administrator,2147535860,6124,0,3224,1,0,156250,111,2,7368)	taskeng.exe
(\\NEPTUNUS\Administrator,157348,35876,0,5720,16,30156250,25156250,253,2,1652)	notepad++.exe
(\\NT AUTHORITY\LOCAL SERVICE,2147526820,10648,0,4016,5,625000,2031250,271,9,1602)	WmiPrvSE.exe
(\\NT AUTHORITY\SYSTEM,2147519692,6960,0,5324,1,312500,156250,140,4,313)	WmiApSrv.exe
(\\NT AUTHORITY\SYSTEM,5464,72,0,3472,0,0,0,0,1,0)	check_mk_agent.exe
<<<winperf_phydisk>>>
1655449788.71 234 2246091
3 instances: 0_C: 1_D: _Total
-36 0 0 0 rawcount
-34 3359210000 980941000 2170075500 type(20570500)
-34 132999233886951116 132999233886951116 132999233886951116 type(40030500)
1166 3359210000 980941000 4340151000 type(550500)
-32 1721376000 172722000 947049000 type(20570500)
-32 132999233886951116 132999233886951116 132999233886951116 type(40030500)
1168 1721376000 172722000 1894098000 type(550500)
-30 1637834000 808219000 1223026500 type(20570500)
-30 132999233886951116 132999233886951116 132999233886951116 type(40030500)
1170 1637834000 808219000 2446053000 type(550500)
-28 754509134 220328275 974837409 average_timer
-28 366362 56299 422661 average_base
-26 386636714 38794932 425431646 average_timer
-26 187445 22318 209763 average_base
-24 367872420 181533342 549405762 average_timer
-24 178917 33981 212898 average_base
-22 366362 56299 422661 counter
-20 187445 22318 209763 counter
-18 178917 33981 212898 counter
-16 8044449280 19590784512 27635233792 bulk_count
-14 2067690496 2126113280 4193803776 bulk_count
-12 5976758784 17464671232 23441430016 bulk_count
-10 8044449280 19590784512 27635233792 average_bulk
-10 366362 56299 422661 average_base
-8 2067690496 2126113280 4193803776 average_bulk
-8 187445 22318 209763 average_base
-6 5976758784 17464671232 23441430016 average_bulk
-6 178917 33981 212898 average_base
1248 144083356000 144341095000 144212225500 type(20570500)
1248 132999233886951116 132999233886951116 132999233886951116 type(40030500)
1250 174728 7613 182341 counter
<<<winperf_if>>>
1655449788.72 510 2246091
2 instances: vmxnet3_Ethernet_Adapter isatap.{D6B700FB-7317-4408-A300-01BE2CCCB427}
-122 22861442800 0 bulk_count
-110 19425734 0 bulk_count
-244 15388634 0 bulk_count
-58 4037100 0 bulk_count
10 10000000000 100000 large_rawcount
-246 22595041513 0 bulk_count
14 15343353 0 bulk_count
16 45281 0 bulk_count
18 0 0 large_rawcount
20 0 0 large_rawcount
22 0 0 large_rawcount
-4 266401287 0 bulk_count
26 4035359 0 bulk_count
28 1741 0 bulk_count
30 0 0 large_rawcount
32 0 0 large_rawcount
34 0 0 large_rawcount
1086 0 0 large_rawcount
1088 6 0 large_rawcount
1090 10069540 0 bulk_count
1092 0 0 bulk_count
1094 23275 23275 large_rawcount
<<<winperf_processor>>>
1655449788.72 238 2246091
11 instances: 0 1 2 3 4 5 6 7 8 9 _Total
-232 293387031250 290525468750 294575937500 295610000000 295710625000 290319218750 294524218750 295510781250 296098125000 297742968750 294400437500 100nsec_timer_inv
-96 7616718750 10685937500 6565625000 5536093750 5558593750 10981093750 6630312500 5495937500 5182343750 3248906250 6750156250 100nsec_timer
-94 1362968750 1151875000 1221718750 1217187500 1094062500 1062968750 1208437500 1356406250 1082656250 1371250000 1212953125 100nsec_timer
-90 10887998 5007971 5561987 5724259 4816797 5100072 5101200 10879905 4909283 5081136 63070608 counter
458 937500 937500 2968750 17500000 156250 937500 6250000 179687500 312500 625000 21031250 100nsec_timer
460 9687500 18281250 16562500 25937500 9531250 7968750 7968750 15781250 8125000 15000000 13484375 100nsec_timer
1096 125690 77579 145244 677420 32904 36110 130697 5829931 43779 155556 7254910 counter
1098 0 0 0 0 0 0 0 0 0 0 0 rawcount
1508 290568902772 288299311416 292524577730 293659892371 293775501682 288330904838 292635423087 293427228632 294174978621 295552490481 292294921163 100nsec_timer
1510 2062208102 3890309279 2455103680 1734256011 1836036763 3509554087 2538804888 1924209646 1654011079 1347805231 2295229876 100nsec_timer
1512 288506694670 284409002137 290069474050 291925636360 291939464919 284821350751 290096618199 291503018986 292520967542 294204685250 289999691286 100nsec_timer
1514 0 0 0 0 0 0 0 0 0 0 0 100nsec_timer
1516 797345 822990 766181 744252 722481 756019 730204 1480932 737215 682955 8240574 bulk_count
1518 9177948 2681250 3169335 3188455 2511515 2588692 2570642 5422893 2582492 2895209 36788431 bulk_count
1520 0 0 0 0 0 0 0 0 0 0 0 bulk_count
<<<>>>
<<<logwatch>>>
[[[C:\ProgramData\QlikTech\WebServer\Log\20220510.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220511.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220512.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220513.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220514.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220515.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220516.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220517.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220518.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220519.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220520.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220521.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220522.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220523.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220524.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220525.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220526.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220527.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220528.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220529.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220530.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220531.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220601.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220602.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220603.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220604.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220605.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220606.txt]]]
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:23:38.7848692     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at System.Threading.Thread.AbortInternal() ||    at System.Threading.Thread.Abort(Object stateInfo) ||    at System.Web.HttpResponse.AbortCurrentThread() ||    at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) ||    at QlikView.AccessPoint.HttpInterfaces.HttpResponseWrap.Redirect(String url) ||    at QlikView.AccessPoint.AccessPointHandler.RedirectAjaxClient(AccessPointContext context, FileScanResultRow row) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteDocument(AccessPointContext context, String id, String client_name) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 13:33:34.0027820     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: The communication with QlikView Server failed (TimedOut)! ||    at QlikTech.NetClient.QvClient.GetMessageDataFromSocket(Byte[] buffer, Double timeout) ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:23:38.7848692     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at System.Threading.Thread.AbortInternal() ||    at System.Threading.Thread.Abort(Object stateInfo) ||    at System.Web.HttpResponse.AbortCurrentThread() ||    at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) ||    at QlikView.AccessPoint.HttpInterfaces.HttpResponseWrap.Redirect(String url) ||    at QlikView.AccessPoint.AccessPointHandler.RedirectAjaxClient(AccessPointContext context, FileScanResultRow row) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteDocument(AccessPointContext context, String id, String client_name) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 13:33:34.0027820     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: The communication with QlikView Server failed (TimedOut)! ||    at QlikTech.NetClient.QvClient.GetMessageDataFromSocket(Byte[] buffer, Double timeout) ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:23:38.7848692     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at System.Threading.Thread.AbortInternal() ||    at System.Threading.Thread.Abort(Object stateInfo) ||    at System.Web.HttpResponse.AbortCurrentThread() ||    at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) ||    at QlikView.AccessPoint.HttpInterfaces.HttpResponseWrap.Redirect(String url) ||    at QlikView.AccessPoint.AccessPointHandler.RedirectAjaxClient(AccessPointContext context, FileScanResultRow row) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteDocument(AccessPointContext context, String id, String client_name) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 13:33:34.0027820     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: The communication with QlikView Server failed (TimedOut)! ||    at QlikTech.NetClient.QvClient.GetMessageDataFromSocket(Byte[] buffer, Double timeout) ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:23:38.7848692     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at System.Threading.Thread.AbortInternal() ||    at System.Threading.Thread.Abort(Object stateInfo) ||    at System.Web.HttpResponse.AbortCurrentThread() ||    at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) ||    at QlikView.AccessPoint.HttpInterfaces.HttpResponseWrap.Redirect(String url) ||    at QlikView.AccessPoint.AccessPointHandler.RedirectAjaxClient(AccessPointContext context, FileScanResultRow row) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteDocument(AccessPointContext context, String id, String client_name) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 13:33:34.0027820     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: The communication with QlikView Server failed (TimedOut)! ||    at QlikTech.NetClient.QvClient.GetMessageDataFromSocket(Byte[] buffer, Double timeout) ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 15:21:28.7702469     Information     Sending to 'neptunus:4747': <Global method="GetTicket"><UserId>NEPTUNUS\stmichales</UserId><GroupList><string>S-1-5-21-3331292954-4170439245-3503653312-513</string><string>S-1-1-0</string><string>S-1-5-32-545</string><string>S-1-5-2</string><string>S-1-5-11</string><string>S-1-5-15</string><string>S-1-5-113</string><string>S-1-5-64-10</string></GroupList><GroupListIsNames>false</GroupListIsNames></Global>
. 6/6/2022 15:21:28.8171225     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at QlikView.AccessPoint.FileScan.ScanQlikViewServerClusters(IEnumerable`1 servers, Action`2 logger, IUser user, Int32& liveQvsCount, Boolean respectBrowsable) ||    at QlikView.AccessPoint.AccessPointContext.UpdateRowList(Boolean forceUpdate) ||    at QlikView.AccessPoint.AccessPointContext.UpdateData(Boolean forceUpdate) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteXML(AccessPointContext context, String request) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 15:21:28.9577566     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: Invalid size: -830503103 ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 15:21:29.2233759     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 15:21:29.3952536     Information     Success Connect to: neptunus
. 6/6/2022 15:21:28.7702469     Information     Sending to 'neptunus:4747': <Global method="GetTicket"><UserId>NEPTUNUS\stmichales</UserId><GroupList><string>S-1-5-21-3331292954-4170439245-3503653312-513</string><string>S-1-1-0</string><string>S-1-5-32-545</string><string>S-1-5-2</string><string>S-1-5-11</string><string>S-1-5-15</string><string>S-1-5-113</string><string>S-1-5-64-10</string></GroupList><GroupListIsNames>false</GroupListIsNames></Global>
. 6/6/2022 15:21:28.8171225     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at QlikView.AccessPoint.FileScan.ScanQlikViewServerClusters(IEnumerable`1 servers, Action`2 logger, IUser user, Int32& liveQvsCount, Boolean respectBrowsable) ||    at QlikView.AccessPoint.AccessPointContext.UpdateRowList(Boolean forceUpdate) ||    at QlikView.AccessPoint.AccessPointContext.UpdateData(Boolean forceUpdate) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteXML(AccessPointContext context, String request) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 15:21:28.9577566     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: Invalid size: -830503103 ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 15:21:29.2233759     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 15:21:29.3952536     Information     Success Connect to: neptunus
. 6/6/2022 15:21:28.7702469     Information     Sending to 'neptunus:4747': <Global method="GetTicket"><UserId>NEPTUNUS\stmichales</UserId><GroupList><string>S-1-5-21-3331292954-4170439245-3503653312-513</string><string>S-1-1-0</string><string>S-1-5-32-545</string><string>S-1-5-2</string><string>S-1-5-11</string><string>S-1-5-15</string><string>S-1-5-113</string><string>S-1-5-64-10</string></GroupList><GroupListIsNames>false</GroupListIsNames></Global>
. 6/6/2022 15:21:28.8171225     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at QlikView.AccessPoint.FileScan.ScanQlikViewServerClusters(IEnumerable`1 servers, Action`2 logger, IUser user, Int32& liveQvsCount, Boolean respectBrowsable) ||    at QlikView.AccessPoint.AccessPointContext.UpdateRowList(Boolean forceUpdate) ||    at QlikView.AccessPoint.AccessPointContext.UpdateData(Boolean forceUpdate) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteXML(AccessPointContext context, String request) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 15:21:28.9577566     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: Invalid size: -830503103 ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 15:21:29.2233759     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 15:21:29.3952536     Information     Success Connect to: neptunus
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:23:38.7848692     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at System.Threading.Thread.AbortInternal() ||    at System.Threading.Thread.Abort(Object stateInfo) ||    at System.Web.HttpResponse.AbortCurrentThread() ||    at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) ||    at QlikView.AccessPoint.HttpInterfaces.HttpResponseWrap.Redirect(String url) ||    at QlikView.AccessPoint.AccessPointHandler.RedirectAjaxClient(AccessPointContext context, FileScanResultRow row) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteDocument(AccessPointContext context, String id, String client_name) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 13:33:34.0027820     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: The communication with QlikView Server failed (TimedOut)! ||    at QlikTech.NetClient.QvClient.GetMessageDataFromSocket(Byte[] buffer, Double timeout) ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:23:38.7848692     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at System.Threading.Thread.AbortInternal() ||    at System.Threading.Thread.Abort(Object stateInfo) ||    at System.Web.HttpResponse.AbortCurrentThread() ||    at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) ||    at QlikView.AccessPoint.HttpInterfaces.HttpResponseWrap.Redirect(String url) ||    at QlikView.AccessPoint.AccessPointHandler.RedirectAjaxClient(AccessPointContext context, FileScanResultRow row) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteDocument(AccessPointContext context, String id, String client_name) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 13:33:34.0027820     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: The communication with QlikView Server failed (TimedOut)! ||    at QlikTech.NetClient.QvClient.GetMessageDataFromSocket(Byte[] buffer, Double timeout) ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:23:38.7848692     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at System.Threading.Thread.AbortInternal() ||    at System.Threading.Thread.Abort(Object stateInfo) ||    at System.Web.HttpResponse.AbortCurrentThread() ||    at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) ||    at QlikView.AccessPoint.HttpInterfaces.HttpResponseWrap.Redirect(String url) ||    at QlikView.AccessPoint.AccessPointHandler.RedirectAjaxClient(AccessPointContext context, FileScanResultRow row) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteDocument(AccessPointContext context, String id, String client_name) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 13:33:34.0027820     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: The communication with QlikView Server failed (TimedOut)! ||    at QlikTech.NetClient.QvClient.GetMessageDataFromSocket(Byte[] buffer, Double timeout) ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus
. 6/6/2022 13:33:34.2215301     Information     Success Connect to: neptunus
. 6/6/2022 13:23:38.7848692     Error   System.Threading.ThreadAbortException: Thread was being aborted. ||    at System.Threading.Thread.AbortInternal() ||    at System.Threading.Thread.Abort(Object stateInfo) ||    at System.Web.HttpResponse.AbortCurrentThread() ||    at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) ||    at QlikView.AccessPoint.HttpInterfaces.HttpResponseWrap.Redirect(String url) ||    at QlikView.AccessPoint.AccessPointHandler.RedirectAjaxClient(AccessPointContext context, FileScanResultRow row) ||    at QlikView.AccessPoint.AccessPointHandler.ExecuteDocument(AccessPointContext context, String id, String client_name) ||    at QvIISWebServer.AccessPoint.Page_Load(Object sender, EventArgs e)
C 6/6/2022 13:33:34.0027820     Error   QVClient.Execute to 'neptunus:4747' failed: System.Exception: The communication with QlikView Server failed (TimedOut)! ||    at QlikTech.NetClient.QvClient.GetMessageDataFromSocket(Byte[] buffer, Double timeout) ||    at QlikTech.NetClient.QvClient.GetMessageSizeFromSocket(Double timeout) ||    at QlikTech.NetClient.QvClient.Execute(Byte[] request) ||    at QlikTech.NetClient.QvClient.Execute(String request) ||    at QVSWrapper.QlikViewServer.ExecuteXml(Action`2 i_Logger, String i_Command)
. 6/6/2022 13:33:34.1434104     Warning Connection lost. Reconnect to server: neptunus

[[[C:\ProgramData\QlikTech\WebServer\Log\20220607.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220608.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220609.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220610.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220611.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220612.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220613.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220614.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220615.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220616.txt]]]
[[[C:\ProgramData\QlikTech\WebServer\Log\20220617.txt]]]
<<<>>>
<<<systemtime>>>
1655449789

Ok

We are now at the stage that agent is seeing the log files and sending them with the standard output to the server but it seems the server isn’t doing anything with that output.

I can’t see it when I do a full service scan, is there an enforcement rule that I can apply to force CheckMK server to pick it up?

Here you can see the files actually being picked up:

@andreas-doehler : The log shows it can find the configured log files and sends them to the server

2022-06-20 13:35:36.605 [srv 8724] perf: In [517] milliseconds process ‘“C:\ProgramData\checkmk\agent\plugins\mk_logwatch.exe”’ pid:[8336] SUCCEDED - generated [2452] bytes of data in [1] blocks
2022-06-20 13:35:36.606 [srv 8724] [Trace] Provider ‘plugins’ is about to be started, id ‘46183938792773’ port [mail:\.\mailslot\Global\WinAgent_0]
2022-06-20 13:35:36.606 [srv 8724] [Trace] Sending data ‘plugins’ id is [46183938792773] length [2465]
2022-06-20 13:35:36.606 [srv 8724] perf: Section ‘plugins’ took [0] milliseconds
2022-06-20 13:35:36.636 [srv 8724] Received [2593] bytes from ‘plugins’
2022-06-20 13:35:36.637 [srv 8724] perf: Answer is ready in [578] milliseconds
2022-06-20 13:35:36.637 [srv 8724] Send [31728] bytes of data

OK, I’ve been banging my head against this problem and it seems a previous maintainer of the site outright disabled all the logwatch check on site level.
I’ve got no idea why, I deleted that rule and now everything comes in as it should!

Thanks for all the advice, it was greatly appreciated!

I was writing that i see all the checks with your demo output

so we have to use mk_logwatch.exe from 1.6? or mk_logwatch.py also can be used? I try but getting below log

Process 'C:\ProgramData\checkmk\agent\plugins\mk_logwatch.py' has no data

In check_mk config there is logwatch section, is there connection between this config section and logwatch plugin?

logwatch:
    enabled: yes
    
    sendall: no   # this value is MANDATORY, yes is useful only for debugging
    vista_api: no # this is RECOMMENDED
    max_size: 500000 #
    max_line_length: -1 # -1 to ignore, or any positive, max lingth of the line
    max_entries: -1     # -1 to ignore, or any positive, max count to receive
    timeout: -1         # -1 to ignore, or any positive, in seconds
    logfile: # entries in the windows eventlog
        - 'Parameters': ignore
        - 'State': ignore
        - '*': warn nocontext # This is default params for not missing entries

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.