I want to monitor many log/txt files. I already got the configuration.
Checkmk shows me all log files and it alerts when its supposed to be.
My problem is I dont want to monitor every single log file on its own.
I would like to group them up and then get alerted if one of them has an error.
The Path is something like this: c:\Programs\Application\log\*\*
The first star / * is for folders that get created daily.
And the second one is for monitoring all logs in that folder.
I already created a Logfile Grouping rule with:
Name of group = Application Logs
Include parrtern= c:\Programs\Application\log\*\*
So the include pattern is the same as the Text logfiles rule.
Sadly its not one service as I want, instead it still creates one service for every log file.
CMK version = p2.0.0p28
OS version = Windows Server 2019
Error message = No Error Message it is just not grouping the Logs and creating for every Log a single check / service.
Not sure but I guess you still deal with logwatch.
You shoudl forward everything too event console with “Logwatch Event Console Forwarding” and then handle everything in EC.
The status you check finally with the rule “Check event state in Event Console”
I already tried that and it kinda worked for me.
I got a message on the Log Forward, but I didnt really understand how to tell the Log Forward service to go into an error / critical state when it gets a message from the logs.
Thats the reason I went back to the method I tried because if I just could group those logs to one service I would be done everything else is working
If its easier to configure it with Logwatch Event Console Forwarding I will try and have a look into it again. Maybe I just didnt find the right things to achieve what I needed.
Log forward is just forwarding to EC, nothing else. To get the error you need “Check event state in Event Console” after treatment in EC of the messages.
Logwatch is more or less deprecated. Its recommended to use EC instead.
Okay I might have a new Problem do I understand the EC right that its a new dashboard?
Because I configured it now and got my first 4 test errors that I produced myself and its working.
But this is not what I wanted we mostly use the Host & Service Problems Dashboard to see our problems.
The Log Forwarding service has to go into an error state when there is a error from a log and not monitor it in another dashboard.
Is that possible too? I hope you understand what I am trying to do, if not I could also try to explain in german if you speak that
Okay nevermind I found the service you can integrate in the host to monitor the event console in that dashboard! Thank you very much finally a solution after 6 hours
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
