We’re using the logwatch plugin quite extensively on our Linux monitored systems. Works great. But I have a question. Once you detect an error in a log and handle it you clear the log on the CheckMK side to set the status back to OK.
However, after that, it’s impossible to view the log in CheckMK again. Is it possible to reset the status to green but keep the history for some time? So, if a similar problem arises, we can check back if this was indeed the same issue.
No, this feature (logwatch) was never meant as a log archive.
There are better suited tools for that (e.g. graylog).
Thanks. I was already afraid that this was the case. I’ll check this graylog you mentioned. Maybe it’ll serve my purpose.
In the event console you may set the ’ Event history lifetime’
In the view Event Console → Recent Event History you see all events, even the deleted ones.
Use the Filter option to go back in time or filter in various attributes.
Basically I agree to r.sander, there are better tools on the market for Log Management but for the purpose of single event alerting it works quite well in checkmk.