CMK version: 2.0.0p39 (CEE)
OS version: Ubuntu 20.04
Hello,
my logwatch check matches a logline/logstring which is not declared in the config file (/etc/check_mk/logwatch.cfg).
I previously used this matched string to test if logwatch works. But after removing the text-string from the config file it gets still used.
What I’ve done so far:
What do I need to do more to get rid of these false matches?
does it really detect new log messages wrongly or is it just an old message not archived on the monitoring server?
Ok, that was the right question 
It detects old messages.
But how do I actually archive these messages?
in the service list you can find the menu option “Open Log” in the burger menu (the icon with the 3 stripes). There you can see all log messages the monitoring server received and you can click on “clear log” to remove them.
This is the normal workflow for logwatch. The messages will stay till you clear the log on the monitoring server independent of the fact if the log entry can still be seen in the hosts log file.
It works! Thank you.