Hey all,
I’m trying to get the logwatch working on my checkmk instance, running raw version v2.1.0.
I have a checkmk agent running on VCSA (VMWare applicane) and I want to getting alerts for a certain log file. The log file is generated daily(crontab) and output to a file.
I was trying to set up the plugin and created logwatch.cfg file under ‘/etc/check_mk’ and configured it. I’ve also downloaded and copied the mk_logwatch.py plugin to ‘/usr/lib/check_mk_agent/plugins’.
Now my question is how I can actually see the check on the dashboard. I went to the specific host and did a rescan but no luck. Do I need to restart the checkmk agent on the host?
One more thing, is it possible to re-run the bash script that’s outputting the log when doing a reschedule check to the service?
in most cases VMWare Appliances are checked by check_mk using a special agent, Rule “VMWare ESX via vSphere”. If you configured this special agent, the normal check_mk agent with logwatch is not used.
If you don’t use the special agent, please check, if you have state files like logwatch.state. in /var/lib/check_mk_agent
Hey @miwu
I’m checking this VCSA once as an appliance (special agent) and once as a Linux machine (checkmk agent) as some things I need to monitor on the OS level, shows up as two separate hosts under hosts.
I dont see that file under /var/lib/check_mk_agent.
One more thing I noticed is that the checkmk agent on the machine shows that there are no plugins and local checks set up. What am I missing?
I also tried using a basic .cfg file just to make sure mine wasn’t the issue.
it seems, logwatch is not executed while the agent is running. Please check, that mk_logwatch.py in /usr/lib/check_mk_agent/plugins is owned by root and has chmod 755 set.
After this, please run check_mk_agent > /tmp/out
an take a look in the output file. Search for al section named <<<logwatch>>>
If this section is missing the plugin is not working. If the section is there but empty then there is a problem with your /etc/check_mk/logwatch.cfg.
Hey @miwu
Thanks for your help, chmod was indeed the issue for the plugin not showing anywhere.
As I changed it to the correct permissions it was able to detect it.
Also seeing the configuration in the file under <<>>
I have one small issue now.
Whenever the log file shows an error, the error isn’t being cleared after the error is no longer present.
I need to manually go to and clear the log from the WATO like shown in the picture below
as logfiles do not have a state that can be monitored, check_mk shows the most worse state in the logfile since the last “clear”. To clear the state of the logwatch-service for a logfile you have to clear the logfile as shown in your screenshot. After this the Check becomes OK again until check_mk finds the next error in the logfile. Thats the way check_mk monitors logfiles. After clearing the logfile, the contents of the logfile is no more available in check_mk. If you want to do this you need a solution like greylog or simliar.
Hey @miwu
Hmm I understand I’m thinking whether this log that I’m clearing from the GUI is also present on a file on the machine itself. As I don’t want to clear the log manually every time from the GUI.
Do you know if it’s being saved somewhere?
Can you please explain more or direct me to what is greylog?
You can clear all logs in the GUI in one step. While watching one logfile in check_mk you can choose the option Logs - All Logfiles and then click on “Clear Logs”. Deleting them under ~var/check_mk/logwatch may result to delete logfile informations without viewing them before, but is is a good solution for clearing all stored logfiles and getting the checks green
Greylog is a centralized solution for collecting, storing and analyzing logfiles. While check_m is not storing logfiles graylog can store them and is a powerful tool for working with logfiles in larger enviroments.
I noticed the logfile is on the actual checkmk machine and not the host itself. Am I able to run a script from the WATO on demand?
I’m still having some issues with the logwatch itself. I can see the <<>> and the log that’s configured by the .cfg file but it shows errors in the files very inconsistent.
Sometimes the plugin is showing up the result and sometimes it doesnt show results but reports that the file is not missing.
**I am clearing/removing the file and recreating it could that be the issue?
Am I able to config it so it will only take the last 3 lines?
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
