I’m trying to configure logwatch to read a text file on Windows (C:\temp\text.log). I have configured what seems correct in “C:\ProgramData\checkmk\agent\check_mk.user.yml”:
logwatch:
enabled: yes
sendall: no # this is MANDATORY
vista_api: no # this is RECOMMENDED
max_size: 500000 # default value
# entries in the windows eventlog
logfile:
- 'C:\temp\test.log': all context
This doesn’t create any new services in CMK when I do a full scan, nor does it appear in the check output.
I tried checking the documentation, but there doesn’t seem to be anything current and relevant to monitoring files.
Only the path for “mk_logwatch” should be “C:\ProgramData\checkmk\agent\plugins”
For the path inside the cfg file you could only try. I don’t know if the “\” must be escaped or not
In logwatch.cfg, add a one line with a file path (non-escaped backslashes) with no leading characters, then, create individual rules after it with a leading space (such as in this example):
C:\temp\test.log
I Ignore this:
W Warning message:
C Critical systems message:
Note there must be a leading space before the options (I, W, C), meaning that " W Warning message:" is acceptable but “W Warning message:” is not.
For the CMK team: Could you update the Windows logwatch monitoring documentation to reflect the current way of doing this? While it seems obvious, it isn’t immediately clear how to implement this.
I find no “mk_logwatch.exe” under Monitoring Agents menu in CMK. There’s only 2 options to download the checkmk_agent, nothing else to download. The only 2 options are the base agent, and the agent I’ve set IP addresses on.
How do I enable or get the windows agent like you mention above?