Hello,
we use the logwatch service to identfy some critical messages in the syslog.
Our UNIX team uses a script that fix the problem. Now it would be nice to add some source code to the script to clear the log of the logwatch service from external without GUI actions or remove it directly on checkmk server.
Is there any option to do that?
best regards
Theres a folder for every host in ~/var/check_mk/logwatch/ in which you will find a file for every log that is watched.
Just delete the file for the log or the whole folder to aknowledge all logs.
You can do this directly from commandline, using a script or calling a function from the UI. What way you ever prefer.
We did not want SSH logins from x different servers on checkmk servers.
It would be nice if there is a solutuion via API or other solution without ssh sessions.
As far as i know, there is no possibility to force logwatch to delete the collected events from outside of Checkmk.
One thing coming in my mind will be to abuse the check-mk-agent to send a singnal to the Checkmk-server to delete the files. Perhaps you can write a check plugin, that on hosts side recognizes the problem is fixed (or better the unix-team has marked it as fixed) sending an OK to Checkmk where the other part of the plugin deletes the logwatch-files.
Sounds very dirty to me, may be misused (so it is a kind of security leak) but will work…
Recommend taking a look at the Event Console for log file monitoring. We have found it simplifies the alerting and management or log related alerts significantly when dealing with large numbers of log files.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.