Logwatch: Possible to clear logfiles with external script? Any other way?

we use the logwatch service to identfy some critical messages in the syslog.

Our UNIX team uses a script that fix the problem. Now it would be nice to add some source code to the script to clear the log of the logwatch service from external without GUI actions or remove it directly on checkmk server.

Is there any option to do that?

best regards

Theres a folder for every host in ~/var/check_mk/logwatch/ in which you will find a file for every log that is watched.

Just delete the file for the log or the whole folder to aknowledge all logs.

You can do this directly from commandline, using a script or calling a function from the UI. What way you ever prefer.

We did not want SSH logins from x different servers on checkmk servers.

It would be nice if there is a solutuion via API or other solution without ssh sessions.

As far as i know, there is no possibility to force logwatch to delete the collected events from outside of Checkmk.

One thing coming in my mind will be to abuse the check-mk-agent to send a singnal to the Checkmk-server to delete the files. Perhaps you can write a check plugin, that on hosts side recognizes the problem is fixed (or better the unix-team has marked it as fixed) sending an OK to Checkmk where the other part of the plugin deletes the logwatch-files.

Sounds very dirty to me, may be misused (so it is a kind of security leak) but will work…