Hello,
we use the logwatch service to identfy some critical messages in the syslog.
Our UNIX team uses a script that fix the problem. Now it would be nice to add some source code to the script to clear the log of the logwatch service from external without GUI actions or remove it directly on checkmk server.
As far as i know, there is no possibility to force logwatch to delete the collected events from outside of Checkmk.
One thing coming in my mind will be to abuse the check-mk-agent to send a singnal to the Checkmk-server to delete the files. Perhaps you can write a check plugin, that on hosts side recognizes the problem is fixed (or better the unix-team has marked it as fixed) sending an OK to Checkmk where the other part of the plugin deletes the logwatch-files.
Sounds very dirty to me, may be misused (so it is a kind of security leak) but will work…
Recommend taking a look at the Event Console for log file monitoring. We have found it simplifies the alerting and management or log related alerts significantly when dealing with large numbers of log files.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.