Logwatch question about notifications

kosiarka44 · August 28, 2023, 2:59pm

Hello,

I have a question about logwatch. Is it possible to set up this service to check all “criticat” or “warning” log patterns even if the firs will not “acknowlage”? Below details how i want to work this:

set up logwatch pattern to send notification if in logfile.log will be word “critical” - it is working
if this happened check_mk send me notification about it - it is working
after some time the same message occure in this logfile.log with word “critical” - check_mk didn’t send me notification (I want to know about the next occurrence of this message)
as above
etc

How to configure it so that I receive as many notifications as there are such events - I don’t want to press “clear log” after each such occurrence

r.sander · August 28, 2023, 3:11pm

The plain logwatch check cannot remove the collected log messages itself.
You can use the Event Console,
Or you can setup an Alert Handler (CEE) or Event Handle (CRE) that removes the logwatch messages by removing the file in $OMD_ROOT/var/check_mk/logwatch.