Hi,
I have successfully configured logwatch with the mk_logwatch plugin and the pattern in logwatch.cfg, when the agent runs locally it shows the lines containing the pattern, unfortunately the service discovery over WATO or cmk -d host doesn’t show the logwatch service in WATO. I am running a distributed monitoring with check-mk-raw-1.6.0p19. Any ideas how to make it work?
Thanks
Hi,
How are you connecting to the agent? I found that when connecting through ssh I was missing some services as the user I used didn’t have appropriate rights to monitor everything.
Also, if from your Check_MK host, you use netcat to connect to the client, do you see the output of logwatch then? E.g.:
nc -v <client> 6556
You should at least have a <<<logwatch>>> section with the name of your logfiles in it. (There may be no messages).
Louis.
Hi Louis,
with nc I get the agent output with the logwatch section, but it is empty, unless I add a random error line, then all error messages shows up, which is the normal behavior, but not in WATO in services of host view. Something like this:
The previous image can be found here
Best
Ah, like I said, it should be empty, unless there’s a new error message. Thus the same error message is not send to the server every time. (And thus it’s reported only once). The nc command triggers the same behaviour. If you run it twice, you should see that only the first time an error is reported.
But what I see from you screenshot, you do have the logwatch entry in WATO. It’s not reporting an error, since there are no new error messages. Or am I misunderstanding something?
Louis
unfortunately this is not my screen shot, this is what I was looking for, to have such a service check in WATO, the screen shot was taken from here.
So basically I am trying to get the service check into WATO.
I finally found the solution, my college disabled logwatch check in Host & Service Parameters -> Monitoring Configuration -> Disabled checks, I just deselected it and now all good.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.