Logwatch should alert and not aggregate warnings/errors

aral.kaymaz.fam · May 26, 2020, 6:45pm

To Check_MK Team,

I have a logstash host, and it received a bunch of logs from different types of systems. Some logs are application logs that need to be addresses, and some are from sign-ins to different systems.

I would like these sign-in logs to send an e-mail for each log line, and not generate an ‘alert’ in the dashboard. I have defined different patterns for Warning and Error in the logwatch config, but currently these Warnings and Errors aggregate and become an alarm in the Check_MK dashboard, and the e-mail is sent only once, until a person comes in and reads through all the log lines. Instead, I want it to send an e-mail for each line that matches the Warning/Error pattern.

How can I achieve this?

Thanks!

andreas-doehler · May 27, 2020, 8:05pm

If you want single alerts for every event you need to use the Event Console instead of logwatch.
Let logwatch forward the received events to the Event Console and make there some rules how the incoming events should be processed. Inside the rules you have the option to trigger a notification for every event.

aral.kaymaz.fam · May 27, 2020, 11:53pm

Thanks for answering, Andreas.

How do I forward events from Logwatch directly to Event Console?

andreas-doehler · May 28, 2020, 4:52am

The rule name is “Logwatch Event Console Forwarding” there you can define different parameters.

system · June 27, 2020, 2:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.