Logwatch show (many) dynamic generated files in only one services


i would like to monitor many files that are dynamic generated…
i could use Regex to say so, but logwatch ist creating for every file a new service.

a solution to monitor a specific or more folders with one service and show in the details of that service the files found with the specific pattern or string… like filestat does but in logwatch.

thank you in advance.

Just to be clear: Do you want to monitor the content of dynamically generated log files, or do you want to monitor a lot of dynamically generated files for size, age and so on?

what i want to do is:
monitor the content (Strings like : "error or “failed”) of dynamically generated files… a lot of files, maybe hunderts or more…in diffrent paths…
for example : /roo/DB2*.txt and /root/DB/*.log and so one… it should be only one check and should show in the datails the exact path of the file he found the string (“error”) in. same as the above shown picture (from filestat plugin output)

my Settings so far :
cfg file:

Logfile Grouping Rule

Service shown

this works somehow but i want to see the exact file wehre the erros are in the details
like this option when using filestat rules :


You can try to forward the messages to evnet console. There you are able to handle the files seperatally.


Just write a simple local check using something like grep -l error /root/DB/*.log

we would like to test all the buit-in possiblities that checkmk offers… before going that path of local checks scripting chaos… thats why we are testing the Enterprise checkmk version in first place… we want it clean and centralized in checkmk before copying bash and powershell scripts from a to b on more than 400 linux and windows systems…a local check is not a difficult task but this will be our last solution if there is no possiblity at all doing it centralized in checkmk.

i’v read the documentation for EC forwording and created this rule :

when i select “Warn if list of forwarded logfiles chages” the rule shows the old (missing) files and the new files.

When i disable it and create a new file with “error” in it than it shows nothing and the service status stays OK.

an idea how can i ignore the “missing” files and only show the new ones with Critical and not Warning?


The forwarding is only a part of the complete process we use.

  1. Forward all messages from all log files to Event Console (Logwatch Event Console Forwarding)
  2. Handle all messages with rules in Event Console
  3. Check for any CRITICAL or WARNING message with rule Check event state in Event Console

You will see the name of the log file in the application

See also: