hello,
i would like to monitor many files that are dynamic generated…
i could use Regex to say so, but logwatch ist creating for every file a new service.
a solution to monitor a specific or more folders with one service and show in the details of that service the files found with the specific pattern or string… like filestat does but in logwatch.
thank you in advance.
Just to be clear: Do you want to monitor the content of dynamically generated log files, or do you want to monitor a lot of dynamically generated files for size, age and so on?
what i want to do is:
monitor the content (Strings like : "error or “failed”) of dynamically generated files… a lot of files, maybe hunderts or more…in diffrent paths…
for example : /roo/DB2*.txt and /root/DB/*.log and so one… it should be only one check and should show in the datails the exact path of the file he found the string (“error”) in. same as the above shown picture (from filestat plugin output)
my Settings so far :
cfg file:
Logfile Grouping Rule
Service shown
this works somehow but i want to see the exact file wehre the erros are in the details
like this option when using filestat rules :
Hi.
You can try to forward the messages to evnet console. There you are able to handle the files seperatally.
Regards,
Christian
we would like to test all the buit-in possiblities that checkmk offers… before going that path of local checks scripting chaos… thats why we are testing the Enterprise checkmk version in first place… we want it clean and centralized in checkmk before copying bash and powershell scripts from a to b on more than 400 linux and windows systems…a local check is not a difficult task but this will be our last solution if there is no possiblity at all doing it centralized in checkmk.
i’v read the documentation for EC forwording and created this rule :
when i select “Warn if list of forwarded logfiles chages” the rule shows the old (missing) files and the new files.
an idea how can i ignore the “missing” files and only show the new ones with Critical and not Warning?
Hello,
The forwarding is only a part of the complete process we use.
You will see the name of the log file in the application
See also:
regards
Michael
hallo @mike1098
many thanks to you. I could made it… and received every log file as an event in EC.
But that was not really satisfying because for every file there is a check… or an event that is created…
and making an aktiv “check event stat” of this EC ingoing… is also not helpfull…
grouping the patterns was’nt also heplful for me
so i created a bash script and made it local check … to handle this :
Your screenshots are not very helpful. Better show the rules used.
I am not sure what you did but if you successful forward the logwatch messages to EC with the rule “Logwatch Event Console Forwarding” then you should see it in EC.
In the EC rules you can rewrite the application in section Rewrite:
With a unique Application then you can configure the rule “Check event state in Event Console”
So you have only one Service for different log sources. I guess that´s what you want to achieve.
Should be in the docs, If not report it in the correct category here.
BR
MF
a missunderstanding here…
1-
i did the same… here is the rule in Event Console for logwatch …with Rewrite Application
and here are the Events forwarded from logwatch to EC
2-
here is the Event check stat
and here is the Event Check in Monitoring
all this is not satisfying me - because i wanted in the details of the check all the log files found sorted by their fullname … i wanted all the hunderts logfiles unter /root/path/* in one check showed in the details…
and i could made this only with my own created bash script as a locat check.
am happy with it like this thank you:))
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
