We have a Windows server where an application writes down status messages in a (log) file. We want to monitor these file entries by watching for a search pattern (regex). So far so good.
Our problem is that the application writes down new lines in the monitored file at the beginning of the file. New lines are not appended at the end of the file (as usual).
So, we are not able to monitor this file with the usual mk_logwatch plugin. I’ve tested it. As soon as a new line is added at the beginning of the file, the plugin detects an older line with the search pattern. That’s wrong
One workaround is to regularly run a custom script which reverses the lines in the logfile or puts the new line at the end of the log file.
Does anyone know a solution or any other plugin for our issue?
At the moment i have only one idea how to “solve” this problem.
For this special log file i would try the option “fromstart: true” and “maxlines: 1” or any other suitable value. This should force the plugin to only read the first line of the file every time.
I followed your advice and changed my logwatch.cfg in this way:
C:\Windows\Temp\cmktest.txt fromstart=true maxlines=1
W failure
The maxlines parameter causes a notification after the first run:
CRIT - 1 CRIT messages (Last worst: “Maximum number (1) of new log messages exceeded.”)
So I removed the parameter:
C:\Windows\Temp\cmktest.txt fromstart=true
W failure
After restarting the Checkmk agent, clearing the log in the Checkmk webinterface and adding a new success line to the file (at the beginning), the next execution of the plugin returns (again):
CRIT - 1 CRIT messages (Last worst: “211122 14:18:19 00:00:01 failure v1.8.1 IAB2114”)
The mentioned log line is an older one (within the file).
My test log file looks as follows:
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
