Hello All,
I would like to know your suggestions on what Checkmk log files we can send to ELK stack? I can only think of cmc.log and the sms notification logs (based on the provider).
Also, if you have already setup the same, how did you do the filebeat configuration? Did you used Grok or Dissect ? Do you have any sample filters that you can share or point me to so that I can refer that as a starting point ?
I want to do the same in the near future, as I have some problems with multiline logs. You can find that in one of the threads that I opened here.
I already googled a bit and found cmkbeat which I will definitely try out. To my understanding, this will forward everything under recent events on the dashboard.
I believe you can configure checkmk to output to a file all messages and in a syslog format. Then you might be able to use something like: https://github.com/papertrail/remote_syslog2 to rifle the messages as they go to that file to a remote syslog server.
(I may be over thinking this)
No basically this is it. Take filebeatand configure it to use log as input module. The logs can be found in ~/var/log/ of the site user.
Thank you. I already did that and can see the cmc.log in Kibana now. What else Checkmk log files we can send ?
I see the below under $OMD_ROOT/var/log apart from the cmc.log:
notify.log
mknotifyd.log
rrdcached.log
web.log
diskspace.log
mkeventd.log
liveproxyd.log
apache/error_log
xinetd.log
Shall I configure everything or should use a few out of the above list ?
That’s totally up to you. 
I think you could send everything at first at then filter out things that do not particularily interests you in the filter module of logstash or in the filebeat.yml config file.
@marco can you Wirte down the steps it’ll be really very helpful for all/some of us… thanks in advance
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.