Hi, I’m using the Checkmk Raw Edition 2.1.0p4, and have tired two ways to stop the monitoring of Windows Log files, but neither is working.
I have tired adding a Check_mk.ini file with these settings
[logwatch]
Switch all other logfiles off. Default is warn:
send messages of type warn or crit
logfile * = off
to the c:\Prgram Files (x386)\checkmk folder (and the \service folder) and then stopping and starting the Check_Mk service.
I have also set the check_mk.yml file log section to
_logfiles:
enabled: no
Yet despite these setting, I’m still seeing log file information in the dash board. What am I missing? as I really don’t wont the windows log file information.
oh and sorry if this has been covered before, I’ve searched, (which is where I got the above from) but not found anything more.
Wee update, I’ve also just read the the check_mk.user in the C:\ProgramData\checkmk\agent folder, can also be used to disable functions, so I have
logwatch:
enabled: no
and restarted the service, So I’ll be interested to see what it does.
To get the “enabled: false” you can use the config option “disabled_sections” with the section name “logwatch”. What also works is the entry - "*": off context.
One advice - don’t modify the check_mk.yml file inside the "C:\Program Files (x86)\checkmk\service", only make manual changes to the file “C:\ProgramData\checkmk\agent\check_mk.user.yml”.
After a change you can reload the agent config or restart the agent service.
The downside to this approach is that the logwatch information is still sent over the wire, which is effectively wasted bandwidth. The upside is that we do not have to manually configure the agent on each server to disable the logwatch checks.
The real downside is a potential longer agent runtime, as the collection of the Windows event logs can take a significant amount of time.
I would not recommend a configuration like the shown one.
Agent runtime has not been an issue for us so it was not something I considered when designing a solution to the noisy Windows logs checks. It is definitely something I will keep in mind for the future, though.
In my experience both Windows agent as Checkmk with a rule need to be configured. But some of the output is contradicting, so maybe I haven’t configured parts correctly.
(I think) I have the windows logs disabled by the use of disabled_sections: [logwatch] in "C:\ProgramData\checkmk\agent\check_mk.user.yml"
The output of .\check_mk_agent.exe showconfig is however confusing. It suggests that it is both enabled as disabled. I snipped out a lot of lines ... to only have the interesting bits shown.
Based on the download agent output of a host in the webinterface, I assume the windows logs are not sent and bandwith saved / agent running time reduced.
But to avoid Check_MK to go in WARN state with message like [agent] Success, Missing monitoring data for plugins: logwatch WARN and lots of windows log services in PEND state, I created a disabled services rule on the WATO folder for my Windows Clients to disable all the windows log services. Have no desire to manually disabled them per host.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.