In my experience both Windows agent as Checkmk with a rule need to be configured.
But some of the output is contradicting, so maybe I haven’t configured parts correctly.
(I think) I have the windows logs disabled by the use of disabled_sections: [logwatch] in "C:\ProgramData\checkmk\agent\check_mk.user.yml"
The output of .\check_mk_agent.exe showconfig is however confusing. It suggests that it is both enabled as disabled. I snipped out a lot of lines ... to only have the interesting bits shown.
sections:
...
- logwatch
...
disabled_sections: [logwatch]
...
logwatch:
enabled: yes
sendall: no
vista_api: no
skip_duplicated: no
max_size: 500000
max_line_length: -1
max_entries: -1
timeout: -1
logfile:
- Parameters: ignore
- State: ignore
- "*": warn nocontext
Based on the download agent output of a host in the webinterface, I assume the windows logs are not sent and bandwith saved / agent running time reduced.
But to avoid Check_MK to go in WARN state with message like [agent] Success, Missing monitoring data for plugins: logwatch WARN and lots of windows log services in PEND state, I created a disabled services rule on the WATO folder for my Windows Clients to disable all the windows log services. Have no desire to manually disabled them per host.
I am using Checkmk Raw Edition 2.1.0p5