I’m new to Checkmk and loving it so far. I’m currently running 2.2 Raw edition on Docker.
I had a quick question regarding the Event Viewer monitoring on Windows. I had assumed if an error occurred and I went and acknowledged it, and if the event reoccurred, it would show the alert again, but I think I am incorrect?
As a test I acknowledged a DNS issue on one of the Windows hosts I am monitoring. I then went and forced the DNS issue to reoccur, but it did not appear in Checkmk again until I went cleared the previous acknowledgement.
Is this correct behaviour? Would this mean if I acknowledge the “System Log”, I wouldn’t receive any “System Log” alerts in Checkmk in future?
This part of the monitoring is a two step process.
The agent collects log lines from the host and sends them to monitoring server. There they are stored in a file per log source.
The service check reads that file and whenever there are warnings or errors it returns this state
To bring the service check back to a green OK you have to remove the copied log lines. This can be done via the menu entry “Open Log” in the action menu of the service. This is the “three lines” or burger menu right next to the service icons.
Only after the log has been cleared the service check returns to OK and can then become red or yellow again and send out a new notification.