Does windows logwatch support logs from custom views.
I created my own filter so that only certain types of errors would be sent to a separate log “MyOwnLog”.
I config check_mk.user.yml
logfile:
- '*': crit nocontext # This is default params for not missing entries
you’re not doing anything wrong - there is no filter mechanism (except for the message state) on the client side.
If you want to only react to some specific messages, use either the Event Console or “Logfile patterns” to ignore all messages and match only what you need:
I think you need to define the Log source fist in check_mk.user.yaml. The agent need the information about your new log source.
If you want a special source doing this:
# entries in the windows eventlog
logfile:
- 'Microsoft-Windows-Application Server-Applications/Admin': crit nocontext
If you use ‘*’ only “System”,“Security”, “Application” and the other Standards will used
I have a related question.
What format does checkmk receive the logs from Windows Events?
If I want to do a regex, am I doing this against the XML string ? Or what format should I expect that checkmk is comparing the data from the log events?
