[Solved] Setting Logwatch

Please read about the latest changes and upgrade.
Please note that your newly registered account needs to be manually activated by an admin. Just be patient, you cannot post to any forum before this happens. This is thanks to the unfortunate event of spammers recently. More details here.
  • Hi,

    I would like to use logwatch on my already working check_mk (linux debian).
    From http://mathias-kettner.de/checkmk_logfiles.html "Installing the logwatch extension" i have to copy mk_logwatch into "
    /usr/lib/check_mk_agent/plugins/". (my install was default).

    I don't have that directory however mk_logwatch has been installed here "/usr/share/check_mk/agents/plugins/mk_logwatch".

    For my localhost the config file has been also installed by default here "/usr/share/check_mk/agents/logwatch.cfg".

    I have check "/root/.check_mk_setup.conf" to look what is the value for "LOGWATCH_DIR" there is no such definition but i understand that drawback is "In the check_mk configuration directory you specified during setup.sh." so i copied it here confdir='/etc/check_mk'

    I have set in logwatch.cfg the following to be sure i have some data to read:

    1. /var/log/syslog /var/log/kern.log C panic C Oops W dovecot

    What and where to go from here ?

    I have a web accessible page : http://mynagios/check_mk/logwatch.py that doesn't show anything but : All Problematic Logfiles, my user and the time.
    And "/var/lib/check_mk/logwatch" is empty.

  • To add some informations, i just add a Windows host.

    I get automatically logwatch on the windows logs file


    OK LOG Application OK - no old or new error messages 34 min 45 sec
    OK LOG Internet Explorer OK - no old or new error messages 34 min 45 sec
    OK LOG Security OK - no old or new error messages 34 min 45 sec
    WARN LOG System

    I'm missing a small thing somewhere... :)

  • Hi,

    you have to copy mk_logwatch to /usr/lib/check_mk_agent/plugins
    Do get info about used directories use command: cmk --paths
    The logwatch config file resides in /etc/check_mk and is named logwatch.cfg


  • Hi Wolfgang,

    you have to copy mk_logwatch to /usr/lib/check_mk_agent/plugins

    As i explain i don't have this directory (read above), nevertheless i have set a symblink so this should be fixed.

    Do get info about used directories use command: cmk --paths


    In "/var/lib/check_mk/logwatch/" I can see a folder named by the windows host i have. (logwatch work for this host only).

    Logwatching the Winserver worked without a glinch.
    At this host inventory were installed automatically (LOG Application, LOG Internet Explorer, LOG Security, LOG System) and an icon (red folder) that leads me to the logwatch page (even if empty).

    What or where am i supposed to see the logs of a remote/local linux host ?
    Should i set anything on the remote hosts ?


  • Digging futher i went to check the differences between the checks being performed for teh WINserv and my localhost.

    In "/var/lib/check_mk/autochecks/" i compare winservIP.mk and localhost.mk
    My winserv checks show

    1. ("winservIP", "logwatch", 'Application', ""),
    2. ("winservIP", "logwatch", 'Internet Explorer', ""),
    3. ("winservIP", "logwatch", 'Security', ""),
    4. ("winservIP", "logwatch", 'System', ""),

    Nothing about logwatch in my locahost.mk

    So i add it (elephant method i agree) as simple as i could and now in my localhost.mk i have :

    1. ("Localhost", "logwatch", 'Syslog', ""),

    results : i do have a new input : "LOG Syslog" in my services for Locahost.
    It says Pending (forever) and i have the red folder that link to the logwatch page.

    I have also a warning from check_mk
    WARN Check_MK [Reschedule an immediate check of this service] WARN - Missing agent sections: logwatch - execution time 0.1 sec

    If think i just need a little push to get this work ! :)


    PS : As i see another discussion about it, i may add that i never configured my different host using multisite.mk.
    They worked and appears naturally as Nagios was set right just by adding them in main.mk

  • Ah !

    I update to 1.2.0p1 including check_mk agent and logwatch on each host.
    Tada it is working !