[Solved] Setting Logwatch

  • [Solved] Setting Logwatch


    I would like to use logwatch on my already working check_mk (linux debian).
    From mathias-kettner.de/checkmk_logfiles.html "Installing the logwatch extension" i have to copy mk_logwatch into "
    /usr/lib/check_mk_agent/plugins/". (my install was default).

    I don't have that directory however mk_logwatch has been installed here "/usr/share/check_mk/agents/plugins/mk_logwatch".

    For my localhost the config file has been also installed by default here "/usr/share/check_mk/agents/logwatch.cfg".

    I have check "/root/.check_mk_setup.conf" to look what is the value for "LOGWATCH_DIR" there is no such definition but i understand that drawback is "In the check_mk configuration directory you specified during setup.sh." so i copied it here confdir='/etc/check_mk'

    I have set in logwatch.cfg the following to be sure i have some data to read:

    Source Code

    1. /var/log/syslog /var/log/kern.log C panic C Oops W dovecot

    What and where to go from here ?

    I have a web accessible page : mynagios/check_mk/logwatch.py that doesn't show anything but : All Problematic Logfiles, my user and the time.
    And "/var/lib/check_mk/logwatch" is empty.

    The post was edited 1 time, last by bsfez ().

  • To add some informations, i just add a Windows host.

    I get automatically logwatch on the windows logs file

    OK LOG Application OK - no old or new error messages 34 min 45 sec
    OK LOG Internet Explorer OK - no old or new error messages 34 min 45 sec
    OK LOG Security OK - no old or new error messages 34 min 45 sec
    WARN LOG System

    I'm missing a small thing somewhere... :)
  • Hi,

    you have to copy mk_logwatch to /usr/lib/check_mk_agent/plugins
    Do get info about used directories use command: cmk --paths
    The logwatch config file resides in /etc/check_mk and is named logwatch.cfg

  • Hi Wolfgang,

    Edison wrote:

    you have to copy mk_logwatch to /usr/lib/check_mk_agent/plugins

    As i explain i don't have this directory (read above), nevertheless i have set a symblink so this should be fixed.

    Edison wrote:

    Do get info about used directories use command: cmk --paths


    Source Code

    1. Files copied or created during installation
    2. Main components of check_mk : /usr/share/check_mk/modules/
    3. Checks : /usr/share/check_mk/checks/
    4. Agents for operating systems : /usr/share/check_mk/agents/
    5. Documentatoin files : /usr/share/doc/check_mk/
    6. Check_MK's web pages : /usr/share/check_mk/web/
    7. Check manpages (for check_mk -M) : /usr/share/doc/check_mk/checks/
    8. Binary plugins (architecture specific) : /usr/lib/check_mk/
    9. Templates for PNP4Nagios : /usr/share/check_mk/pnp-templates/
    10. RRA configuration for PNP4Nagios : /usr/share/check_mk/pnp-rraconf/
    11. Startscript for Nagios daemon : /etc/init.d/nagios3
    12. Path to Nagios executable : /usr/sbin/nagios3
    13. Configuration files edited by you
    14. Directory that contains main.mk : /etc/check_mk/
    15. Directory containing further *.mk files : /etc/check_mk/conf.d/
    16. Main configuration file of Nagios : /etc/nagios3/nagios.cfg
    17. Directory where Nagios reads all *.cfg files : /etc/nagios3/conf.d/
    18. Directory where Apache reads all config files : /etc/apache2/conf.d/
    19. Users/Passwords for HTTP basic authentication : /etc/nagios3/htpasswd.users
    20. Data created by Nagios/Check_MK at runtime
    21. Base working directory for variable data : /var/lib/check_mk/
    22. Checks found by inventory : /var/lib/check_mk/autochecks/
    23. Precompiled host checks : /var/lib/check_mk/precompiled/
    24. Stored snmpwalks (output of --snmpwalk) : /var/lib/check_mk/snmpwalks/
    25. Current state of performance counters : /var/lib/check_mk/counters/
    26. Cached output from agents : /var/lib/check_mk/cache/
    27. Unacknowledged logfiles of logwatch extension : /var/lib/check_mk/logwatch/
    28. File into which Nagios configuration is written: /etc/nagios3/conf.d/check_mk_objects.cfg
    29. Path to Nagios status.dat : /var/cache/nagios3/status.dat
    30. Sockets and pipes
    31. Nagios' command pipe : /var/lib/nagios3/rw/nagios.cmd
    32. Nagios' check results directory : /var/lib/nagios3/spool/checkresults
    33. Socket of Check_MK's livestatus module : /var/lib/nagios3/rw/live
    34. Locally installed addons
    Show All

    In "/var/lib/check_mk/logwatch/" I can see a folder named by the windows host i have. (logwatch work for this host only).

    Logwatching the Winserver worked without a glinch.
    At this host inventory were installed automatically (LOG Application, LOG Internet Explorer, LOG Security, LOG System) and an icon (red folder) that leads me to the logwatch page (even if empty).

    What or where am i supposed to see the logs of a remote/local linux host ?
    Should i set anything on the remote hosts ?


    The post was edited 1 time, last by bsfez ().

  • Digging futher i went to check the differences between the checks being performed for teh WINserv and my localhost.

    In "/var/lib/check_mk/autochecks/" i compare winservIP.mk and localhost.mk

    My winserv checks show

    Source Code

    1. ("winservIP", "logwatch", 'Application', ""),
    2. ("winservIP", "logwatch", 'Internet Explorer', ""),
    3. ("winservIP", "logwatch", 'Security', ""),
    4. ("winservIP", "logwatch", 'System', ""),

    Nothing about logwatch in my locahost.mk

    So i add it (elephant method i agree) as simple as i could and now in my localhost.mk i have :

    Source Code

    1. ("Localhost", "logwatch", 'Syslog', ""),

    results : i do have a new input : "LOG Syslog" in my services for Locahost.
    It says Pending (forever) and i have the red folder that link to the logwatch page.

    I have also a warning from check_mk
    WARN Check_MK [Reschedule an immediate check of this service] WARN - Missing agent sections: logwatch - execution time 0.1 sec

    If think i just need a little push to get this work ! :)


    PS : As i see another discussion about it, i may add that i never configured my different host using multisite.mk.
    They worked and appears naturally as Nagios was set right just by adding them in main.mk

    The post was edited 1 time, last by bsfez ().