How to monitor custom Logfiles


I have several Servers with Log directories. Our Software does write into .log files, usually it looks like this
"Log Entry : hh:mm:ss: weekday, day. month year
:Error reading blabla <= this can differ, there are different error codes

next entry with same pattern "

If the logfile does not exist, it will be created on the first error.

I want to check these Logfiles for new entries. Everytime a new entry is in the logfiles I would like to be alarmed by check_mk. Actually it would be enaugh to check if one of the files was changed recently. The data inside the log is not interesting. On alarm somebody has to connect to the servers anyway.

How to deal with the situation, that not all logfiles are created yet?
What would be the most simple way to solve this?

(Philipp Näther) #2

Depending on how your application creates logfiles, you can either use logwatch/mk_logwatch or fileinfo/mk_fileinfo.
If you only have one single logfile that gets created by your application per host, you should go for logwatch. If you have multiple files, e.g. a new file every day, you should go for fileinfo and file groups.



What is the age in fileinfo refering to. The date a file was created or last changed?

(Philipp Näther) #4

Age is calculated based on modification time.