Setting up Logwatch monitoring from Check_MK

Posted on by Tim

The first stage is to copy the plugin script and built in config file onto your managed host. The easiest way to do this (Assuming a standard installation of Check_MK) is via the below scp commands:

scp /usr/share/check_mk/agents/plugins/mk_logwatch [email protected][your-server]:/usr/lib/check_mk_agent/plugins
scp/usr/share/check_mk/agents/logwatch.cfg [email protected][your-server]:/etc/check_mk/

Once you have transferred the files, log onto your server and edit /etc/check_mk/logwatch.cfg to monitor the log files you wish to monitor, based on the examples provided (Eg the below):

# Name one or more logfiles
/var/log/nginx.log
# Patterns are indented with one space are prefixed with:
# C: Critical messages
# W: Warning messages
# I: ignore these lines (OK)
# R: Rewrite the output previous match. You can use \1, \2 etc. for refer to groups (.*) of this match
 C error*

Now, re-inventory your host looking for logwatch entries and reload check_mk

cmk -II --checks logwatch [your-server]

cmk -O

Any comments or questions? Get in touch here or Email me at [email protected]