The first stage is to copy the plugin script and built in config file onto your managed host. The easiest way to do this (Assuming a standard installation of Check_MK) is via the below scp commands:
scp /usr/share/check_mk/agents/plugins/mk_logwatch [email protected][your-server]:/usr/lib/check_mk_agent/plugins scp/usr/share/check_mk/agents/logwatch.cfg [email protected][your-server]:/etc/check_mk/
Once you have transferred the files, log onto your server and edit /etc/check_mk/logwatch.cfg to monitor the log files you wish to monitor, based on the examples provided (Eg the below):
# Name one or more logfiles /var/log/nginx.log # Patterns are indented with one space are prefixed with: # C: Critical messages # W: Warning messages # I: ignore these lines (OK) # R: Rewrite the output previous match. You can use \1, \2 etc. for refer to groups (.*) of this match C error*
Now, re-inventory your host looking for logwatch entries and reload check_mk
cmk -II --checks logwatch [your-server] cmk -O