Computer and IT knowledge - things to know
checkmk - how to handle Windows event logs / logwatch messages
sometimes you want to ignore or change the status some windows event logs if you are monitoring the using the checkmk windows agent.
1) create a test event in system logs
eventcreate /ID 999 /L System /SO TestSourceSystem /T ERROR /D "this is a test critical test message"
2) in checkmk you will get a Critical message for service Log System, now let us create a rule, so that the event
should be shown as "warning" instead of "critical"
3.) create a rule > add a Logfile pattern rule
- Setup > Services > Service monitoring rules > Logfile patterns
- Create rule in folder "Main directory" / or another directory that you want to choose
- Description: this is a test critical test message
- Logfile pattern > Add pattern:
choose State "Warning" + Pattern "this is a test critical test message"
- Logfile to match: System
4.) test the rule - using "Try Pattern Match"
- at the service of the host click on: Log System > Open Log
- select the message "TestSourceSystem this is a test critical test message", by clicking on the symbol in the left
- now the dialog "Setup > Services > Service monitoring rules > Logfile patterns >
Logfile patterns of logfile System on host xyz" opens:
- press the "Try out" button, and see if the defined rule from step "3" matches
5.) final test
-> create the event again --> step 1
computer2know :: thank you for your visit :: have a nice day :: © 2024