142 lines
6.7 KiB
INI
142 lines
6.7 KiB
INI
# ================================================================================================================================
|
|
# mk_logwatch.cfg
|
|
# This file configures mk_logwatch.
|
|
# ================================================================================================================================
|
|
# Documentaion/Examples:
|
|
# https://github.com/tribe29/checkmk/blob/master/agents/cfg_examples/logwatch.cfg
|
|
# https://linuxthrill.blogspot.com/2016/04/how-checkmk-monitors-logfiles.html
|
|
#
|
|
# Parameter examples:
|
|
# ---------------------------
|
|
# I = Informational
|
|
# W = Warning
|
|
# C = Critical
|
|
#
|
|
# nocontext=1/0/True/False/Yes/No
|
|
# maxlines=1000
|
|
# maxtime=3
|
|
# overflow=W/C/I
|
|
# maxlinesize=2000
|
|
# maxfilesize=400
|
|
# maxoutputsize=500000
|
|
# maxcontextlines=3,4
|
|
# encoding=utf-16/utf-16be/utf-8
|
|
# fromstart=True/False
|
|
#
|
|
# mk_logwatch.pylint
|
|
# -----------------------------
|
|
#class Options(object): # pylint: disable=useless-object-inheritance
|
|
# """Options w.r.t. logfile patterns (not w.r.t. cluster mapping)."""
|
|
# MAP_OVERFLOW = {'C': 2, 'W': 1, 'I': 0, 'O': 0}
|
|
# MAP_BOOL = {'true': True, 'false': False, '1': True, '0': False, 'yes': True, 'no': False}
|
|
# DEFAULTS = {
|
|
# 'encoding': None,
|
|
# 'maxfilesize': None,
|
|
# 'maxlines': None,
|
|
# 'maxtime': None,
|
|
# 'maxlinesize': None,
|
|
# 'regex': None,
|
|
# 'overflow': 'C',
|
|
# 'nocontext': None,
|
|
# 'maxcontextlines': None,
|
|
# 'maxoutputsize': 500000, # same as logwatch_max_filesize in check plugin
|
|
# 'fromstart': False,
|
|
# }
|
|
#
|
|
# The options have the following meanings:
|
|
#================================================
|
|
#maxlines (2) the maximum number of new log messages that will by parsed in one turn in this logfile
|
|
#
|
|
#maxtime (2) the maximum time in seconds that will be spent parsing the new lines in this logfile
|
|
#
|
|
#overflow (1) When either the number of lines or the time is exceeded, an artificial logfile message
|
|
# will be appended, so that you will be warned. The class of that message is per default C,
|
|
# but you can also set it to W or I. Setting overflow=I will silently ignore any succeeding
|
|
# messages. If you leave out this option, then a C is assumed.
|
|
#
|
|
#nocontext This option can be used to disable processing of context log messages, which occur together
|
|
# with a pattern matched line. To disable processing, add nocontext=1 as option.
|
|
#
|
|
#
|
|
#maxcontextlines https://lists.mathias-kettner.de/pipermail/checkmk-commits/2019-November/030352.html
|
|
# If the plugin mk_logwatch is configured to send context along with found messages,
|
|
# the amount of data can become quite large. This werk adds the option of limiting
|
|
# the context given for every warning or critical message to a given number of lines
|
|
# befor and after the message. For instance, to limit the context to 3 lines before
|
|
# and four lines after the message, set the option "maxcontextlines=3,4".
|
|
#
|
|
#
|
|
#maxlinesize The maximum number of characters that are processed of each line of the file. If a line is
|
|
# longer than this, the rest of the line is being truncated and the word [TRUNCATED]is being
|
|
# appended to the line. You can filter for that word in the expressions if you like.
|
|
#
|
|
#maxfilesize The maximum number of bytes the logfile is expected to be in size. If the size is exceeded,
|
|
# then once there is created an artificial logfile message with the classification W. The text
|
|
# of this warning will be: Maximum allowed logfile size (12345 bytes) exceeded. You cannot do
|
|
# any classification of this line right in the configuration of the plugin. If you need a
|
|
# reclassification then please do this on the Check_MK server.
|
|
#
|
|
#maxoutputsize the value of 500000 has been the same in both cases, the maxoutputsize is limits the bytes that are sent by a single execution of the plugin
|
|
#
|
|
#fromstart https://lists.mathias-kettner.de/pipermail/checkmk-commits/2019-July/027904.html
|
|
# process new files from the beginning
|
|
# If a new logfile is found we usually skip to its end to avoid processing ancient log messages.
|
|
# You can now configure mk_logwatch to start processing the file from the beginning and see all
|
|
# messages that may already be present.
|
|
#
|
|
# To enable this behaviour, either set the corresponding flag in the agent bakery rule, or add
|
|
# 'fromstart=True' to your configuration file.
|
|
#
|
|
#
|
|
#Note (1): when the number of new messages or the processing time is exceeded, the non-processed new log
|
|
# messages will be skipped and not parsed even in the next run. That way the agent always keeps
|
|
# in sync with the current end of the logfile. From that follows that you might have to manually
|
|
# check the contents of the logfile if an overflow happened. We propose letting the overflow level set to C.
|
|
#Note (2): It is not neccessary to specify both maxlines and maxtime. It also allowed to specify only one
|
|
# limit. The default is not to impose any limit at all.
|
|
#-----------------------------------------------------------------------------------------------------------------------
|
|
#/var/log/foobar.log maxlines=10000 maxtime=3 overflow=W nocontext=True
|
|
# C critical.*error
|
|
# W warning.*something
|
|
# I ignore.*some.*thing
|
|
# O ok.*rest
|
|
# ================================================================================================================================
|
|
|
|
# Copyright (C) 2019 tribe29 GmbH - License: GNU General Public License v2
|
|
# This file is part of Checkmk (https://checkmk.com). It is subject to the terms and
|
|
# conditions defined in the file COPYING, which is part of this source code package.
|
|
|
|
# logwatch.cfg
|
|
# This file configures mk_logwatch. Define your logfiles
|
|
# and patterns to be looked for here.
|
|
|
|
# Name one or more logfiles, and the options to be applied (if any)
|
|
# Patterns are indented with one space are prefixed with:
|
|
# C: Critical messages
|
|
# W: Warning messages
|
|
# I: ignore these lines (OK)
|
|
# R: Rewrite the output previous match. You can use \1, \2 etc. for
|
|
# refer to groups (.*) of this match
|
|
# The first match decides. Lines that do not match any pattern
|
|
# are ignored
|
|
|
|
|
|
"/var/log/messages" maxlinesize=1024 encoding=utf-8
|
|
C Fail event detected on md device
|
|
I mdadm.*: Rebuild.*event detected
|
|
W mdadm\[
|
|
W ata.*hard resetting link
|
|
W ata.*soft reset failed (.*FIS failed)
|
|
W device-mapper: thin:.*reached low water mark
|
|
C device-mapper: thin:.*no free space
|
|
C Error: (.*)
|
|
|
|
|
|
"/var/log/mysql/error.log"
|
|
W Warning
|
|
C ERROR
|
|
C mysqld_safe mysqld from pid file /var/run/mysql/mysqld.pid ended
|
|
|
|
#"/var/log/mysql/slow.log"
|
|
# W .*
|