Overview

  • OMD has a built-in mechanism for the monitoring of log files. It uses regular expressions, as you might imagine, and requires you to have done two things:
    1. Install the check_mk-agent-logwatch RPM package on all the hosts you care about
    2. Manually edit the /etc/check_mk/logwatch.cfg file on each host (or push it out from a central location, or manage it with Puppet, etc, etc)

Example /etc/check_mk/logwatch.cfg

  • Let's say, for example, we want to know when our Node Controller has a problem
    • So we want to "watch" /var/log/eucalyptus/nc.log
      • And we want to use a regex tho search for the presence of entries containing "EUCAFATAL" or "EUCAERROR"
        • Similarly, to catch Neuca errors, you could use regex "EUCA_N" while searching the nc.log file
      • Entries of this type should show up as CRITICAL errors in Nagios, so we want to designate them with a 'C'
# logwatch.cfg
# This file configures mk_logwatch. Define your logfiles
# and patterns to be looked for here.


# Watch the nc.log file
/var/log/eucalyptus/nc.log
 C EUCAFATAL
 C EUCAERROR


# Name one or more logfiles
/var/log/messages
# Patterns are indented with one space are prefixed with:
# C: Critical messages
# W: Warning messages 
# I: ignore these lines (OK)
# The first match decided. Lines that do not match any pattern
# are ignored
 C Fail event detected on md device
 I mdadm.*: Rebuild.*event detected
 W mdadm\[

/var/log/kern /var/log/kern.log
 C panic
 C Oops