title: Check logfiles for relevant new messages
agents: linux, windows, aix, solaris
catalog: os/files
license: GPL
distribution: check_mk
description:
 This check processes the output of agents with the logwatch plugin. The windows agent has built
 in this extension. The logwatch extension of the Linux/UNIX agents needs a configuration file
 that lists all relevant logfiles and lists possible log lines that should result in warning
 or critical state. The windows agents does not need any configuration but sends all log files
 in the Windows event log.  It uses the warning/error classification of Windows.

 Relevant log messages found by the agent are stored locally into a text file. The check is
 critical, if at least one new {or old} log message exists that is classified as critical. If
 at least one warning message exists but no critical, the check results in a warning state.

 The only way to bring the state back to OK is to delete the text file with the stored log
 messages.  This is stored below {~/var/check_mk/logwatch}.  Usually the logwatch webpage is
 used to browse and delete the messages. Please refer to the online documentation of check_mk
 for more details about logwatch.

item:
 The name of the logfile. For Linux/UNIX this is the complete absolute path name of the logfile.
 For Windows this is the name as shown in the windows event log, for example {Application}
 (case sensitive!).

inventory:
 All logfiles sent by the agent are automatically inventorized when the option {logwatch_forward_to_ec}
 is not configured or set to {False}. Please use standard inventory configuration methods if
 you want to ignore certain log files.


