Monitoring logfiles on Windows with Check MK

Introduction

While Check_MK does an excellent job of monitoring the Windows logs in the Windows log facility, it gets a bit trickier to monitor plain text files of applications that do not log to the Windows log.

Solution

In the 1.6 release of Check_MK a plugin to do this task was provided. However in 2.0 and higher this executable was removed. So here we're going to use the executable from Check_MK 1.6p25. After that the configuration is quite straight forward.

First, download the the mk_logwatch plugin from here: mk_logwatch.zip. Unzip it and place mk_logwatch.exe in the plugins directory of the Windows server (typically C:\ProgramData\checkmk\agent\plugins)

Now that the plugin is in place we need to create a configuration file for it. Create the file logwatch.cfg in C:\ProgramData\checkmk\agent\config. Just as on Linux you tell the system what logfiles to monitor and what regular expressions should trigger the monitoring system. Below is an exmaple:

D:\MyApplication\log\MyApp.log
 I OK
 W Warning
 C Error

This tells Check_MK to monitor D:\MyApplication\log\MyApp.log and generate Informational, Warning or Critical messages based on the regular expression that follows.

Note that spaces in path names are unfortunately not handled very well. In case you have logfiles in paths that have spaces in them it's best to fall back to the ′old′ 8 character path names; so for instance c:\progra~1 instead of c:\Program Files