-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlogwatch.cfg
72 lines (65 loc) · 2.7 KB
/
logwatch.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Copyright (C) 2019 Checkmk GmbH - License: GNU General Public License v2
# This file is part of Checkmk (https://checkmk.com). It is subject to the terms and
# conditions defined in the file COPYING, which is part of this source code package.
# logwatch.cfg
# This file configures mk_logwatch. Define your logfiles
# and patterns to be looked for here.
# Name one or more logfiles, and the options to be applied (if any)
"/var/log/messages" maxlinesize=1024 encoding=utf-8
# Patterns are indented with one space are prefixed with:
# C: Critical messages
# W: Warning messages
# I: ignore these lines (OK)
# R: Rewrite the output previous match. You can use \1, \2 etc. for
# refer to groups (.*) of this match
# The first match decides. Lines that do not match any pattern
# are ignored
C Fail event detected on md device
I mdadm.*: Rebuild.*event detected
W mdadm\[
W ata.*hard resetting link
W ata.*soft reset failed (.*FIS failed)
W device-mapper: thin:.*reached low water mark
C device-mapper: thin:.*no free space
C Error: (.*)
"/var/log/auth.log"
W sshd.*Corrupted MAC on input
"/var/log/syslog" "/var/log/kern.log"
I registered panic notifier
C panic
C Oops
W generic protection rip
W .*Unrecovered read error - auto reallocate failed
# Globbing patterns are allowed:
# "/sapdata/*/saptrans.log"
# C ORA-
# Quoting the filename is optional if it does not include spaces.
# /var/log/syslog
# Configuration of remote ips to a cluster name (refer to werk #7032 for more info):
# - cluster name: A line containing "CLUSTER" defines the scope of a cluster mapping.
# For the logwatch configuration of a host several cluster configurations are allowed.
# The name of a cluster must follow in the same line as "CLUSTER" and must be separated
# with a single whitespace. The name must only consist of letters, digits, dash and
# underscore and it must start with a letter or underscore. All cluster mapping
# definitions in the logwatch configuration must have unique cluster names.
# - ip addresses or subnets (CIDR notation): Lines defining an ip address or subnet in
# CIDR notation must begin with " ". IP addresses are
# determined by the Checkmk Agent and may be IPv4 addresses in IPv4 notation,
# IPv4 addresses extended to IPv6 notation and IPv6 addresses dependent on how the
# Checkmk Agent is accessed. However this configuration file expects IPv4 notation
# or IPv6 notation for cluster ip lookup. Subnets may be IPv4 or IPv6 CIDR notation.
#
# CLUSTER my_cluster
# 192.168.1.1
# 192.168.1.2
# 192.168.1.3
# 192.168.1.4
#
# CLUSTER another_cluster
# 192.168.1.5
# 192.168.1.6
# 1762:0:0:0:0:B03:1:AF18
#
# CLUSTER yet_another_cluster
# 192.168.1.0/24
# 1762:0000:0000:0000:0000:0000:0000:0000/64