Overview

The Event Console (EC) is a very powerful tool to receive and process incoming events. While in the past this might have been mainly SNMP traps (the classic), EC is also a very powerful way to monitor log files.

So instead of creating a service check for a log file only, we want y to show you how to forward such log files to EC for much more precise log file monitoring.

The following graphic shows the way that the Eventlog data is using from the source to the destination:

Image Modified

Basic Event Console Configuration

Enabling the Event Console

First, we have to enable the Event Console. How to achieve that, depends on the kind of server you have.

Appliance

Use the Webconf to enable the Event Console:

Image Modified

Image Modified

If you only want to process log files, you can leave the syslog/SNMP trap options unticked.

Common Checkmk Server (i.e. installed on a self hosted Linux)

Use "omd config" from the command line to enable the Event Console:

Image Modified

Image Modified

If you only want to process log files, you can leave the syslog/SNMP trap options off.

Enabling the Message Archiving

Without having any rule packs and rules in the Event Console, all incoming events would simply be dropped. For debugging and to get started with the Event Console, we recommend to enable the message archiving in Setup/Events/Event Console:

Image Added

Image Added

After activating this option and activating the changes, all events (that do not match any rules) will be put into the event archive and can be watched in the view "Recent Event History".