Versions Compared

Version Old Version 11 New Version Current
Changes made by

Matthew Hierholzer

Matthew Hierholzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Status
colourGreen
titleLAST TESTED ON CHECKMK 2.03.0P1


Panel
borderColorblack
bgColor#f8f8f8
titleTable of Contents

Table of Contents

Getting Started

Background information regarding this subject is available on our:


Overview

The Event Console (EC) is a very powerful tool to receive and process incoming events. While in the past, this might have been mainly SNMP traps (the classic), EC is also a very powerful way to monitor log files.

...

The following graphic shows the way that theĀ Eventlog data is using from the source to the destination:

Screenshot of the event console flow from the windows event log into cmk server.Image Modified


Basic Event Console Configuration

...

Use the Webconf to enable the Event Console:

Screenshot of the location of the edit button within the site management section of the Checkmk appliance.Image Modified

Screenshot of site configuration with enable processing of external messages enabled.Image Modified

If you only want to process log files, you can leave the syslog/SNMP trap options unticked.

Common Checkmk Server (i.e., installed on a self-hosted Linux)

Use "omd config" from the command line to enable the Event Console:

Screenshot of configuration of mysite with addons selected.Image Modified Screenshot of addons section with mkeventd set to on.Image Modified


If you only want to process log files, you can leave the syslog/SNMP trap options off.


Enabling the Message Archiving

Without having any rule packs and rules in the Event Console, all incoming events would simply be dropped. For debugging and to get started with the Event Console, we recommend to enable the message archiving in Setup/Events/Event Console:

Screenshot of event console rule packs. Location of settings button.Image Modified

Screenshot fo the event console configuration matching rule. Force message archiving enabled.Image Modified


After activating this option and activating the changes, all events (that do not match any rules) will be put into the event archive and can be watched in the view "Recent Event History".


Filter by label (Content by label)
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "event_console" and type = "page" and space = "KB"
labelssecurity

...