How-to monitor files (Agent-based, Linux / Windows)

Monitoring files on a host can be an instrumental part of application monitoring. Here we will describe some use cases and how to configure them.

LAST TESTED ON CHECKMK 2.1.0P1

Table of Contents

With Checkmk, you can monitor single files for pure existence, their age, size, etc. But it is also sometimes necessary to group several files into one service and impose those rules and thresholds on such a filegroup.

Configuration of the agent

First, we must tell the agent which files should be monitored. This can be done with the Checkmk agent bakery in Checkmk Enterprise, Enterprise Free, and managed service edition. In Checkmk RAW Edition, this needs to be done manually.

With agent bakery (Enterprise editions):

To create a new rule, go to Setup → Agents → Windows, Linux, Solaris, AIX → Agent rules → Count, size, and age of files and specify which files to be included:

Take a look at the inline help for possible patterns.
Bake & Sign the agents to deploy the new agent configuration.

Without agent bakery (RAW edition):

Paths and files are case-sensitive, even in the Windows agent.

In the file C:\ProgramData\checkmk\agent\check_mk.user.yml, create a fileinfo section like this:
```
fileinfo:
enabled: true
path:
- c:\temp\*.txt
- c:\path\to\file.dat
```
.
Restart the Checkmk agent

Monitoring of single files

Rediscover your host, and you will find the single files that you configured in Step 1, and you can add them to monitoring:

After that, you can create rules to specify how to monitor those files.
.
Click on the "hamburger" menu of that service, then "Parameters for this service."

.
Click "Size and age of single files" to create a rule

For example, this is with a threshold for the maximum age.

Screenshot showing the maximal age thresholds

Monitoring of file groups

Sometimes it is desired not to monitor the individual files but a file group instead. To do this, you need to create a rule on the type "File Grouping Patterns" There, you have to specify a name for the group, "Include Patterns," and optionally "Exclude Patterns."

Go to Setup → Services → Service monitoring rules → Grouping Patterns → Add rule

.
After a Re-Discovery, the single file services will vanish, and the file group will appear, and you can add the new service to the monitoring

.
Create a rule by clicking on the "hamburger menu" / Parameters for this service

.
Click "Size, age, and count of file groups" to create a rule as desired

Example

Screenshot showing the maximal age thresholds

Special case: file(s) does not exist during discovery

Sometimes you have a special use case where the single files or files that are part of file groups do not exist (during discovery). E.g., you want to monitor the quarantine directory of antivirus software, which should normally be empty.

As the Checkmk Discovery can only discover things that exist during the discovery process, we have a logical problem.

To circumvent this issue, you have to create the rules from above. These rules are called Size and age of single files and Size, age, and count of file groups and are not in the Discovery rule section of the setup menu but in the Enforced services part of the setup.

The rules can be found here:

Setup → Services → Enforced services → Size and age of single files
Setup → Services → Enforced services → Size, age, and count of file groups

By creating such an enforced rule, you can force Checkmk to create a service check, and you can monitor files that are not present during discovery.

Checkmk Knowledge Base