Event Console

LAST TESTED ON CHECKMK 2.0.0P1

Getting Started

Background information regarding this subject is available on our:

• Official documentation
• YouTube Video

Overview

The Event Console (EC) is a very powerful tool to receive and process incoming events. While in the past, this might have been mainly SNMP traps (the classic), EC is also a very powerful way to monitor log files.

So instead of creating a service check for a log file only, we want to show you how to forward such log files to EC for much more precise log file monitoring.

The following graphic shows the way that the Eventlog data is using from the source to the destination:

Basic Event Console Configuration

Enabling the Event Console

First, we have to enable the Event Console. How to achieve that depends on the kind of server you have.

Appliance

Use the Webconf to enable the Event Console:

If you only want to process log files, you can leave the syslog/SNMP trap options unticked.

Common Checkmk Server (i.e., installed on a self-hosted Linux)

Use "omd config" from the command line to enable the Event Console:

If you only want to process log files, you can leave the syslog/SNMP trap options off.

Enabling the Message Archiving

Without having any rule packs and rules in the Event Console, all incoming events would simply be dropped. For debugging and to get started with the Event Console, we recommend to enable the message archiving in Setup/Events/Event Console:

After activating this option and activating the changes, all events (that do not match any rules) will be put into the event archive and can be watched in the view "Recent Event History".

Related articles

• Page:
  Event Console
• Page:
  Troubleshooting mkeventd - Integer overflow while parsing TimeTicks in SNMP trap
• Page:
  Troubleshooting "KeyError - cmk mkeventd EventServer"
• Page:
  Troubleshooting missing messages in Event Console
• Page:
  Troubleshooting SNMP Trap UTF-String conversion problems in Event Console