Getting Started

Background information regarding this subject is available on our:

Overview

The Event Console (EC) is a very powerful tool to receive and process incoming events. While in the past, this might have been mainly SNMP traps (the classic), EC is also a very powerful way to monitor log files.

So instead of creating a service check for a log file only, we want to show you how to forward such log files to EC for much more precise log file monitoring.

The following graphic shows the way that the Eventlog data is using from the source to the destination:

Screenshot of the event console flow from the windows event log into cmk server.

Basic Event Console Configuration

Enabling the Event Console

First, we have to enable the Event Console. How to achieve that depends on the kind of server you have.

Appliance

Use the Webconf to enable the Event Console:

Screenshot of the location of the edit button within the site management section of the Checkmk appliance.

Screenshot of site configuration with enable processing of external messages enabled.

If you only want to process log files, you can leave the syslog/SNMP trap options unticked.

Common Checkmk Server (i.e., installed on a self-hosted Linux)

Use "omd config" from the command line to enable the Event Console:

Screenshot of configuration of mysite with addons selected. Screenshot of addons section with mkeventd set to on.

If you only want to process log files, you can leave the syslog/SNMP trap options off.

Enabling the Message Archiving

Without having any rule packs and rules in the Event Console, all incoming events would simply be dropped. For debugging and to get started with the Event Console, we recommend to enable the message archiving in Setup/Events/Event Console:

Screenshot of event console rule packs. Location of settings button.

Screenshot fo the event console configuration matching rule. Force message archiving enabled.

After activating this option and activating the changes, all events (that do not match any rules) will be put into the event archive and can be watched in the view "Recent Event History".

Related articles