Setting up the Event Console
Last updated: September 10. 2012
1. Using builds from the OMD Subscription
If you are using the OMD builds from our subscription then setting up the Event Console is quite easy. It is contained in our builds starting from version 1.2.0p2. After you have created an OMD site with such a version or updated a site to it, simply call the following command, using the site user:
OMD[mysite]:~$ omd config
Now select Addons...
...and set MKEVENTD to on:
Alternatively - if you prefer a non-interactive approach - you can do this on the command line (after stopping the site)
OMD[mysite]:~$ omd stop OMD[mysite]:~$ omd config set MKEVENTD on
Make sure you bring your site back up now. The service mkeventd is now being started before all others:
OMD[mysite]:~$ omd start Starting mkeventd...OK Starting dedicated Apache for site mysite...OK Starting rrdcached...OK Starting npcd...OK Starting nagios...OK Initializing Crontab...OK
2. Submitting events
As soon as the mkeventd is running, both a named pipe and a unix socket exist. In OMD they are created in tmp/run/mkeventd - together with the PID file of the daemon:
OMD[mysite]:~$ ll tmp/run/mkeventd/ total 4 prw-rw-rw- 1 mysite mysite 0 Jul 3 15:14 events| -rw-r--r-- 1 mysite mysite 5 Jul 3 16:11 pid srwxr-xr-x 1 mysite mysite 0 Jul 3 16:11 status=
Submitting messages is as easy as writing lines of text into the pipe. This can be done with a simple echo:
OMD[mysite]:~$ echo TEST > tmp/run/mkeventd/events
In order to use all features of the event classification, you should use the network format of syslog for formatting your messages. That way the Event Console is told the syslog priority, the hostname and other useful information. This is defined in RFC 3164 and has the following structure:
2.1. Attaching rsyslog
The small helper program mkevent does not much more than echo, but can be used for attaching rsyslog in a safe way: It makes sure that the pipe is not kept open by any application. That would lock out other possible applications that want to send events. The following configuration file can be used for sending all messages from the local syslog server to the Event Console:
$template mkeventd,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag% %msg%\n" *.* ^/omd/sites/mysite/bin/mkevent;mkeventd
We apologize that this only works on OMD. The program mkevent uses its own path to determine the correct OMD site and thus the path to the pipe. Rsyslog does not allow to specify any arguments for the program being called. In manual non-OMD installations you need to replace mkevent with some self-written shell or Perl script that writes the messages into the correct pipe.
2.2. Attaching syslog-ng
Due to two nasty bugs in syslog-ng, neither directly writing into the pipe nor calling mkevent is working properly. If you are using at least version 1.2.1i4 of the Event Console, you can make use of the integrated syslog server and avoid this problem.
2.3. Directly accepting syslog messages
version 1.2.1i4 of the Event Console comes with an integrated syslog server. When using this you configure your local syslog to just handle the local system messages and not accept messages on port 514. The EC takes this part.
3. Setting up manually
A manual setup of the Event Console without OMD is also possible. As of version 1.2.2 the setup.sh script of Check_MK automatically sets up everything you need, if you answer yes when you are asked about it. It also creates an init script /etc/init.d/mkeventd. Please note that this init script is not automatically activated. Please use chkconfig mkeventd on on SLES, Red Hat in order to do this (chkconfig is also avaiable for Debian / Ubuntu).
If you want to enable the builtin syslog server then please edit this init script and set MKEVENTD_SYSLOG=on.