icinga2 icon indicating copy to clipboard operation
icinga2 copied to clipboard

Published 20 hours ago verified publisher icon Icinga

Icinga windows logging requires a separate section. The application log is swamped with events...

Open drapiti opened this issue 3 years ago • 7 comments

Since upgrading to icinga version 2.13 the new windows logging feature is great, however there are so many events written that it is inappropriate to place these events in the standard windows application log. A better solution would be to define a seperate log section dedicated to icinga, this is what is done with SCOM a seperate log is used. Our users are complaining they can no longer see the normal application logs.

Cheers.

drapiti avatar Sep 09 '21 12:09 drapiti

Have you considered switching back to file logs?

Al2Klimov avatar Oct 15 '21 15:10 Al2Klimov

Have you considered switching back to file logs?

At the moment as a work around we are using the filter file to log critical errors only. I think the windows event logs are in any case the most standard way forward as most of the teams are most familiar with this approach, it's just much cleaner to have a dedicated section without polluting the application logs. At the moment we are monitoring these events because we have found that on some systems the powershell checks are timing out with response times of over 55 seconds (example Invoke-IcingaUsedPartitionSpace check). Will be doing some troubleshooting and reporting back to the icinga-powershell github section.

drapiti avatar Oct 16 '21 17:10 drapiti

define a seperate log section dedicated to icinga, this is what is done with SCOM a seperate log is used

@LordHepipud What should we know about this?

Al2Klimov avatar Oct 18 '21 09:10 Al2Klimov

I don't think there's anything specific to SCOM here but the request is to add a "Icinga" log below "Applications and Services Logs" instead of using the "Application" log below "Windows" logs, see the following (very high-res) screenshot from Wikipedia for example:

Screenshot of the Windows Event Viewer

julianbrost avatar Oct 18 '21 10:10 julianbrost

Just my two cents for this: Icinga for Windows v1.7.0 will write events inside a custom log called Icinga instead of writing everything into the Application log on Windows.

We should use the same log for both and any further Icinga provided tools. Maybe we can even add even more differentiation for debug logs and other related things to keep information better structured.

LordHepipud avatar Oct 26 '21 18:10 LordHepipud

@LordHepipud Looks like you're using Icinga for Windows (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Icinga for Windows\IfW::Framework for example) now instead of just Icinga. Shall we also use this for Icinga 2 (i.e. (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Icinga for Windows\Icinga 2)? Or does the change in naming imply that you want a separate log for the powershell framework?

julianbrost avatar Jul 13 '22 09:07 julianbrost

I would suggest to separate Icinga for Windows and Icinga Agent logs, as the nature of the Icinga Agent is to log way more frequent than Icinga for Windows is. Therefor, it will be a lot easier to miss certain logs in this context. In addition, it would allow to parse the eventlog more easier for certain events taking place for difference spaces.

LordHepipud avatar Jul 13 '22 09:07 LordHepipud