we recently updated our windows agent to v2.13.1, which enabled the logging into the windows event log by default, instead of using the log file.
The windows admins now complain that the event log gets spammed with Icinga messages, even though I already set the severity to “critical”.
/**
* The WindowsEventLogLogger type writes log information to the Windows Event Log.
*/
object WindowsEventLogLogger "windowseventlog" {
severity = "critical"
}
There are still many “warning” and “informational” messages in the event log. The timestamps correspond with config deployments.
Over 7200 events out of a total of 7300 are just from the Icinga Agent
My question is:
Why does the agent ignore the setting in the config file and still logs informational and warning messages during config deployments/reloads/syncs?
Thx for your reply.
Sadly that wasn’t the solution.
After a service restart I still get the informational/warning log messages from the config sync/reload.
After that nothing else is logged, so I guess that the setting for logging severity only gets “activated” after the config deployment.
Which zones are you syncing to your agents? In my opinion an agent should only get CheckCommands relevant for the system to reduce reloads and data on the agent. In your case it looks like you are syncing director-global/global-templates which has objects and apply rules irrelevant for the system!
Changing this will not remove the initial problem, but reduce the spam caused by it.