Icinga Agent for Windows spams the Event Log

Hi all,

we recently updated our windows agent to v2.13.1, which enabled the logging into the windows event log by default, instead of using the log file.

The windows admins now complain that the event log gets spammed with Icinga messages, even though I already set the severity to “critical”.

 * The WindowsEventLogLogger type writes log information to the Windows Event Log.

object WindowsEventLogLogger "windowseventlog" {
    severity = "critical"

There are still many “warning” and “informational” messages in the event log. The timestamps correspond with config deployments.

Over 7200 events out of a total of 7300 are just from the Icinga Agent :open_mouth:

My question is:
Why does the agent ignore the setting in the config file and still logs informational and warning messages during config deployments/reloads/syncs?

Any help/hints are appreciated :slight_smile:

Did you restart the agent after the severity level change?

1 Like

Thx for your reply.
Sadly that wasn’t the solution.
After a service restart I still get the informational/warning log messages from the config sync/reload.

After that nothing else is logged, so I guess that the setting for logging severity only gets “activated” after the config deployment.

Which zones are you syncing to your agents? In my opinion an agent should only get CheckCommands relevant for the system to reduce reloads and data on the agent. In your case it looks like you are syncing director-global/global-templates which has objects and apply rules irrelevant for the system!

Changing this will not remove the initial problem, but reduce the spam caused by it.

1 Like

Correct, the global zones also get synced to the agent.
Good hint, I will check that those maybe not get synced anymore.

But as you said, the “real” problem will not be solved by this.