Ad Widget

**kachijs** · 13-10-2011, 16:19

{EDS .NET 1:eventlog[System].logseverity(0)}=4 & {EDS .NET 1:eventlog[System].nodata(30)}#1

i stick to this for now. trigger works that shows in dashboard that i have a problem but after 30sec it does not wipe it.

btw many thanks on description.

**HullZabbix** · 13-10-2011, 16:31

How frequently(interval) is your item running? I have mine running every 15 seconds.

**kachijs** · 13-10-2011, 16:50

Every 30 sec.

**slemons** · 02-05-2013, 17:55

Just want to say thanks to HullZabbix. Your responses in this thread have definitely helped me in setting up Windows Event Log triggering.

Sam

**nail** · 15-11-2013, 08:21

Anyone encountered multiple event generation on same message using this trigger example?
Getting some of events twice

My trigger:

Code:

{HOST:eventlog[Application,,,"TestAPP",,,skip].logseverity()}>0 & {HOST:eventlog[Application,,,"TestAPP",,,skip].nodata(20)}#1

Item is checked every 30 sec.

**MightBeAWizard** · 21-06-2016, 09:42

For some reason I cannot add more than 1 trigger, If I try to make trigger kinda like:
{TemplateServers:eventlog[System].logsource("WinHTTP")}=1 & {TemplateServers:eventlog[System].logseverity(0)}=4 & {TemplateServers:eventlog[System].nodata(10)}#1
it just fails at first "&", any ideas?

This is what I got:

{Template RAID:eventlog[System,,"Information|Warning|Error","HP Smart Array",,,skip].logsource("HP Smart Array")}=1 & {Template RAID:eventlog[System,,"Information|Warning|Error","HP Smart Array",,,skip].logseverity(0)}>1 & {Template RAID:eventlog[System,,"Information|Warning|Error","HP Smart Array",,,skip].nodata(120)}#1

Hopefully there is atleast something right, might be all wrong tho :/

**MightBeAWizard** · 21-06-2016, 10:02

Seems like "&" isn't working, but when I put "add" instead it seems to be working, also #1 isn't working for some reason. It just gives "Incorrect trigger expression. Check expression part starting from "}#1"."

**nail** · 24-06-2016, 12:28

Originally posted by MightBeAWizard

Seems like "&" isn't working, but when I put "add" instead it seems to be working, also #1 isn't working for some reason. It just gives "Incorrect trigger expression. Check expression part starting from "}#1"."

replace '&' with 'and'
replace '#1' with '<>1'
also look this: https://www.zabbix.com/documentation...ers/expression

**Linwood** · 27-06-2016, 04:50

Originally posted by nail

Anyone encountered multiple event generation on same message using this trigger example?
Getting some of events twice

Honestly I do not think it is possible to do this "right", if I understand the subject. See a discussion I failed to start on the subject here.

If you don't allow multiple event generation then you may miss events. if that's OK, this works better.

If you allow multiple event generations, you cannot put any kind of time function in the trigger expression or else is generates bogus extra events.

If you don't put time functions in there, there doesn't seem to be a way to clear the events.

My example which I think is similar is logins -- I don't want to ever miss a login alert, and I cannot find a way to do that which doesn't either leave the event around (forever), or generate bogus events.

**bbrendon** · 28-06-2016, 04:31

Yes, its true zabbix isn't great for monitoring logs for something that changes frequently like user logins. You would be better off using a script that involves something like logtail and pumping that into a text entry using awk or something custom.

Log monitoring in zabbix is good for looking for specific issues, though the clearing of them has something to be desired.

**vidarfs** · 02-06-2021, 10:45

I´m new to Zabbix and this is my first post here

What I would like to do is pick up if there is an Error in the Windows application log on Event ID 4201 amd have that displayed on my Dashborad.

What i have done is create a item like so

Key eventlog[Application,,Error,,42012,,]

This works I see the errors

From what I have read I now would need to create a trigger I just don't know what the Expression should be for the trigger ?

**Bericario** · 22-12-2021, 12:37

Hi,

i have the same problem i create a item and it works fine but i need to create an trigger to send me alert for the events.

{HOST:eventlog[Application,,,"TestAPP",,,skip].logseverity()}>0 & {HOST:eventlog[Application,,,"TestAPP",,,skip].nodata(20)}#1

this trigger dont work for me

{HOST:eventlog[Application,,,"TestAPP",,,skip].logseverity()}>0 and {HOST:eventlog[Application,,,"TestAPP",,,skip].nodata(20)}<>1

this either. Anybody have a trigger that works fine?

Ad Widget

How to clear an event log trigger

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment