Добрый день. Создал элемент данных для проверки журнала windows event log:
тип: Zabbix агент активный
ключ: eventlog[Microsoft-Windows-Backup,,,Backup,14,,]
тип информации: журнал (лог)
Предобработка:
XML Xpath: string(//Data[@Name='HRESULT'])
Ошибка в логе сервера: item "server:eventlog[Microsoft-Windows-Backup,,,Backup,14,,]" became not supported: Item preprocessing step #1 failed: cannot extract XML value with xpath "string(//Data[@Name='HRESULT'])": cannot parse xml value: Start tag expected, '<' not found
Проверял на freeformatter.com/xpath-tester.html#ad-output выражение //Data[@Name='HRESULT'] выдает 0x0 т.е. то что нужно
Где могу ошибаться?
тип: Zabbix агент активный
ключ: eventlog[Microsoft-Windows-Backup,,,Backup,14,,]
тип информации: журнал (лог)
Предобработка:
XML Xpath: string(//Data[@Name='HRESULT'])
Ошибка в логе сервера: item "server:eventlog[Microsoft-Windows-Backup,,,Backup,14,,]" became not supported: Item preprocessing step #1 failed: cannot extract XML value with xpath "string(//Data[@Name='HRESULT'])": cannot parse xml value: Start tag expected, '<' not found
Проверял на freeformatter.com/xpath-tester.html#ad-output выражение //Data[@Name='HRESULT'] выдает 0x0 т.е. то что нужно
HTML Code:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Backup" Guid="{1DB28F2E-8F80-4027-8C5A-A11F7F10F62D}" /> <EventID>14</EventID> <Version>3</Version> <Level>4</Level> <Task>0</Task> <Opcode>2</Opcode> <Keywords>0x4000000000000000</Keywords> <TimeCreated SystemTime="2019-03-13T01:27:19.206549200Z" /> <EventRecordID>1701</EventRecordID> <Correlation /> <Execution ProcessID="24396" ThreadID="17884" /> <Channel>Microsoft-Windows-Backup</Channel> <Computer>server</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="BackupTemplateID">{E7FD28E9-7302-4AF3-AAEB-AE2647E63DF0}</Data> <Data Name="HRESULT">0x0</Data> <Data Name="DetailedHRESULT">0x0</Data> <Data Name="ErrorMessage">%%0</Data> <Data Name="BackupState">14</Data> <Data Name="BackupTime">2019-03-13T01:00:04.627858200Z</Data> <Data Name="BackupTarget">D:</Data> <Data Name="NumOfVolumes">2</Data> <Data Name="VolumesInfo"> <VolumeInfo> <VolumeInfoItem Name="Зарезервировано системой" OriginalAccessPath="" State="14" HResult="0" DetailedHResult="0" PreviousState="9" IsCritical="1" IsIncremental="0" BlockLevel="1" HasFiles="0" HasSystemState="1" IsCompacted="0" IsPruned="0" IsRecreateVhd="0" FullBackupReason="10" DataTransferred="291504128" NumUnreadableBytes="0" TotalSize="291504128" TotalNoOfFiles="0" Flags="554" BackupTypeDetermined="1" SSBTotalNoOfFiles="0" SSBTotalSizeOnDisk="0" /> <VolumeInfoItem Name="C:" OriginalAccessPath="C:" State="14" HResult="0" DetailedHResult="0" PreviousState="9" IsCritical="1" IsIncremental="0" BlockLevel="1" HasFiles="0" HasSystemState="1" IsCompacted="0" IsPruned="0" IsRecreateVhd="0" FullBackupReason="10" DataTransferred="376663638016" NumUnreadableBytes="0" TotalSize="376663638016" TotalNoOfFiles="0" Flags="1576" BackupTypeDetermined="1" SSBTotalNoOfFiles="0" SSBTotalSizeOnDisk="0" /> </VolumeInfo> </Data> </EventData> </Event>
Comment