Ad Widget

**ahahum** · 20-09-2011, 23:52

Bumpity

Bump please?

**HullZabbix** · 21-09-2011, 11:22

Here's what I have for my event log monitoring

{TemplateServers:eventlog[System].logseverity(0)}=4 & {TemplateServers:eventlog[System].nodata(10)}#1

This clears the trigger almost straight away.

I think your brackets are slightly messed up. Why do you have TRIGGER.VALUE in there?

({GPSERVER:eventlog[eConnect].logseverity(0)}=4 | {TRIGGER.VALUE}=1) & {GPSERVER: eventlog[eConnect].nodata(30)}#1

**ahahum** · 21-09-2011, 16:02

Originally posted by AxidaZabbix

Here's what I have for my event log monitoring

{TemplateServers:eventlog[System].logseverity(0)}=4 & {TemplateServers:eventlog[System].nodata(10)}#1

This clears the trigger almost straight away.

I think your brackets are slightly messed up. Why do you have TRIGGER.VALUE in there?

({GPSERVER:eventlog[eConnect].logseverity(0)}=4 | {TRIGGER.VALUE}=1) & {GPSERVER: eventlog[eConnect].nodata(30)}#1

This works perfectly, thank you very much.

I do not know why I had trigger.value in there...just messing around trying to get something to work

**kachijs** · 13-10-2011, 15:20

{TemplateServers:eventlog[System].logseverity(0)}=4 & {TemplateServers:eventlog[System].nodata(10)}#1

first trigger works for me too, but 2nd is not working. Problem just keeps showing @ dashboard even though i ack this problem.

What am i doing wrong? I simulate error appearing. I start service (error while starting) System log gets error and then no error continues but still warning is shown.

any help ? tnx

**HullZabbix** · 13-10-2011, 15:24

I wouldn't use the second example trigger - it doesn't make sense. If

{TemplateServers:eventlog[System].logseverity(0)}=4 & {TemplateServers:eventlog[System].nodata(10)}#1

works for you then use it! Unless it's missing something you need?

**kachijs** · 13-10-2011, 15:28

Originally posted by AxidaZabbix

I wouldn't use the second example trigger - it doesn't make sense. If

{TemplateServers:eventlog[System].logseverity(0)}=4 & {TemplateServers:eventlog[System].nodata(10)}#1

works for you then use it! Unless it's missing something you need?

{TemplateServers:eventlog[System].logseverity(0)}=4 this trigger works for me (it shows problem) for item eventlog[System,WinHTTP], but 2nd {TemplateServers:eventlog[System].nodata(10)}#1 is not working for me (as i understand this trigger has to clean dashboard if no error is appearing in 10sec

**HullZabbix** · 13-10-2011, 15:32

They aren't seperate triggers! It's a single expression

{TemplateServers:eventlog[System].logseverity(0)}=4 & {TemplateServers:eventlog[System].nodata(10)}#1

The & joins them. The point of this trigger is to alert if there's an error in the System log, which will clear itself after 10 seconds.

**kachijs** · 13-10-2011, 15:38

Originally posted by AxidaZabbix

They aren't seperate triggers! It's a single expression

{TemplateServers:eventlog[System].logseverity(0)}=4 & {TemplateServers:eventlog[System].nodata(10)}#1

The & joins them. The point of this trigger is to alert if there's an error in the System log, which will clear itself after 10 seconds.

yes i know that.
[img=http://www63.zippyshare.com/thumb/63900259/file.html][/img]

Here. i get my error showing @ dashboard but after 180 sec (3min) it still showing @ dashboard even tho no new error (winHTTP) is created @ system log.

**HullZabbix** · 13-10-2011, 15:44

Originally posted by kachijs

yes i know that.
[img=http://www63.zippyshare.com/thumb/63900259/file.html][/img]

Here. i get my error showing @ dashboard but after 180 sec (3min) it still showing @ dashboard even tho no new error (winHTTP) is created @ system log.

Have you tried running it with just [WinHTTP] rather than [System,WinHTTP].

This will be picking up errors from both event logs. I'm not sure if that's your intention?

Also I'd set "Event generation" to Multiple.

**HullZabbix** · 13-10-2011, 15:45

I think I've just realised what your trying to do

Are you trying to trigger an alert when you get an error (severity 4), in the "System" log which has a source of "WinHTTP" ?

If not, what exactly are you trying to do?

**kachijs** · 13-10-2011, 15:51

Originally posted by AxidaZabbix

Have you tried running it with just [WinHTTP] rather than [System,WinHTTP].

This will be picking up errors from both event logs. I'm not sure if that's your intention?

Also I'd set "Event generation" to Multiple.

WinHTTP Is not an error log it a "phrase" (test phrase) that i use from picking up messages from System log.

**kachijs** · 13-10-2011, 15:52

Originally posted by AxidaZabbix

I think I've just realised what your trying to do

Are you trying to trigger an alert when you get an error (severity 4), in the "System" log which has a source of "WinHTTP" ?

If not, what exactly are you trying to do?

yes this is exactly what im trying to do.

**HullZabbix** · 13-10-2011, 15:55

Ok I think I understand now.

If WinHTTP is part of the description in the event log then what you want is:

{TemplateServers:eventlog[System].str("WinHTTP")}=1 & {TemplateServers:eventlog[System].nodata(10)}#1

But if it's the source, then you want this:

{TemplateServers:eventlog[System].logsource("WinHTTP")}=1 & {TemplateServers:eventlog[System].nodata(10)}#1

If you want it only to trigger on error (rather than error or warning or information) then you want this:

{TemplateServers:eventlog[System].logsource("WinHTTP")}=1 & {TemplateServers:eventlog[System].logseverity(0)}=4 & {TemplateServers:eventlog[System].nodata(10)}#1

**HullZabbix** · 13-10-2011, 16:04

Ad Widget

How to clear an event log trigger

How to clear an event log trigger

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment