just another question about "condition", should i set the default condition ?

like :
Item.....
Fonction : Last Value = N
N : O

And also why did my trigger switch to "NOT SUPPORTED" himself ??

I don't really understand your question...
what you wrote is the equivalent to : {xxx_server:log[/tmp/log_test].last(0)}=O... I don't see the sens of that.

.str(ERROR)}=1 is the equivalent of choosing "find string T last value N=X where X=1 if found - 0 otherweise" with T = ERROR and N = 1.

The trigger or the item ?

Sorry but i'm beginner with Zabbix an d i don't really undesrtand how works "functions"

your right the item switch to "not supported" but i suppose it's due to the wrong function.

There is a lot a differente function and i don't

It's why i'd like to see any exemple (with print screen).



Could you please, explain me what the different line are doing..

If the item works to "not supported", it means it doesn't work. It can be because you made a mistake in your configuration or because it use a command or library which is not on your system...

Which item switch to unsupported ? The log monitoring ? Log monitoring should be active agent check, and in the configuration file of the agent, the name should be exactly the same than the one specified in the webinterface of the server.
If you forget to specify "active" it can switch to "non supported" I think for example.

Items collect datas, then trigger make some tests on datas collected to display notification if needed, using some functions.

For example, a icmp ping item will register 1 if ping is ok, 0 if not. Then, you can make a trigger to be notified if there's a ping problem.
Here, you use functions to define the expression you want to test.

If you want to be alerted immediatly when a ping is lost, you can use :
{***.icmpping.last(0)}=0 or {***.icmpping.last(0)}#1
But, if you want for example to be notified after 3 fail of ping, you can use :
{***.icmpping.sum(#3)}=0
(the sum of the 3 last values = 0, which mean 0+0+0, so 3 fails)
etc...

On your screenshot, it's the "find string" example. It's for text items such as logs, strings, texts...
On your screenshot, the first line define which item is concerned, the second one defines which function you want to use, but using simple words to be understood (here, you want to find a string in the last value)... the other lines are the one mentionned in the function.
"find string T last value, N= X where X = 1 if found, 0 if not"
You just have to read...

Find string T : so the case T is the one where you put the string you're looking for, for example ERROR.
N=X where X = 1 if found, 0 if not, so in your case, you want to match if ERROR is found right ? So, you want to match on N=1. So you put 1 in the last field.
You validate...

And you should obtain the line I've given you.
{****.str(ERROR)}=1

You can use the list to select the function you want, filling the fields. It's more simple because functions are explained in simple words. Or you can write the line directly following the model :
{<server>:<key>.<function>(<parameter>)}<operator> <const>
for example :
{server1:log[/path/file].str(ERROR)}=1
server : server1
key : log[/path/file]
function : str
parameter : ERROR
operator : =
const : 1

You can read the official documentation (PDF) from page 124. It describes very precisely what each function do.

Thanks a lot "fcge" i've delete all and restart from the beginning, it works !

For your infirmation, i suppose that it's when a don't put xxx,.*] my item switch to NOT SUPPORTED...

So my item is now : log[/tmp/log_check_cbv,.*]

I've just a little problem to have an alert for each new orrurence of ERROR in the log file.

What i need is to be able to clear the trigger (ok i've seen the ERROR world in the log) and when "A NEW" occurence appear, it's generate another ALARM

I supposed it's should be something like :

{xxx_serv:log[/tmp/log_check_cbv,.*].str(ERROR)>last(0)}

but it's not working !

The ,.* is useless.
log[/path/file,.*] == log[path/file].

As we can see on page 159 of the pdf documentation, the regexp is an optionnal parameter :

There's an example of log monitoring on this page.

When an item switch to unsupported because of a mistake in the conf, you can correct it and then click on "activate" to reactivate it.

If you want to be able to clear a trigger manually, you can follow this topic :

We are currently trying to find a way to do that.

The line is incomplete... the operator and the constant are missing.
{xxx_serv:log[/tmp/log_check_cbv,.*].str(ERROR)>last(0)}=1 will launch a notification if "ERROR" is found in the last entry sent by "xxx_serv:log[/tmp/log_check_cbv,.*]".

I use this for monitoring my logs:

Note that when the trigger fires you have to rotate your log manually.

I hope it helps.