Nobody can help me, please ?

I supposed the problem come from the expression or function.

Unfortunatly, i've many test, but it still doesn't work...

Thanks for advance.
Nico

Hi Chazo,

first u create a item with:
log[/tmp/log_test.txt,ERROR] --> u get only the records with ERROR from the logfile
log[/tmp/log_test.txt,.*] --> u get all records from logfile



Then create a trigger:
{server_xxx:log[/tmp/log_test.txt,ERROR].str(ERROR)=1}
--> if the record contains ERROR string u get a match!
with
{server_xxx:log[/tmp/log_test.txt,.*].str(ERROR)=1} --> idem, match ERROR records

Just play around a bit and search this Forum for other examples and Questions, reading the Manual is sometimes helpfull !!!!

Sorry, but it doesn't work.

I can't save the Trigger with the following error :

Perhaps my key is wrong ?

Did someone can help me ?

BR,
Nicolas

Hi,

Sorry I got the Trigger expression wrong, should be:

{server_xxx:log[/tmp/log_test.txt,ERROR].str(ERROR)}=1

Notice the '{'

Greets
Patrick

P.S.: Try to be creativ by trying different syntaxes or just learn from an other example

Thanks Trikke, it works fine.

What i need now is to sent any alert for each new occurence found in this log file.

I've make some test using last() fonction but, i really have some problem with syntax...

I need zabbix to send mail when a new string is found ?

Can someonse help me ,

Thanks very much.

Nicolas

First, if you haven't done so yet, you need to configure general e-mail settings like mail server etc (Administration --> Media types). Then assign the media type to a user that is to receive notifications (Administration --> Users --> {username} --> Media). Check what level of severity will cause notification to be sent.
Then you create an Action (under Configuration menu). You can create individual action for each and every trigger you have but for example, I normally make only one or few very generic actions, like one with the only condition Host group = "Windows servers" - if any trigger "fires" on systems under that group, the specified user will get a message, given the event's severity matches one of those you selected before.

Hope this helps.

Sorry, media is still configurate (and works fine).

ma question is just about writing an expression to be alert when a new string "ERROR" appear on the log file.

Thanks,
Nicolas

Triggers don't send any notifications.

Triggers are just conditional expressions that allow zabbix to find out whether something is wrong. Triggers also have a "severity level".

What happens when things are "wrong" is defined in Actions.

Actions are based on triggers (or discovery). A single action can be defined to handle all triggers, or just a subset (specific trigger, or just for one host or host groups, minimal level of severity).

An action is composed of one or more operations. Operations are either sending messages (to a single user or a user group), or executing remote commands.

Usually, you'll end up with a few actions each defined to handle various triggers, of handle everything related to specific hosts or groups.


- items are just raw data sources and won't trigger any alert (even zabbix failing to collect data will just silently mark item as "unsupported")
- triggers are logic that say - based on item data - whether things are running as expected and how bad (severity) it is if they're not
- alerts take triggers as input (with filtering) and then execute operations (messages, remote commands) as "output"

I undestrand, but i does'n answer my question.

I'd like to know the correct syntax to use :

{ZABBIX Server:log[/tmp/log_test.txt, .*]. str( ERROR ) }=1

to generate an alert ONLY for new occurence found in the log_test file.

I suppose i have yo use the last(1) and last(0) function but it steel not working !

Thanks,
Nico

Hi Nico,

Try setting: Event generation to "Normal + Multiple True Events" on your trigger definition,

Greets
Patrick

Hi all,

I come back on this post (after many month...)
Could some one (which use this log function) can show the configuration he use (item + trigger + condition) beacause it still not works fine.

Thanks a lot.

I can try to help you.
Can you preciesly tell me what you want to do ?

Just answer these questions :
* what is the path and the name to the file ?
* do you want the item to register all the line of the log or only the one containing the string you're looking for ?
* when do you want an alert to appear on the dashboard (when you find string, when the string appears 3 time in the last log value, when there's a new entry in the log...) ?
* what do you want to do after the alert is displayed (send an email for example) ?

Waht i need is to monitor any log file.

For exemple : i try to search "ERROR" word in the file /tmp/log_test

(For the email, it's still work fine for other trigger, no problem)

I also want to be able to "ack" any alarm but have a new alert if a new orrurence appear.

item : log[/tmp/log_test, .*]

and trigger : {xxx_server:log[/tmp/log_test, .*].str(ERROR)}#1

But the result is not what a want...

Could you please, send a screen copy of item and trigger of your configuration ?

Thanks a lot.

First, I think the ".*" in you item is useless.

Don't hesitate to be more precise to help me to see what is the problem with the result. It can allow me to help you better.

To monitor logs files, I see 2 possibilities in this case : you want to register in your item all what is writen in the log :
Key : log[/tmp/log_test] (the equivalent to what you want to do with log[/tmp/log_test, .*] I think).
Or, you just want to register the lines containing ERROR :
Key : log[/tmp/log_test,ERROR]

Then, as far as the trigger is concerned. If you use the first item with all the datas, I think :
{xxx_server:log[/tmp/log_test].str(ERROR)}=1
will be activated when ERROR is found in the last value recevied by the server.

If you use the 2nd item, you can use the nodata feature.
{xxx_server:log[/tmp/log_test].nodata(<duration in seconds>)}#1
(as the item only collects datas when ERROR appears in the log, because of the ERROR given as a 2nd string, it won't receive datas as long as ERROR is not found, nodata returns 1 if no data are received during the time specified between "( )").


So :
1. try to delete the .* parameter which is according to me useless, if you don't give a regexp as a 2nd parameter, log will take all the lines of the logfile.
2. str return 1 if the string is found, so if you want to be alerted when ERROR is found, you have to use =1 and not #1 (# means not equal to)


Be carefull, the strings are regexp using the posix norm, and it's case sensitive, so ERROR is different from error.

I don't have my zabbix right now, so I can't send you a screenshot, but I think you should be able to monitore your logfile with the explaination above.
If not, I can try to give you more precisions...