I'm new to Zabbix. In fact I'm just setting this up in our lab for testing to see if we would like to fully implement it in our company. I've been able to muddle through much of setup of checks by searching the forums, but I can't quite figure this problem out.
I'm trying to monitor the event logs of a number of computers on our network. I'm not looking for specific entries from a specific source. I'd like a trigger to be tripped for any "Error" found in the event logs of these computers. I'm mostly looking for application errors. This part I have working. The part I'm having problems with is if no more new logs are written, the trigger is staying active because the last event in the log was the error. I'm wanting a trigger to activate and then return to normal so an event will show up on the dashboard and I'll know to investigate. (I'm not setting these up as high priority and paging on them)
So is this even possible? If a trigger goes back to normal without being acknowledged, does the event still show in the recent events on the dashboard until acknowledged? Is there a way to set a trigger up so that it stays active until it has been acknowledged, then somehow uses that to reset the trigger without the trigger going off on the next check because the last event is still the error in the log?
Not sure if I've explained the situation clearly. Here is the simple trigger expression I'm using now.
{Template_Windows:eventlog[Application].logseverity(4)}=4
Thanks for any help.
I'm trying to monitor the event logs of a number of computers on our network. I'm not looking for specific entries from a specific source. I'd like a trigger to be tripped for any "Error" found in the event logs of these computers. I'm mostly looking for application errors. This part I have working. The part I'm having problems with is if no more new logs are written, the trigger is staying active because the last event in the log was the error. I'm wanting a trigger to activate and then return to normal so an event will show up on the dashboard and I'll know to investigate. (I'm not setting these up as high priority and paging on them)
So is this even possible? If a trigger goes back to normal without being acknowledged, does the event still show in the recent events on the dashboard until acknowledged? Is there a way to set a trigger up so that it stays active until it has been acknowledged, then somehow uses that to reset the trigger without the trigger going off on the next check because the last event is still the error in the log?
Not sure if I've explained the situation clearly. Here is the simple trigger expression I'm using now.
{Template_Windows:eventlog[Application].logseverity(4)}=4
Thanks for any help.
) it should only display the trigger for five minutes then disappear. Though, in my opinion, this isn't what I would want to do. I would want a confirmation that it has been acknowledged before it disappears. I don't know of any keys or macros that deal with acknowledgments. It seems that acknowledgments were just tacked on to Zabbix without much integration. Maybe 1.8 will be better. 
Comment