Ad Widget

Collapse

syslog monitoring: how to make alerts more meaningful

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • yuris
    Junior Member
    • May 2009
    • 1
    #1

    syslog monitoring: how to make alerts more meaningful

    I need to monitor syslog's messages like this: there is separate logs for err, crit, etc. syslog messages and I need zabbix-agent to make active checks on it the way that let us get e-mail alerts with contents of every syslog message, that appears in syslog files (/var/log/syslog.crit /var/log/syslog.alert etc.)

    I created items syslog.err, syslog.crit, etc., using key "log[/var/log/logfile.loglevel]" and stack with creating triggers for them, I used to apply triggers like

    {host:log[/var/log/logfile.loglevel].nodata(30)}#1

    and

    {host:log[/var/log/logfile.crit].str(0)}=1

    these I found at this forum (official pdf did not help me at all in figuring out how to apply trigger with "log" type of data)

    some of them even fired once, but most of times when I issued some errors on test server it was silent... besides that single time it worked a got standard alert that the trigger's status in ON (while I need to get that same logfile message which issued alert via e-mail)

    but that was the first part of a problem, here is the second one:

    at some point zabbix-agent begin to crush constantly when start and find logfiles that non-empty. Debug level log of zabbix-agent shows this:

    13263:20090519:053435 zabbix_agentd started. ZABBIX 1.4.
    13265:20090519:053435 zabbix_agentd collector started
    13266:20090519:053435 zabbix_agentd active check started [zabbix.example.com:10051]
    13266:20090519:053435 In init_active_metrics()
    13266:20090519:053435 In refresh_metrics('zabbix.example.com',10051)
    13266:20090519:053435 get_active_checks('zabbix.example.com',10051)
    13266:20090519:053435 Sending [ZBX_GET_ACTIVE_CHECKS
    node62
    ]
    13266:20090519:053435 Before read
    13266:20090519:053435 In parse_list_of_checks('log[/var/log/syslog.alert]:30:0
    log[/var/log/syslog.crit]:30:0
    log[/var/log/syslog.emerg]:30:0
    log[/var/log/syslog.err]:30:131
    ZBX_EOF
    ')
    13266:20090519:053435 In disable_all_metrics()
    13266:20090519:053435 Parsed [log[/var/log/syslog.alert]:30:0]
    13266:20090519:053435 In add_check('log[/var/log/syslog.alert]', 30, 0)
    13266:20090519:053435 Parsed [log[/var/log/syslog.crit]:30:0]
    13266:20090519:053435 In add_check('log[/var/log/syslog.crit]', 30, 0)
    13266:20090519:053435 Parsed [log[/var/log/syslog.emerg]:30:0]
    13266:20090519:053435 In add_check('log[/var/log/syslog.emerg]', 30, 0)
    13266:20090519:053435 Parsed [log[/var/log/syslog.err]:30:131]
    13266:20090519:053435 In add_check('log[/var/log/syslog.err]', 30, 131)
    13266:20090519:053435 Parsed [ZBX_EOF]
    13266:20090519:053435 In process_active_checks('zabbix.example.com',10051)
    13266:20090519:053435 In process log (/var/log/syslog.alert,0)
    13266:20090519:053435 In process log (/var/log/syslog.crit,0)
    13266:20090519:053435 In process log (/var/log/syslog.emerg,0)
    13266:20090519:053435 In process log (/var/log/syslog.err,131)
    13266:20090519:053435 XML before sending [<req><host>bm9kZTYy</host><key>bG9nWy92YXIvbG9nL3NtdHBjb20tc3Rhci5lcnJd </key><data>TWF5IDE4IDExOjQ0OjEyIG5vZGU2MiBzbXRwY29t LXN0YXJbMzgxNV06IFNtdHBjb206OlRyYWNrZ
    XI6OmxvYWRUcmFja2luZ1JlY29yZDogUmVjb3JkIHdpdGggcXV ldWVpZCAnREEzMkEyQjA5RDknIG5vdCB
    mb3VuZC4K</data><lastlogsize>MjU3</lastlogsize></req>]
    13266:20090519:053435 OK
    13263:20090519:053435 One child process died. Exiting ...
    13263:20090519:053435 zbx_on_exit() called.
    13265:20090519:053435 Got signal. Exiting ...
    13263:20090519:053437 ZABBIX Agent stopped

    I would really apreciate if some one could help me with these two problems.
    Tags: None
    Previous template Next
    Working...