Ad Widget

**Calimero** · 29-06-2009, 09:53

First you can have zabbix_agent filter lines that are sent to zabbix_server (second argument of log[]).

An interesting function for log checking is .count().

We use triggers like this one:

Code:

{hostname:log[/var/local/somelog].count(300,%sync failed% )}>2

==> TRUE if string 'sync failed' is found at least three times among the log lines from the past 5 minutes

Keep in mind that .count() is only evaluated when there's new data.

So actually we use that trigger:

Code:

{hostname:log[/var/local/somelog].count(300,%sync failed% )}>2&{hostname:log[/var/local/somelog]. now( 0 ) }>0

... so that the error clears itself after 5 minutes (the dummy .now() function forces zabbix_server to evaluate the trigger). Depends on what you want...

If there's constant activity in the log file, the .now() condition would be pretty useless as zabbix_server would evaluate triggers for every line.

As you can see the filtering pattern is an SQL pattern and not a regexp (so use % and ? as wildcard characters). Matching is case-insensitive unless your RDBMS is configured to be case sensitive.

**aic** · 27-12-2010, 20:04

Please could someone give me a hand with this?

I applied this solution and it worked. I am getting an event when a string appear in a file. I set up to get different severities.

But always the severity appear in green even if they show HIGH-CRITICAL-INFORMATION.

Any thoughts?

Thanks!!!

**hertell** · 27-12-2010, 23:40

I am monitoring logs with Swatch + Zabbix_ sender. This way zabbix does not need to waste resources on tailing logfiles. Works like a charm!

**aic** · 28-12-2010, 20:45

Please any suggestion to modify/fix this point.

I need to catch some error/information message in differents file and I would like to use log[] advantage. But, event thought I am getting the alert, this is not moved to Zabbix GUI.

Issue appear, issue is detected but trigger is not sending any mail alarm.

Any thoughts?

Suggestion it will be welcome!!!

aic

**hertell** · 28-12-2010, 21:07

Does the issue get into the item? Maybe you have a wrong item-type?

My opinion is that Swatch is the best thing to monitor logs:

Simple Log Watcher

http://sourceforge.net/projects/swatch/

Download Simple Log Watcher for free. swatchdog.pl started out as swatch, the "simple watchdog" for activity monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log.

**aic** · 28-12-2010, 21:19

hm....there is no possiblity. Because I have configured the Item like this:
- log[/my/app/to/monitor/erro.log]
I have selected "Type of Information: Log"

For example if I try to change Type of Information to Text I get this error "Type of information must be Log for log key".

Not sure about install swatch yet.

Thanks anyway.

**hertell** · 28-12-2010, 21:20

What about permissions? Can the zabbix-process owner read that file?

**aic** · 28-12-2010, 21:26

No problem with permissions. I am not getting erros like "Cannot stat". It is checking item-trigger.

Ad Widget

Triggers Based Upon Logs

Triggers Based Upon Logs

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment