Hi all

I have a linux server (RHEL5.2) and I want to monitor when someone logs in successfully.

I have figured I could monitor the /var/log/secure file for the key word "Accepted". I set up.

I created the Item
log[/var/log/secure ,Accepted]
Zabbix agent(active)
type : log
applications: log files

and the trigger
{Template_linux:log[var/log/secure ,Accepted].str(Accepted)}=1
normal
or
normal + multiple TRUE events
and I created the action to email me.

when I check the zabbix_agentd.log file on the monitored server it tells me:
Cannot open [/var/log/secure ,Accepted] [No such file or directory]

when I change it to
{Template_linux:log[var/log/secure].str(Accepted)}=1
or
{Template_linux:log[var/log/secure].regexp(Accepted)}=1

it seems to accept item and trigger and sends me email but it seems to send me email on every line that comes in not just if i contains "Accepted." I did give the file read access to the zabbix group.

Can anybody help please. Is nobody using zabbix to monitor log files or am I doing something wrong?? The documentation on log files seem very weak. Or my zabbix does not understand what should be happening.

I have zabbix 1.6.5 as the server and all agents.