Ad Widget

Collapse

Zabbix regexp

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • nixman
    Junior Member
    • Jul 2009
    • 8
    #1

    Zabbix regexp

    either Zabbix does not use POSIX regex or it's implementation is very limited...
    a simple POSIX expression like 'log[/var/adm/messages,"NOTICE:\s+[^c]"]' will generate nothing... find the string "NOTICE:", followed by 1 or more white space that is not followed immediately by the character "c"..... so since this fails I tried dropping all of the actual REGEXP and only searched for the string "NOTICE"... this gets all of the lines in the log including the lines that are not needed.... so I tried to create a trigger that would reduce the noise a bit...

    {server:log[/var/adm/messages,"NOTICE"]. regexp( core_log ) }#1 & {server:log[/var/adm/messages,"NOTICE"]. nodata( 30 ) }#1

    this works on servers that have generated "NOTICE" lines in their log file but for servers that have not generated "NOTICE" lines... it gives warnings every interval about not being able to evaluate the expression....

    Expression [{19745}#1 & {19744}#1] for item [35883][server:log[/var/adm/messages,"NOTICE"]] cannot be evaluated: unable to get function value: lastvalue IS NULL for function [19745][server:log[/var/adm/messages,"NOTICE"].regexp(core_log)]

    look... if it's value is NULL then no data has been collected from the item... that by definition would mean that the trigger is off... and I don't need to fill my server log file with misdirected crap stating that the expression can't be evaluated

    if anyone that knows Zabbix better has a solution on how I can accomplish this let me know
    Last edited by nixman; 19-08-2009, 16:28.
    Tags: None
    • nixman
      Junior Member
      • Jul 2009
      • 8
      #2
      nothing, welcome to the world of Zabbix

      time to give nagios a serious look

        Comment

        • Calimero
          Senior Member
          • Nov 2006
          • 481
          #3
          You may be encountering bug ZBX-1001 if you're running zabbix 1.6.5

          zabbix' log[] item uses case-sensitive POSIX "extended" regexps from what I've seen in the source code. Although not as powerful and/or practical as PCRE, you can still achieve some pretty advanced stuff, and POSIX REs are a bit more portable (well... maybe not the REs themselves but the libc calls are).

          ==> man 7 regex (and test your REs with egrep / grep -e)
          ==> Try log[/var/adm/messages,"NOTICE:[[:space:]]+[^c]"]

            Comment

            • youonce
              Junior Member
              • Aug 2009
              • 3
              #4
              zabbix trigger syntax information

              Hello! I would like to ask you. Where to create the trigger on the zabbix information. Can not be shared in a to me. Thanks!

                Comment

                • nixman
                  Junior Member
                  • Jul 2009
                  • 8
                  #5
                  Originally posted by Calimero
                  You may be encountering bug ZBX-1001 if you're running zabbix 1.6.5

                  zabbix' log[] item uses case-sensitive POSIX "extended" regexps from what I've seen in the source code. Although not as powerful and/or practical as PCRE, you can still achieve some pretty advanced stuff, and POSIX REs are a bit more portable (well... maybe not the REs themselves but the libc calls are).

                  ==> man 7 regex (and test your REs with egrep / grep -e)
                  ==> Try log[/var/adm/messages,"NOTICE:[[:space:]]+[^c]"]
                  Thanks Calimero, that seems to work....

                  since you are 100% so far... you don't happen to know if Zabbix can use alert to a local Jabber server do you?.... I created a 'zabbix' conference on an OpenFire Jabber server but using the identifier 'user@jabber-server/zabbix' just gets errors like.... (any way to turn off the SASL authentication?)... those messages just keep repeating on the retries so its a PITA...

                  14880:20090820:165302 JABBER: receiving error [6][4]
                  14880:20090820:165302 JABBER: disconnecting
                  14880:20090820:165302 JABBER: sasl authentication failed
                  14880:20090820:165904 JABBER: server disconnected
                  14880:20090820:165904 JABBER: disconnecting
                  14880:20090820:165904 JABBER: disconnecting

                    Comment

                    • nixman
                      Junior Member
                      • Jul 2009
                      • 8
                      #6
                      Originally posted by youonce
                      Hello! I would like to ask you. Where to create the trigger on the zabbix information. Can not be shared in a to me. Thanks!
                      to create a trigger use 'Configuration -> Triggers -> Create Trigger' .... the trigger is created based on the value of a monitored item... see the 'Trigger' subsection in the user doc's for the details.

                        Comment

                        • Calimero
                          Senior Member
                          • Nov 2006
                          • 481
                          #7
                          Originally posted by nixman
                          since you are 100% so far... you don't happen to know if Zabbix can use alert to a local Jabber server do you?.... I created a 'zabbix' conference on an OpenFire Jabber server but using the identifier 'user@jabber-server/zabbix' just gets errors like.... (any way to turn off the SASL authentication?)... those messages just keep repeating on the retries so its a PITA...
                          I won't be of any help on this one, we don't use Jabber over here.

                            Comment

                            • MrKen
                              Senior Member
                              • Oct 2008
                              • 652
                              #8
                              Originally posted by nixman

                              ... you don't happen to know if Zabbix can use alert to a local Jabber server do you?.... I created a 'zabbix' conference on an OpenFire Jabber server but using the identifier 'user@jabber-server/zabbix' just gets errors like.... (any way to turn off the SASL authentication?)... those messages just keep repeating on the retries so its a PITA...

                              14880:20090820:165302 JABBER: receiving error [6][4]
                              14880:20090820:165302 JABBER: disconnecting
                              14880:20090820:165302 JABBER: sasl authentication failed
                              14880:20090820:165904 JABBER: server disconnected
                              14880:20090820:165904 JABBER: disconnecting
                              14880:20090820:165904 JABBER: disconnecting
                              I'm sure you've got your Jabber problem sorted out already. But I just stumbled across this thread while looking for something else.

                              If it helps anyone, this is our setup:

                              Zabbix sends to [email protected]

                              Zabbix sends from [email protected]

                              Replace 'chat' with the jabber server name. [Change 'my' to 'your' ].
                              Don't forget Zabbix needs an account.
                              Actually, I recall having authentication problems when I set up jabber alerts. We used Wireshark to solve the problem, which was an error in the script.

                              If you're still having problems let me know and I'll try to track down what that error was.

                              MrKen
                              Disclaimer: All of the above is pure speculation.

                                Comment

                                Previous template Next
                                Working...