Ad Widget

Collapse

Eventlog[application]

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ferri
    Junior Member
    • Mar 2011
    • 26
    #1

    Eventlog[application]

    Hi everyone,
    I have a problem, and I need your help, please!
    I want to check if my backups works correctly everyday. To do that I use several items, the first one analyze a log file to find a determined keyword and the others are eventlog[application].


    After that, I have a trigger that gather those items together:
    ({Sauvegardes:vfs.file.regmatch[{$FICHIER},{$MOT}].last(0)}=1) | ({Sauvegardes:eventlog[Application,,,"NTBackup",8019].logseverity(0)}=4) | ({Sauvegardes:eventlog[Application,,,"NTBackup",8017].logseverity(0)}=4)

    Therefore, if something wrong happen with one item, the trigger pass to the PROBLEM state.

    On tuesday, I had a problem with NTBackup (event 8017), so the trigger was in RED (in the overview section): Normal.
    Today, the backup succeeded (in that case, I don't receive an event 8017) but the trigger is still in red because it keep the last value of this item.
    You can see the last values of my items:


    Here is my problem, I would like to link an item to the present-day date.

    I hope someone could help me.
    Thanks!
    Last edited by ferri; 20-04-2011, 11:15.
    Tags: None
    • mjsr
      Junior Member
      • Feb 2011
      • 15
      #2
      Salut,

      I believe the trigger is still triggered because you'r not checking the time since that eventlog item was launched.

      You should check if that log entry still is on the eventlog transfered data to zabbix server after a certain amount of time. To check that, you should add another condition, for example:

      Example:
      ({Sauvegardes:eventlog[Application,,,"NTBackup",8017].logseverity(0)}=4) & ({Sauvegardes:eventlog[Application,,,"NTBackup",8017].nodata(3600)}=0)
      The nodata checks that you didn't have this error for the past hour (the argument is in seconds).

      You might have problems adding all those conditions to a single trigger as there are nested logical operations. I explain myself:

      Actually you have:
      A=({Sauvegardes:vfs.file.regmatch[{$FICHIER},{$MOT}].last(0)}=1)
      B=({Sauvegardes:eventlog[Application,,,"NTBackup",8019].logseverity(0)}=4)
      C=({Sauvegardes:eventlog[Application,,,"NTBackup",8017].logseverity(0)}=4)

      A | B | C
      You'll need to have:
      Actually you have:
      X=({Sauvegardes:eventlog[Application,,,"NTBackup",8019].nodata(3600)}=0)
      Y=({Sauvegardes:eventlog[Application,,,"NTBackup",8017].nodata(3600)}=0)

      A | (B & X) | (C & Y)
      Try breaking that down and do some tests.

      Hope it helps...

      À plus!

        Comment

        • ferri
          Junior Member
          • Mar 2011
          • 26
          #3
          Thank you very much, I think everything is OK.
          Merci beaucoup

            Comment

            • ehermouet
              Member
              • May 2011
              • 50
              #4
              Salut,

              I have installed this monitoring system with eventlog, but it's not work. i have an unknow on my system. anybody can help me ?

              merci d'avance

                Comment

                Previous template Next
                Working...