Ad Widget

Collapse

How to monitor a file using a trigger

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • maroctech
    Junior Member
    • Aug 2011
    • 10
    #1

    How to monitor a file using a trigger

    Hi, I have installed zabbix recently and I am trying to implemant a trigger that monitors the modification of any system file (the host is under windows )

    I don't know if I need to create a new trigger or it should be under windows template !!
    Tags: trigger creation
    • Davidus
      Senior Member
      • Dec 2010
      • 281
      #2
      Here is zabbix manual http://www.zabbix.com/documentation/1.8/start
      definitely useful thing

        Comment

        • hirschnf
          Member
          • Jan 2010
          • 56
          #3
          yes, have a look to the manual. But here some hints:

          define for every file you want to monitor an item with the key
          Code:
          vfs.file.cksum[file]
          So you will get the checksum of this file.
          Then define a trigger with an expression like this:
          Code:
          {Template_xxx:vfs.file.cksum[file].abschange(0)}#0
          I think the "#" is for NOT.
          So if the monitored file change the checksum will change and the trigger will be set.

            Comment

            • maroctech
              Junior Member
              • Aug 2011
              • 10
              #4
              Originally posted by Davidus
              Here is zabbix manual http://www.zabbix.com/documentation/1.8/start
              definitely useful thing
              thanks I just found it .

              Example 3

              /etc/passwd has been changed

              Use of function diff:

              {www.zabbix.com:vfs.file.cksum[/etc/passwd].diff(0)}>0

              The expression is true when the previous value of checksum of /etc/passwd differs from the most recent one.

              Similar expressions could be useful to monitor changes in important files, such as /etc/passwd, /etc/inetd.conf, /kernel, etc.

                Comment

                • maroctech
                  Junior Member
                  • Aug 2011
                  • 10
                  #5
                  Originally posted by hirschnf
                  yes, have a look to the manual. But here some hints:

                  define for every file you want to monitor an item with the key
                  Code:
                  vfs.file.cksum[file]
                  So you will get the checksum of this file.
                  Then define a trigger with an expression like this:
                  Code:
                  {Template_xxx:vfs.file.cksum[file].abschange(0)}#0
                  I think the "#" is for NOT.
                  So if the monitored file change the checksum will change and the trigger will be set.
                  I did that but I can c any of my newly modified files in the "Latest Data" section .what is it I'm missing here ?

                    Comment

                    Previous template Next
                    Working...