Ad Widget

**Colttt** · 05-10-2012, 13:58

an example:

Code:

{SERVER:log[/var/log/syslog,zabbixtest].count(180)}>2

if zabbix found "zabbixtest" 3times in the last 180seconds = alarm

**pradhanparas** · 12-10-2012, 00:01

Thanks for the reply. I am not seeing anything by doing that. This is what I have done so far

Create Item:

Host: myhostname

Name: Log Item

Type: Zabbix agent (active)

Key: log[var/log/messages,error]

Next values are left default

Create Trigger:

Name: Log Item Trigger

Expression: {myhostname:log[/var/log/messages,error].count(180)}>0

Now how to test?

I did : echo "error" >> /var/log/messages.

What did I miss?

Thanks in Avd
Paras.

**pradhanparas** · 16-10-2012, 19:23

So far this working now. I got the wrong Serveractive ip. So this has been fixed.

One more question:

What is the good practise to monitor the log files? Look for Error, Warning, CPU, pam_ldap?. Can we do like this?

log[/var/log/messages, error , warning, Error, WARNING] in single key?

Thanks!
Paras.

**nicolasg** · 19-10-2012, 15:54

So far this working now. I got the wrong Serveractive ip. So this has been fixed

Can you be more specific ? I have the same problem trying to monitoring a log file for a specific keyword..

**pradhanparas** · 19-10-2012, 16:48

I had client's IP in Serveractive instead of Server's ip where zabbix_server is running.

Paras.

**jerrylenk** · 19-10-2012, 18:27

Originally posted by pradhanparas

Can we do like this?

log[/var/log/messages, error , warning, Error, WARNING] in single key?

Hi there, Paras and Nicolas,

That is not how it's done. Only the second argument to the log[] key is taken as pattern to filter the log.
Edit: It does not behave like I would expect with regexp, but I am trying this right now....

If you absolutely want to use the count() function for a trigger, please look at this thread for a caveat, but rather try nodata().

Good luck! Jerry

**jerrylenk** · 19-10-2012, 19:33

OK...

Seems not so complicated after all:

[Ff]ehl finds words like 'Fehler', 'fehler', 'fehlgeschlagen', ...
(I'm german; that's how we spell failure)

ERR|err finds 'err', 'error', 'ERROR', 'verraten', but not 'erRor'.

Hope this helps.

Ad Widget

Log files monitoring

Log files monitoring

Comment

Comment

Comment

Comment

Comment

Comment

Comment