No one knows? Or I didn't make myself clear?

When the trigger status is problem, the alert message doesn't send me the log detail with the "ERR" keyword, but the "OK".

Don't know why.

Might be your description of the problem is not quite clear.
Are you getting mail notifications when the log message is OK instead of any of the error strings?

Could you post your item expressions, trigger expressions and the condition of notification action?

Jerry

Hi Jerry,

Thanks for you reply.

Yes, I got the problem notification with the "OK" log message.

Here are some settings of this item:
Key:
log["/tmp/live-mon-log/error.log","","UTF-8",10]
Interval:
300s
Trigger:
(({EDGE:log["/tmp/live-mon-log/error.log","","UTF-8",10].regexp([ERR])})#0)

Now I can almost get the right notifications.

On my monitored server, a script will check service status and write log to /tmp/xxx.log, which is running in crontab mode in everyth 5min, when the script run once, at least 20 rows of new log will be appended to the log file, some are error log, some are ok log. For the first time I set this item, the max line number is 100, and zabbix read all the 20 rows of log, the first row is error info and it fired the trigger, but zabbix send me the last row which is ok. Now I reduced the max line to 10, and almost ok.

Sorry for my poor English.

I an not sure if the square brackets in function regexp([ERR]) are required.
You could try leaving them out (ERR) or replacing them by double quotes. ("ERR")