Hi all,
I want to monitor if for example three different patterns appear in /var/log/messages. To do this I can create three log file items, each with a certain regex pattern. This gives me the possiblity to check if the first pattern appeared N times in the last hour.
Now when thinking of performance, it may be better to merge those three pattern into one regex. So I only have on log item. But then I lose the flexiblity from above, i.e. using trigger functions on exactly one pattern.
How is zabbix handling this? Are log items which work on the same log file beeing pooled into one data stream? Or is the agentd doing this for every item separately?
What would be the best way to set this up?
log[/var/log/messages,pattern1]
log[/var/log/messages,pattern2]
log[/var/log/messages,pattern3]
vs.
log[/var/log/messages,pattern1|pattern2|pattern3]
And so:
{host: log[/var/log/messages,pattern1].somefunc()}=X
vs.
{host: log[/var/log/messages,pattern1|pattern2|pattern3].somefunc()}=X
TIA
tvtue
I want to monitor if for example three different patterns appear in /var/log/messages. To do this I can create three log file items, each with a certain regex pattern. This gives me the possiblity to check if the first pattern appeared N times in the last hour.
Now when thinking of performance, it may be better to merge those three pattern into one regex. So I only have on log item. But then I lose the flexiblity from above, i.e. using trigger functions on exactly one pattern.
How is zabbix handling this? Are log items which work on the same log file beeing pooled into one data stream? Or is the agentd doing this for every item separately?
What would be the best way to set this up?
log[/var/log/messages,pattern1]
log[/var/log/messages,pattern2]
log[/var/log/messages,pattern3]
vs.
log[/var/log/messages,pattern1|pattern2|pattern3]
And so:
{host: log[/var/log/messages,pattern1].somefunc()}=X
vs.
{host: log[/var/log/messages,pattern1|pattern2|pattern3].somefunc()}=X
TIA
tvtue
Comment