Ad Widget

Collapse

Exclude list for monitoring a log file

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • mrav
    Junior Member
    • Jun 2012
    • 28
    #1

    Exclude list for monitoring a log file

    Hello,

    I have a question about exclude list for logs monitoring.
    Zabbix has a trigger:


    {hostname_1:logrt["/mnt/data/log/^log_[0-9]{8}_[0-9]{9}.log$","FAIL|ERR|Missing the connection param IP","UTF-8",10].nodata(120)}#1

    Such kind of trigger will send all notifications, which contains, for example, "ERR". But I want to exclude unwanted alerts, which looks like:

    - ERR ...... .... Connection closed [gfix_session_inst
    - ERR ...... .... is not logged on yet
    - ERR ...... .... on_logon_request

    How to create such kind of exclude list?

    Thanks in advance!
    Last edited by mrav; 13-02-2014, 10:19.
    Tags: None
    • zivagolee
      Junior Member
      • Apr 2014
      • 1
      #2
      Anyone else have any comments on this?

        Comment

        • filipp.sudanov
          Senior Member
          Zabbix Certified Specialist
          • May 2014
          • 137
          #3
          Looks like such filtering could be done with regular expressions.
          In Administration --> General select "Regular expressions" in the drop-down on the right. Create a new regular expression.

          Add expression "FAIL|ERR|Missing the connection param IP" with type "Result is TRUE".

          Now add an expression for each exlusion, e.t. "ERR ...... .... Connection closed [gfix_session_inst", etc with type ". Expression type should be "Character string not included".

          You can move to "Test" tab and check the logic. Expressions are combined with AND logic, so combined result will be TRUE only when all expressions are TRUE.

          Give a name, e.g. "err", to the regular expression and save it. Now you can use it in your log monitoring item key, e.g. "log[/tmp/1.log,@err]".

            Comment

            • tvtue
              Member
              • Sep 2012
              • 71
              #4
              Hello filipp.sudanov,

              is this the only way to implement negation in regular expressions?

              What if I am using a macro say {$PATTERN_ERROR} in the item like so:

              log[/var/log/my.log,{$PATTERN_ERROR}]"

              The macro is being overwritten on a template or host basis. Thus mail servers have a different pattern then webservers etc.

              Do I really have to define each macro as a regex under Administration --> General select "Regular expressions" ?

              thanks
              tvtue

                Comment

                Previous template Next
                Working...