Help with a log file

cyberfarer

Junior Member

Joined: Apr 2014

Posts: 2
#1

Help with a log file

03-04-2014, 16:53

Greetings,

I want to capture failied sudo attempts. I created an item that looks like this:

Code:

log["/var/log/auth.log","sudo:auth","UTF-8",1]

It works and I can view the sudo history in Zabbix. So next I created a trigger that looks like this:

Code:

{host:log["/var/log/auth.log","sudo:auth","UTF-8",1].str("authentication failure")}=0

This trigger makes all warnings go away. If I change it to this:

Code:

{host:log["/var/log/auth.log","sudo:auth","UTF-8",1].str("authentication failure")}=1

The warnings never go away.

I've read the docs and searched for help but it just isn't clear to me how to capture specific log events and clear them after a period of time or after the log period expires. Any help is appreciated.

Thanks.

Last edited by cyberfarer; 03-04-2014, 19:13.
Tags: failed authentication, logging, sudo
cyberfarer

Junior Member

Joined: Apr 2014

Posts: 2
#2

03-04-2014, 21:54

I think I have it.

Item:

Code:

log["/var/log/auth.log","authentication failure","UTF-8",1]

Trigger:

Code:

{host:log["/var/log/auth.log","authentication failure","UTF-8",1].nodata(30)}=0

Found here: http://theholyjava.wordpress.com/201...th-zabbix-1-8/
Comment

Ad Widget