Ad Widget

Collapse

Logstash and Zabbix

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Nvaid
    Junior Member
    Zabbix Certified Specialist
    • Dec 2013
    • 8
    #1

    Logstash and Zabbix

    Hello all,

    I have been trying to get logstash to work with zabbix for a couple of days now. I for the life of me can't figure out how to get it to work.

    Does anyone have any success with the filters for logstash and items in zabbix?

    If you do, could you provide and example of a working one?

    Thank you.
    Tags: None
    • mlabelle
      Junior Member
      • Dec 2013
      • 8
      #2
      Not sur what exactly do you search...

      If you want to manage zabbix server log inside of logstash/elasticsearch

      this is my config to parse zabbix log

      Code:
      if [type] == "zabbix-server" {
        grok {
              match => ["message", "%{INT:zabpid}:%{BASE16NUM:zabdate}:%{BASE16FLOAT:zabtime} item \[%{DATA:zabhost}:%{DATA:zabkey}\[%{DATA:zabparam}\]\] %{GREEDYDATA:zabmsg}"]
              match => ["message", "%{INT:zabpid}:%{BASE16NUM:zabdate}:%{BASE16FLOAT:zabtime} item \[%{DATA:zabhost}:%{DATA:zabkey}\] %{GREEDYDATA:zabmsg}"]
              match => ["message", "%{INT:zabpid}:%{BASE16NUM:zabdate}:%{BASE16FLOAT:zabtime} %{GREEDYDATA:zabmsg}" ]
        }


        mutate {
             rename => ["host", "logsource"]
             replace => ["message", "%{zabmsg}"]
             replace => ["timestamp", "%{zabdate} %{zabtime}" ]
        }
  }

        Comment

        • zabbixfk
          Senior Member
          • Jun 2013
          • 256
          #3
          Is this working for you? I wanted to send out zabbix logs to logstash/elk for better visualisaiton to understand better from zabbix logs. I am now having about 200Mb per 15mins logs and searching these is kind of difficult.
          Thanks

            Comment

            • GPegel
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2015
              • 113
              #4
              do not forget to add the correct read/ownership permissions on the log files! If Logstash does not have the correct permissions it will not read the log files.

              To clarify my setup.

              1. host running zabbix server and logstash
              2. host running redis
              3. host running logstash
              4. host running elasticsearch
              5. host running kibana

              1. logstash sends zabbix log files to my redis server. Logstash has read permissions on zabbix log flies.
              2. retreives values from 1 and keeps it there in memory
              3. pulling from 2, adding extra fields based on type of logs and sends result to 4 AND to 1 using the logstash-outpit-zabbix plugin.
              4. indexing data based on values received from 3.
              5. in kibana you can query through the log files

              Extra notes to point 3. I'm using Zabbix trappers to get the data processed by Logstash in Zabbix and that gives me the option to create alerts based on the received logging.
              Last edited by GPegel; 20-02-2018, 14:40.

                Comment

                Previous template Next
                Working...