Hello, I've got a snort logging to a logfile on a machine which has a Zabbix agent running. I want my Zabbix master server to trigger when a new line appears in the logfile. This trigger should send me an alert. Then I want the trigger to revert to OK, after a timeout, say 15 minutes. I have this working, except that it sends a multiple alerts, in my case via XMPP. One every 30 seconds during the timeout period. How can I get it to only send me one alert per new line?
Trigger is :-
{myserver:log[/var/log/snort/alert,,,,skip,].nodata(15m)}=0
I've tried adding AND triggers, e.g. as above with nodata replaced by regexp , diff but no luck. I've used active checks also in the item. I tried searching for this issue, the nearest I could find was this:-
but that seems a bit complicated.
Thanks for reading.
Trigger is :-
{myserver:log[/var/log/snort/alert,,,,skip,].nodata(15m)}=0
I've tried adding AND triggers, e.g. as above with nodata replaced by regexp , diff but no luck. I've used active checks also in the item. I tried searching for this issue, the nearest I could find was this:-
but that seems a bit complicated.
Thanks for reading.
Comment