Multiple triggers on same log item?
Hi,
I have a simple log item that should capture all lines with "Error" in it:
log[/var/log/freeradius/radius.log,Error]
Works fine. Now I would like to create a few triggers that are more granular in detecting what may be the error. Here are the requirements:
a) trigger should fire as soon as a string is matched in a log row
b) trigger should auto deactivate if there hasn't been a new row with the string matched for 10 minutes
c) trigger must not deactivate early when new log entries come in that don't contain the string
d) there should only be email notification when the trigger initially fires, not one per matching log row
So here is my first try:
{Template App FreeRADIUS:log[/var/log/freeradius/radius.log,Error].nodata(600)}=0 &
{Template App FreeRADIUS:log[/var/log/freeradius/radius.log,Error].str(rlm_jradius)}#0
At first this seemed to be meeting the requirements. When a log line was matched the trigger fired and went back to normal after 10 minutes. But the issue now was when I was when a log entry came in within the 10 minutes that did not match the string the trigger went back to normal early thus violating requiremtn c). It gets even worse when log lines alternated between a line with and a line without the match in quick succession...
So I thought that maybe extending the str() function with a time range would solve that:
{Template App FreeRADIUS:log[/var/log/freeradius/radius.log,Error].nodata(600)}=0 &
{Template App FreeRADIUS:log[/var/log/freeradius/radius.log,Error].str(rlm_jradius, 600)}#0
Again, at first this seemed to be working fine until for 10 minutes there was not log entry at all. Then Zabbix complained that the second expression would not compile.
Anybody has an idea on how to create a trigger that would satisfy my requirements?
I am using Zabbix 2.2.5.
Thanks
I have a simple log item that should capture all lines with "Error" in it:
log[/var/log/freeradius/radius.log,Error]
Works fine. Now I would like to create a few triggers that are more granular in detecting what may be the error. Here are the requirements:
a) trigger should fire as soon as a string is matched in a log row
b) trigger should auto deactivate if there hasn't been a new row with the string matched for 10 minutes
c) trigger must not deactivate early when new log entries come in that don't contain the string
d) there should only be email notification when the trigger initially fires, not one per matching log row
So here is my first try:
{Template App FreeRADIUS:log[/var/log/freeradius/radius.log,Error].nodata(600)}=0 &
{Template App FreeRADIUS:log[/var/log/freeradius/radius.log,Error].str(rlm_jradius)}#0
At first this seemed to be meeting the requirements. When a log line was matched the trigger fired and went back to normal after 10 minutes. But the issue now was when I was when a log entry came in within the 10 minutes that did not match the string the trigger went back to normal early thus violating requiremtn c). It gets even worse when log lines alternated between a line with and a line without the match in quick succession...
So I thought that maybe extending the str() function with a time range would solve that:
{Template App FreeRADIUS:log[/var/log/freeradius/radius.log,Error].nodata(600)}=0 &
{Template App FreeRADIUS:log[/var/log/freeradius/radius.log,Error].str(rlm_jradius, 600)}#0
Again, at first this seemed to be working fine until for 10 minutes there was not log entry at all. Then Zabbix complained that the second expression would not compile.
Anybody has an idea on how to create a trigger that would satisfy my requirements?
I am using Zabbix 2.2.5.
Thanks
Comment