Ad Widget

Collapse

log monitor of block

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • marc55
    Junior Member
    • Sep 2014
    • 18
    #1

    log monitor of block

    HI,
    I would like to monitor a block in log file, for instance
    I have this kind of entries in log file (on several lines)

    ERROR:this is a new error:ERROR
    DETAIL: description of this error
    ....
    other relevant informationETAIL
    HOST:myhost:HOST

    Is it possible using zabbix log monitoring to catch what we have between DETAIL when zabbix see ERROR

    I guess that we could use extended zabbix agent, but as it's log file, it's not easy to do that (must start at the last entry at next polling, or start at the begining if log file has been recreated etc ...)

    Thank's for your help
    Regards,
    Marc
    Tags: None
    • jan.garaj
      Senior Member
      Zabbix Certified Specialist
      • Jan 2010
      • 506
      #2
      POC:
      Code:
      log[/path/to/file/file_name,<regexp>,,,,/1]
      regexp must to match information, which you need (ERROR.*DETAIL) - this can be big challenge.

      You don't need to care about last entry or rotation of log file - zabbix agent is prepared for these situations.

      Read manual:
      6 Log file monitoring
      https://www.zabbix.com/documentation/2.4/manual/config/items/itemtypes/log_items

      1 Zabbix agent
      https://www.zabbix.com/documentation/2.4/manual/config/items/itemtypes/zabbix_agent#supported_item_keys
      Devops Monitoring Expert advice: Dockerize/automate/monitor all the things.
      My DevOps stack: Docker / Kubernetes / Mesos / ECS / Terraform / Elasticsearch / Zabbix / Grafana / Puppet / Ansible / Vagrant

        Comment

        • marc55
          Junior Member
          • Sep 2014
          • 18
          #3
          Hi
          Thank's for your answer but seems not working
          Here is my test
          I created a log file that contain following entries

          ERROR:detail descrition line1
          detail description line2:ERROR

          and I created a log item with following keys
          log[C:/ZABBIX_AGENT/log.txt,ERROR.*):ERROR,,,,\1]
          I got nothing

          So I created this new item
          log[C:/ZABBIX_AGENT/log.txt,ERROR.*),,,,\1]
          and I got "detail descrition line1" as output
          So I assume that it only analysed the first line which correctly corresponds to the pattern.
          Question, how can I analyse the full block (between ERROR tag) and not only one line?

          Regards,
          Marc

            Comment

            • jan.garaj
              Senior Member
              Zabbix Certified Specialist
              • Jan 2010
              • 506
              #4
              You need to write right regular expression. (ERROR.*DETAIL) was only proof of concept. You need to investigate right POSIX regular expression. Use some online tools for testing.
              Devops Monitoring Expert advice: Dockerize/automate/monitor all the things.
              My DevOps stack: Docker / Kubernetes / Mesos / ECS / Terraform / Elasticsearch / Zabbix / Grafana / Puppet / Ansible / Vagrant

                Comment

                Previous template Next
                Working...