Hello,
I am a newbie to Zabbix. I tend to use zabbix to monitor application log if any problem event occurs.
In my case, the application reports various problem event with MAJOR severity into application log.
I can use item function logrt to monitor the log, then use trigger function str() to match the keyword 'MAJOR' to fire the alarm notification.
However in some cases, some error event are known issues, and the problem cannot be solved immediately.
Such that I want to temporary disable this error to stop the notification on that error event.
item: logrt['/tmp/applicaiton.log','CRITICAL|MAJOR|MINOR']
trigger: {server123:logrt[/tmp/application.log].str(ALARM,1)}=1
Sample application contents:
20200316 12:00:00.xxxx hostname MAJOR Failed to connect database server (192.168.0.1:1521)
20200316 12:00:01.xxxx hostname MAJOR procedure ABC threw exception bababa
20200316 12:00:02.xxxx hostname MAJOR procedure XYZ timeout <<< false alarm / unknown issue
20200316 12:00:03.xxxx hostname MAJOR procedure ABC client connection dropped
Is it possible to use trigger's problem expression like this? Do we have other better method?
{server123:logrt[/tmp/alarm.log].str(MAJOR,1)}=1
and
{server123:logrt[/tmp/alarm.log].str(false alarm)}=0
and
{server123:logrt[/tmp/alarm.log].str(known issue 123)}=0
and
{server123:logrt[/tmp/alarm.log].str(known issue 456)}=0
and
{server123:logrt[/tmp/alarm.log].str(known issue 789)}=0
and
.....
and
{server123:logrt[/tmp/alarm.log].str(known issue xxx)}=0
Please advise how to achieve that. Many Thanks!
I am a newbie to Zabbix. I tend to use zabbix to monitor application log if any problem event occurs.
In my case, the application reports various problem event with MAJOR severity into application log.
I can use item function logrt to monitor the log, then use trigger function str() to match the keyword 'MAJOR' to fire the alarm notification.
However in some cases, some error event are known issues, and the problem cannot be solved immediately.
Such that I want to temporary disable this error to stop the notification on that error event.
item: logrt['/tmp/applicaiton.log','CRITICAL|MAJOR|MINOR']
trigger: {server123:logrt[/tmp/application.log].str(ALARM,1)}=1
Sample application contents:
20200316 12:00:00.xxxx hostname MAJOR Failed to connect database server (192.168.0.1:1521)
20200316 12:00:01.xxxx hostname MAJOR procedure ABC threw exception bababa
20200316 12:00:02.xxxx hostname MAJOR procedure XYZ timeout <<< false alarm / unknown issue
20200316 12:00:03.xxxx hostname MAJOR procedure ABC client connection dropped
Is it possible to use trigger's problem expression like this? Do we have other better method?
{server123:logrt[/tmp/alarm.log].str(MAJOR,1)}=1
and
{server123:logrt[/tmp/alarm.log].str(false alarm)}=0
and
{server123:logrt[/tmp/alarm.log].str(known issue 123)}=0
and
{server123:logrt[/tmp/alarm.log].str(known issue 456)}=0
and
{server123:logrt[/tmp/alarm.log].str(known issue 789)}=0
and
.....
and
{server123:logrt[/tmp/alarm.log].str(known issue xxx)}=0
Please advise how to achieve that. Many Thanks!
Comment