Ad Widget

Collapse

Filtering captured logs

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • dkoski
    Member
    • May 2016
    • 41
    #1

    Filtering captured logs

    With the task of reviewing Windows logs, I'm interested primarily in Error level records. I don't see a way to display only Error level events in the GUI. I only see filtering capabilities in capturing. I don't want to filter capturing. This seems like such a simple thing to implement but it doesn't exist? It would cut out probably 90 percent of log review time. This is a serious limitation. Furthermore, log triggers get reset whenever an Error event is followed by an Information level event. That makes no sense at all. But the main question is:

    How can log items be filtered in the GUI on Error level events and/or use other selection criteria based on event content? Or am I missing something?
    Tags: None
    • dkoski
      Member
      • May 2016
      • 41
      #2
      Re: "Zabbix is not event log viewer.." But you can view event logs with it. "..it is meant to generate events based on what is found in logs." I found it to be pretty useless for that unless you are interested only in triggering on specific criteria. Triggering on severity is useless with all the false positives it generates and the false resets. Unless the results could be filtered. That is exactly my point.

      I would do a direct SQL query on the database if I understood the table relationships but I haven't taken the time to understand it from a developer's perspective. It would be nice if someone would step forward and offer a little help on this.

        Comment

        • gofree
          #2.1
          gofree commented
          02-02-2021, 21:05
          Editing a comment
          You buy a car and complain that it cant fly ....Zabbix can do what it can do and its described pretty well in the documentation.
        • dkoski
          Member
          • May 2016
          • 41
          #3
          Re: "You buy a car and complain that it cant fly.." I got it that Zabbix is not capable. That is abundantly clear.

            Comment

            • gofree
              #3.1
              gofree commented
              03-02-2021, 07:56
              Editing a comment
              Zabbix never promised that so you can either program it yourself or contact zabbix and ask them how much and pay for it. They got their priorities, but I'm sure they be happy to consider your needs if you can fund them or get more people to fund it.
            • dkoski
              Member
              • May 2016
              • 41
              #4
              Re: "Zabbix never promised that.." Yep. I got that already. In fact I'm a DIY kind of guy. Now if someone could give me a clue on how to query the database, that would be great. But maybe this is the wrong forum.

                Comment

                • gofree
                  #4.1
                  gofree commented
                  03-02-2021, 19:20
                  Editing a comment
                  So connect to the database in something like dbeaver ( or any other db client ) and you can whatever you like in there, even see what and how is related. There are bit and pieces here https://zabbix.org/wiki/Docs/DB_schema ( can be bit outdated ) as the recommended way is to things through API and dont mess directly with DB. There is documentation part where is described how the db is created https://www.zabbix.com/documentation...all/db_scripts, the sql scripts can be downloaded and studied. You can also get a training from Zabbix where the DB schema is covered https://www.zabbix.com/training_expert.
                  This should get you started.
                  Last edited by gofree; 03-02-2021, 19:24.
                • dkoski
                  Member
                  • May 2016
                  • 41
                  #5
                  I will check that out. Looks like that is what I was looking for. I have seen the schema but was hoping for some kind if descriptive introduction given the complexity. But maybe the API will do it. Thanks!

                    Comment

                    • cyber
                      Senior Member
                      Zabbix Certified SpecialistZabbix Certified Professional
                      • Dec 2006
                      • 4806
                      #6
                      Zabbix is not event log viewer, it is meant to generate events based on what is found in logs. So it is pretty fundamental, that you only capture those events from logs, what are needed for your alarms. Pick them up based on eventID, severity etc..

                        Comment

                        • dkoski
                          Member
                          • May 2016
                          • 41
                          #7
                          Re: "Zabbix is not event log viewer.." You can view log events with Zabbix.

                            Comment

                            Previous template Next
                            Working...