Ad Widget

Collapse

Monitor Linux Logs

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • knarfling
    Member
    • Sep 2006
    • 47
    #1

    Monitor Linux Logs

    I have seen several posts about the Windows Event Logs, but very little in regards to Linux/Unix Logs. What I am trying to do is monitor the /var/log/secure and get an email if someone tries to log in using ssh and fails.

    The item setup page on 1.1.2 has data type of log, but I am not sure how to set up the key. Usually I get Not Supported and no information, so I think I am missing something. Do I need to have a custom user perameter in zabbix_agentd.conf, or should I be able to do it with the standard configuration?
    Tags: None
    • James Wells
      Senior Member
      • Jun 2005
      • 664
      #2
      Greetings,

      Yes, you can use standard Zabbix agent, however, you have to use Zabbix Agent (Active) as your item type. Next, you need to configure the date format for the item to match what your log file uses.
      Unofficial Zabbix Developer

        Comment

        • knarfling
          Member
          • Sep 2006
          • 47
          #3
          date format

          Thank you for your reply.

          After searching, I found this thread that talks about the date format. However, my logs list the month as a three letter abbreviation, and it seems that the function does not recognize letters in the date format.

          Is this something that can be changed, or do I need to find a way to change syslog to show the date in numeric format only?

            Comment

            • James Wells
              Senior Member
              • Jun 2005
              • 664
              #4
              Originally posted by knarfling
              Is this something that can be changed, or do I need to find a way to change syslog to show the date in numeric format only?
              At present, no, though I will probably create a patch in the future to support it. I suspect the reason this is limited to numeric only time stamps is due to internationalization. It would be fairly expensive to support the 3 letter month abbreviation for each language set.
              Unofficial Zabbix Developer

                Comment

                • marchday2004
                  Junior Member
                  • Jul 2006
                  • 3
                  #5
                  How to configure key

                  Originally posted by James Wells
                  Greetings,

                  Yes, you can use standard Zabbix agent, however, you have to use Zabbix Agent (Active) as your item type. Next, you need to configure the date format for the item to match what your log file uses.
                  Which 'Key' item should I select? Thanks.

                    Comment

                    Previous template Next
                    Working...