Ad Widget

Collapse

How to filter the results from a system.run[*] command?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • definity
    Junior Member
    • Sep 2021
    • 9
    #1

    How to filter the results from a system.run[*] command?

    So say if I run netstat -t and see all the TCP connection how would I filter out all the local host and local network connections?

    How do I filter results I get from system.run[*] in general and then use what I have filtered as a trigger or an alert?

    Thanks.
    Tags: filtering, item, system.run, trigger
    • niveastn
      Member
      • Oct 2021
      • 82
      #2
      Hey there!

      Depends what's your zabbix version... if you have newer versions, you can use preprocessing (item > preprocessing tab)
      Use the regex option and filter the lines with what you want.
      .*\b(localhost)\b.* will return all lines that have localhost in it

        Comment

        • niveastn
          Member
          • Oct 2021
          • 82
          #3
          Here is an example in action. I created an "SSH agent" item, with "netstat -t" as executed script.
          Then, I go to the preprocessing tab, and create a regex to get me only the first zabbix connection
          Click image for larger version Name: forum3.png Views: 368 Size: 20.3 KB ID: 435224

          Then, thats the result
          Click image for larger version Name: forum2.png Views: 357 Size: 53.4 KB ID: 435225

            Comment

            • Dwayne
              Junior Member
              • Feb 2025
              • 9
              #4
              so in theory if you create a filtered subset of the command output you can setup a parent item as above. you can even create items dependent on that one and populate them out with regex making a much tighter result, and allocate a trigger to alert on it. this gives you more control on how meaningful these alerts are and make them unique to a process/service and not 'everything' but still only run one request vs your server to do this

              ie if you filler for PROCESSA and LISTENING and you don't see that you can trigger on 'no data' for that item.

                Comment

                Previous template Next
                Working...