Ad Widget

Collapse

Zabbix event log monitoring - auto close problem

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Stephen J Capita
    Junior Member
    • Mar 2022
    • 13
    #1

    Zabbix event log monitoring - auto close problem

    I am using zabbix 5.0.17 and setting it up to monitor windows event logs. It generates a problem ok when an event log is monitored. What I want to do is get zabbix to auto close it, if it does not receive another event with in a few minutes of the first alert.

    Currently I have this setup as a test item

    Click image for larger version Name: 1.png Views: 2116 Size: 39.6 KB ID: 442413

    Then I have a trigger

    Click image for larger version Name: 2.png Views: 2051 Size: 29.5 KB ID: 442414

    So what I would like is to allow the problem be open long enough for it to be emailed out, then close the problem. If a new event log is triggered then it would do the same. The only thing I can think of is it would need to allow for creating several events very close together.
    Tags: None
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4807
      #2
      "... and nodata(5m)=0" adjust time according to your needs... nodata is recalculated in every 30sec, so no reason to go below that...

        Comment

        • Stephen J Capita
          Junior Member
          • Mar 2022
          • 13
          #3
          That seems to work well thank you!

          So I set up my trigger like this:

          Click image for larger version Name: Capture.png Views: 2060 Size: 32.6 KB ID: 442462

          Then I generated a test windows event log. Here you can see the first one it generated a problem, then because it did not get any data within 30 seconds, it closed it off. In the second one I generated two or 3 of the same event log in under 30 seconds, so it kept the problem open until it did not receive another one in 30 seconds, so it kept it open for just over a minute.

          This would mean that unlike our old alerting software would potentially send out hundreds of emails if an event log was generated multiple times, it should just send out the one email,

          Plus then depending on the severity of the event I should be able to control how often it repeats in the actions.

            Comment

            Previous template Next
            Working...