Hi,
let me quickly introduce myself. I am very new to Zabbix, Zabbix v3 is the first and the only version of Zabbix that I have ever used. I am now trying to understand the main concepts and how to set up things I want to monitor in the correct way. Zabbix official documentation helps me a lot, however I'm feeling stuck now.
My current situation in the very abstract way is such: I want to set up the monitoring of log file.
Problem no. 1
My item’s key is: log[/var/log/messages,"err|crit|alert|emerg"], and the trigger is like:
If I then produce several different errors for the same item / trigger:
they will all be shown in Monitoring -> Events screen (as well as in Monitoring -> Latest values -> History, for the item itself), but only the last one is shown in the main dashboard:
Question: is there a way (or workaround) to display both errors (I mean not the fact, that there was an error, but the error itself) in the main dashboard?
Problem no. 2
In the previous image you can see, that my initial errors are shown @ 19:06:09 and then each 30 seconds there is produced new line with "PROBLEM", because I selected this "Multiple PROBLEM events generation" together with nodata() function in my trigger (https://support.zabbix.com/browse/ZBXNEXT-2452). So even if no new data comes to my item, trigger generates a new problem…
Question: is there a way to avoid those new "each-30-seconds" "PROBLEM" messages?
Problem no. 3
Say I have a trigger with expression:
{Giedrius Zabbix server:log[/var/log/messages,(err|warning)].nodata(300)}=0
and
{Giedrius Zabbix server:log[/var/log/messages,(err|warning)].regexp(err,300)}<>0
My goal here is to have a single item and multiple triggers for it. This current trigger should be:
a) in status "PROBLEM" for 5 minutes since the last item value with pattern "err"
b) not being dependent only on "the very last value" of the item as it can rapidly change (number 300 in regexp)
c) without hardcoding some 10 last values like: .regexp(err,#10)}<>0
This expression would work ok if I would send data from agent periodically (and also be sure that there is some data generated to be sent!). But as I already have regexp (err|warning) in my Item’s key, I do not get data until "err" or "warning" appears in /var/log/messages. So what happens next my second part of expression becomes not valid after 300 seconds pass from the last update of the item:
Which sounds both logical and not for me.
I have read here: https://www.zabbix.com/forum/showthr...183#post176183 and in some other discussions, that I’m not the only one with this issue…
Question: what is the correct way to reach my goal (goal is described above, at the beginning of "Problem no. 3")?
let me quickly introduce myself. I am very new to Zabbix, Zabbix v3 is the first and the only version of Zabbix that I have ever used. I am now trying to understand the main concepts and how to set up things I want to monitor in the correct way. Zabbix official documentation helps me a lot, however I'm feeling stuck now.
My current situation in the very abstract way is such: I want to set up the monitoring of log file.
Problem no. 1
My item’s key is: log[/var/log/messages,"err|crit|alert|emerg"], and the trigger is like:
If I then produce several different errors for the same item / trigger:
they will all be shown in Monitoring -> Events screen (as well as in Monitoring -> Latest values -> History, for the item itself), but only the last one is shown in the main dashboard:
Question: is there a way (or workaround) to display both errors (I mean not the fact, that there was an error, but the error itself) in the main dashboard?
Problem no. 2
In the previous image you can see, that my initial errors are shown @ 19:06:09 and then each 30 seconds there is produced new line with "PROBLEM", because I selected this "Multiple PROBLEM events generation" together with nodata() function in my trigger (https://support.zabbix.com/browse/ZBXNEXT-2452). So even if no new data comes to my item, trigger generates a new problem…
Question: is there a way to avoid those new "each-30-seconds" "PROBLEM" messages?
Problem no. 3
Say I have a trigger with expression:
{Giedrius Zabbix server:log[/var/log/messages,(err|warning)].nodata(300)}=0
and
{Giedrius Zabbix server:log[/var/log/messages,(err|warning)].regexp(err,300)}<>0
My goal here is to have a single item and multiple triggers for it. This current trigger should be:
a) in status "PROBLEM" for 5 minutes since the last item value with pattern "err"
b) not being dependent only on "the very last value" of the item as it can rapidly change (number 300 in regexp)
c) without hardcoding some 10 last values like: .regexp(err,#10)}<>0
This expression would work ok if I would send data from agent periodically (and also be sure that there is some data generated to be sent!). But as I already have regexp (err|warning) in my Item’s key, I do not get data until "err" or "warning" appears in /var/log/messages. So what happens next my second part of expression becomes not valid after 300 seconds pass from the last update of the item:
Which sounds both logical and not for me.
- Logical, because for more than 300 seconds my item was not updated (but still, I would think it should fall under FALSE (i.e. trigger should be with status OK) in this case, i.e. in human language: "there were no lines in your item with 'err' during last 5 minutes, in fact, there were no new lines at all!")
- Not logical, because I have "a" AND "b", and in this case, my "a" – ".nodata(300)}=0" – is already FALSE (no new data was sent to my item), so there should be no point in checking the "b" as it is already clear that the whole expression is "FALSE" from the "a" (i.e. "short-circuit" evaluation, https://msdn.microsoft.com/en-us/lib...(v=vs.71).aspx)
I have read here: https://www.zabbix.com/forum/showthr...183#post176183 and in some other discussions, that I’m not the only one with this issue…
Question: what is the correct way to reach my goal (goal is described above, at the beginning of "Problem no. 3")?
Comment