Hey,
I have successfully configured my active agent to fetch syslogs from our linux instances (see images). However, how do I build a trigger that reads the log entries that are being piped from my item? When I look at the documentation it appears all triggers are defined as this:
So the above will read the file /var/log/syslog and if the line contains the string "segfault" it will raise the trigger. But for me this looks like it will not use my previously created item but instead read from the file again? Some explanation on this would be great.
I wish to read all lines that contain the word "kernel" into Zabbix. Then I want to have a trigger that read through those lines and trigger if it contains "segfault". Is this even doable? Or can I only read content into Zabbix for rows I wish to trigger on?
From the below example, this means that a trigger will be raised because the syslog logs that matches kernel also have a row that contains "segfault".
I have successfully configured my active agent to fetch syslogs from our linux instances (see images). However, how do I build a trigger that reads the log entries that are being piped from my item? When I look at the documentation it appears all triggers are defined as this:
Code:
{host:log[/var/log/syslog,error].strlen()}>0
I wish to read all lines that contain the word "kernel" into Zabbix. Then I want to have a trigger that read through those lines and trigger if it contains "segfault". Is this even doable? Or can I only read content into Zabbix for rows I wish to trigger on?
From the below example, this means that a trigger will be raised because the syslog logs that matches kernel also have a row that contains "segfault".