I have created my log monitoring two ways. Here is the first Item expression: system.run[/var/lib/zabbix/grep_log.sh]. This basically looks at 'error\|failed\|panic\|critical'. That's great except we get all alerts. For example: "dnf: A common cause of this error code is due to...." My team does not want to see these. So I have this massive command line of grep -v dnf | grep -v guard_tap | grep -v and on and on for the exceptions we do not want alerted on.
I created a new item today to see what I could do but I am stuck. I used a regular expression called Log_Filter1 with a list of expressions: Result is TRUE error; Result is TRUE fail; Result is TRUE panic etc. Then I create an item for this with the expression "log[/var/log/messages,@Log_Filter1,,,skip,,,,]". But I am stuck as to how to create the exception for this. It also will not recover.
Or, if anyone has another way you have been able to do system log monitoring but allow for exceptions, I would appreciate the help.
I created a new item today to see what I could do but I am stuck. I used a regular expression called Log_Filter1 with a list of expressions: Result is TRUE error; Result is TRUE fail; Result is TRUE panic etc. Then I create an item for this with the expression "log[/var/log/messages,@Log_Filter1,,,skip,,,,]". But I am stuck as to how to create the exception for this. It also will not recover.
Or, if anyone has another way you have been able to do system log monitoring but allow for exceptions, I would appreciate the help.