Hello,

I am new in zabbix and still learning and exploring. We are currently doing a proof of concept for zabbix, and one of the requirements is to monitor the syslog server for a keyword "errpt", and send an alert if found. The errpt is basically the error log report from an AIX machine, it contains this output:

errpt: LABEL: FCP_ERR6
errpt: IDENTIFIER: DC73C03A
errpt:
errpt: Date/Time: Wed Mar 1 01:04:18 2023

and many more lines. So I created an ITEM, that will look for the keyword "errpt". This one works, it did show up in the Last Data output. What we wanted now is to setup a trigger, so that when it received this errpt, it will send a single email containing all those errpt lines. Unfortunately, what happened is, it did send an email, but it send an email for each line the errpr occurs, instead of just one email with all those lines in the message.

Can anyone help me or provide me some procedures or idea how I can achieve this one. This is what my trigger expression look like.

find(/AIX Error Log/log[/var/syslog/syslog,errpt,,,skip,,,,],1s,"like","errpt")<>0

Thanks in advance.
ST