Ad Widget

Collapse

Trigger on high severity errors in SQL Server Error log

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • JeroenvanH
    Junior Member
    • Oct 2023
    • 4
    #1

    Trigger on high severity errors in SQL Server Error log

    I'm trying to achieve 2 alerts with zabbix;

    - When in the SQL Server Error log an entry is added with (in the tekst) Severity 19, 20, 21, 22, 23 or 24
    - When in the SQL Server Error log an entry is added like: DBCC CHECKDB (DatabaseName) [some text, can vary every time] found 4 errors and repaired 0 errors. and the numer of errors >0

    Im new to Zabbix; I've already setup a Zabbix Appliance and succesfully created the log monitor

    I just don't seem to understand how to create the right expression using the syntax Zabbix needs
    Attached Files
    Tags: None
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4807
      #2
      What version of Zabbix you are using? Trigger syntax you are using seems to be for older versions (like 4...) but you probably have 6 x ? You need to check the manual for correct syntax...

        Comment

        • JeroenvanH
          Junior Member
          • Oct 2023
          • 4
          #3
          I'm using Zabbix 6.4.7. when I use the gui (Add besides the expression window to select the log as item I get:

          last(/SQLServer/log[C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Log\ERRORLOG,,utf-16,,,,,,])=0

          Which I can save without error

          I just dont understand how to construct the expression to ony trigger when the log-entry contains regexp ("Severity (19|20|21|22|23|24)") or for the other usecase "found X errors and repaired 0 errors" and where X < 0

          When I put the regexp between "ERRORLOG" and "utf-16" I also get an error (incorrect Item Key)

            Comment

            • cyber
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2006
              • 4807
              #4
              oh.. I must be sleepy...
              to find a value in acquired data, you should use "find" not "last"...
              https://www.zabbix.com/documentation...ctions/history
              find (/host/key,<(sec|#num)<:time shift>>,<operator>,<pattern>)
              Find a value match. See common parameters.

              sec or #num (optional) - defaults to the latest value if not specified

              operator (optional; must be double-quoted)

              Supported operators:
              eq - equal (default for integer, float)
              ne - not equal
              gt - greater
              ge - greater or equal
              lt - less
              le - less or equal
              like (default for string, text, log) - value contains the string given in pattern (case-sensitive)
              bitand - bitwise AND
              regexp - case-sensitive match of the regular expression given in pattern
              iregexp - case-insensitive match of the regular expression given in pattern

              Note that:
              eq (default), ne, gt, ge, lt, le, band, regexp, iregexp are supported for integer items
              eq (default), ne, gt, ge, lt, le, regexp, iregexp are supported for float items
              like (default), eq, ne, regexp, iregexp are supported for string, text and log items

              pattern - required pattern (string arguments must be double-quoted); Perl Compatible Regular Expression (PCRE) regular expression if operator is regexp, iregexp.              		 Supported value types: float, int, str, text, log

              Returns:
              1 - found
              0 - otherwise

              If more than one value is processed, '1' is returned if there is at least one matching value.

              With regexp or iregexp as the third parameter, the fourth pattern parameter can be an ordinary or global (starting with '@') regular expression. In case of global regular expressions case sensitivity is inherited from global regular expression settings.

              Example:
              => find(/host/key,10m,"like","error") → find a value that contains 'error' within the last 10 minutes until now

                Comment

                • JeroenvanH
                  Junior Member
                  • Oct 2023
                  • 4
                  #5
                  Thanks!

                  find(/SQLServer/log[C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Log\ERRORLOG,,utf-16,,,,,,],10m,"iregexp","Severity (19|20|21|22|23|24")=1

                  Now testing to see if severity 19-24 errors in the Errorlog are triggered

                    Comment

                    • cyber
                      Senior Member
                      Zabbix Certified SpecialistZabbix Certified Professional
                      • Dec 2006
                      • 4807
                      #6
                      make sure you have enough ()-s, currently seems to miss one from the end..

                        Comment

                        Previous template Next
                        Working...