Ad Widget

Collapse

One alert for several events in a period

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • arr1val
    Junior Member
    • Nov 2023
    • 6
    #1

    One alert for several events in a period

    Greetings.
    I use a trigger to monitor SUDO usage.
    Code:
    find(/monitor sudo/log[/var/log/auth.log,sudo],,"like","sudo: gitlab-runner")=1
    During auto-deploy, about 40+ messages are generated. Is it possible to configure sending one alert message when a trigger is fired instead of 40? May be there is a condition: events by trigger in a period of time, for example a minute?

    Zabbix 6.4.5
    Tags: alert, alerts
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4806
      #2
      You can add additional condition to your expression ... "and nodata(/monitor sudo/log[/var/log/auth.log,sudo],1m)=0"
      then trigger will react only, if there is no incoming data for at least a minute...

        Comment

        • arr1val
          #2.1
          arr1val commented
          13-11-2023, 15:40
          Editing a comment
          Thank you! I will try it.
        • arr1val
          Junior Member
          • Nov 2023
          • 6
          #3
          Originally posted by cyber
          You can add additional condition to your expression ... "and nodata(/monitor sudo/log[/var/log/auth.log,sudo],1m)=0"
          then trigger will react only, if there is no incoming data for at least a minute...
          Didnt help, zabbix continue to send alert messages for each event.

            Comment

            • dimir
              Zabbix developer
              • Apr 2011
              • 1080
              #4
              Consider voting for https://support.zabbix.com/browse/ZBXNEXT-39

                Comment

                Previous template Next
                Working...