Ad Widget

**irontmp** · 05-01-2024, 07:26

Originally posted by PliusZabbixMan

Hello,

I have a log file, that contains statistics of devices connected to a WiFi interface. The log file a device ID followed by the statistics.

I'm trying to find a way to monitor these statistics, but can't find a solution how to assign statistics to the device ID's.

Example log file:

Dec 29 10 ID:3085 Flows: 4083570 Packets: 417889869 Bytes: 542003885889 Sequence Errors: 0 Bad Packets: 0
Dec 29 10 ID:3088 Flows: 8209950 Packets: 730187808 Bytes: 905311900208 Sequence Errors: 0 Bad Packets: 0

So far I have created separate dependent items from the log file position:

ID regex - ID:*([0-9]+)

Regex for Flows, Packets, Bytes.... - Flows. ([0-9]+) Packets. ([0-9]+) Bytes. ([0-9]+) Sequence Errors. ([0-9]+) Bad Packets. ([0-9]+)

I'm having trouble assigning these items to their ID's for monitoring.

I've been looking into discovery rules, but don't see how to implement them for this use case.

To effectively monitor and assign statistics to device IDs from your log file, you can consider using regular expressions and creating a parsing script or using a tool that supports log parsing and monitoring. Here's a general approach:

Regex for Device ID:
- Create a regex to extract the device ID from each log entry. It seems like you've already done this: ID[0-9]+)
Parsing Script:
- Develop a script (Python, Bash, etc.) to read the log file, extract the device ID using the ID regex, and then extract the statistics using the regex for Flows, Packets, Bytes, etc.
- Associate the statistics with the corresponding device ID, and you can store or display them as needed.

Example Python script:
pythonCopy code
import re log_file_path = "your_log_file.log" with open(log_file_path, "r") as file: for line in file: device_id_match = re.search(r'ID

[0-9]+)', line) if device_id_match: device_id = device_id_match.group(1) flows_match = re.search(r'Flows: ([0-9]+)', line) packets_match = re.search(r'Packets: ([0-9]+)', line) bytes_match = re.search(r'Bytes: ([0-9]+)', line) sequence_errors_match = re.search(r'Sequence Errors: ([0-9]+)', line) bad_packets_match = re.search(r'Bad Packets: ([0-9]+)', line) if flows_match and packets_match and bytes_match: flows = flows_match.group(1) packets = packets_match.group(1) bytes_data = bytes_match.group(1) sequence_errors = sequence_errors_match.group(1) if sequence_errors_match else "0" bad_packets = bad_packets_match.group(1) if bad_packets_match else "0" # Now you have device_id, flows, packets, bytes_data, sequence_errors, bad_packets # You can process or store this information as needed.

Monitoring System Integration:
- If you're using a monitoring system (like Zabbix, Nagios, etc.), you can use the script or create a custom integration to feed these metrics into your monitoring system.

Remember to adapt the script based on your specific needs and the structure of your log file. This approach allows you to process the log entries, associate statistics with device IDs, and integrate them into your monitoring system for ongoing analysis.

**cyber** · 05-01-2024, 13:01

Originally posted by PliusZabbixMan

I've been looking into discovery rules, but don't see how to implement them for this use case.

Discovery needs json. if you could somehow format your initial data as decent CSV, commas et al... then you can use preprocessing, csv to json, and then use that json also to extract all data for each device by giving correct jsonpath...

**PeterZielony** · 06-01-2024, 20:40

Discovery works with initial json format that will create "devices" and then you can feed data to it.

Without Discovery you could assign "hardcode" data to each item/host with log and filter by name (or id of device) but it doesnt scale very well and in general bad practice.

https://www.zabbix.com/documentation...stom-lld-rules

**PliusZabbixMan** · 08-01-2024, 15:26

Update:

After consulting some other people, this is what I achieved:

1.Set up a discovery rule and used preprocessing JS script to make TXT format into JSON. Example: [{"{#DEVICE_ID}":"3085"},{"{#DEVICE_ID}":"3088"},{" {#DEVICE_ID}":"3089"},{"{#DEVICE_ID}":"3090"},{"{# DEVICE_ID}":"3091"}]
2.Set up Item prototypes for each variable that I want to monitor.

The thing I'm stuck on is how to tell zabbix to use {#DEVICE_ID} to discover the IDs. Should I use LLD macros section? If so what would be the JSONPath "$.path.to.node" that I should use?

**PeterZielony** · 08-01-2024, 16:34

look at this thread - quite similar to what you want. I've done an example template with which you can download and see the structure of how it can be done:

https://www.zabbix.com/forum/zabbix-...ule#post475958
you have preprocessing that converts data into json - add values too in pre-processing to feed them through (and you don't need userparameters scripts) as a normal item and then based on that create a dependent item for discovery. Then item prototype will take json path for values for each item prototype (dependent item from the original JSON you are pooling originally) for {#DEVICE_ID}.

your processed json (this is formatted ver) could look like this:
[
{
"{#DEVICE_ID}": "3085",
"{#FLOWS}": "4083570",
"{#PACKETS}": "417889869",
"{#BYTES}": "542003885889 ",
"{#SEQ_ERRORS}": "0",
"{#BAD_PACKETS}": "0",
}, {
"{#DEVICE_ID}": "3086",
"{#FLOWS}": "4083570",
"{#PACKETS}": "417889869",
"{#BYTES}": "542003885889 ",
"{#SEQ_ERRORS}": "0",
"{#BAD_PACKETS}": "0",
}
]

**PliusZabbixMan** · 09-01-2024, 15:58

Stuck at Item prototypes, any help would be appreciated. I feel so close, yet so far....

**PeterZielony** · 09-01-2024, 16:29

Originally posted by PliusZabbixMan

Stuck at Item prototypes, any help would be appreciated. I feel so close, yet so far....

it is right there:

btw you need all info in this json to make it properly.

in template you should have:
1) item that read file - and with preprocessing produces json with all data including metrics - yours doesn't need it as you do read it and transform as json but you need to tweak it to produce all values with each read to make it work properly (there are other ways but will be too complex at this stage)
2) discovery - dependent on item in 1) with filtering etc. (look at example template)
3) item prototype based on macro with json path for values (again look at this example) - dependent item again from 1)
4) any additional triggers prototypes

note: when you use preprocessing this way as you did - you lose all metric data and you keep only device ID. You need to have (ideally) all metrics available - otherwise you would need to read them again

**PliusZabbixMan** · 09-01-2024, 16:44

Ahh I missed that there is a 2cnd page. Sorry for the goof. Also I didn't restart my restart my agent. I'll start with that. Anyway working hours are done, so I won't have access to my server. I'll try it out tomorrow and post an update.

Thank you for your help!

**PliusZabbixMan** · 10-01-2024, 09:50

Is it possible the template is "private" or something of sorts? I only see the photo in the attachments.

Attached Files

**PliusZabbixMan** · 10-01-2024, 11:04

Update:

Here is what I've done based on the tips you provided in your last comment:

Converted the log item from TXT format to JSON, instead of converting it in discovery rule.

Then I made a discovery rule to discover ID's

**PliusZabbixMan** · 10-01-2024, 11:10

Then I made Item prototypes for each variables. I'll only post "Flows" since the differences are minimal:

Full $.path.to.node:

$.devices[?(@.DEVICE_ID == {#DEVICE_ID})].DEVICE_FLOWS

The other prototypes are the same, just change FLOWS for PACKETS, etc.

Sadly no Items are being picked up / discovered:

**PliusZabbixMan** · 10-01-2024, 11:19

Could it be related to the item key reading the log 1 line at a time?

The discovery rule throws this error as well:

Cannot find the "data" array in the received JSON object.

**cyber** · 10-01-2024, 11:52

Remember, item key has to be unique. When you add prototype, please make that key also unique, not just name... "device.flows[{#DEVICE_ID}]"

**PeterZielony** · 10-01-2024, 12:03

also i might be wrong on this one as I never did it with a formatted JSON (not sure if it matters - always worked on non formatted ones)

Formatted means - easy to read but I don't know if zabbix can read it. Json might need to be in format without spaces and no new lines - something like this (just example) :

[{"{#DEVICE_ID}":"3085","{#FLOWS}":"4083570","{# PAC KETS}":"417889869","{#BYTES}":"542003885889 ","{#SEQ_ERRORS}":"0","{#BAD_PACKETS}":"0",},{ "{#D EVICE_ID}":"3086","{#FLOWS}":"4083570","{#PACKETS} ":"417889869","{#BYTES}":"542003885889 ","{#SEQ_ERRORS}":"0","{#BAD_PACKETS}":"0",}]

not like this:
[{
"{#DEVICE_ID}": "3085",
"{#FLOWS}": "4083570",
"{#PACKETS}": "417889869",
"{#BYTES}": "542003885889 ",
"{#SEQ_ERRORS}": "0",
"{#BAD_PACKETS}": "0",
}, {
"{#DEVICE_ID}": "3086",
"{#FLOWS}": "4083570",
"{#PACKETS}": "417889869",
"{#BYTES}": "542003885889 ",
"{#SEQ_ERRORS}": "0",
"{#BAD_PACKETS}": "0",
}
]

Ad Widget

Logfile device discovery

Logfile device discovery

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment