Ad Widget

Collapse

Setting trigger for 1h duration

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Riccardo Spuri
    Junior Member
    • Oct 2013
    • 6
    #1

    Setting trigger for 1h duration

    Hi everyone,
    I created a trigger for analyzing a log and set the skip parameter in the item.
    I set the trigger to signal when the word "Hardware Error" is inside the file and I would like this to remain active for about 1h, but having enabled the skip parameter, this is closed when the next line is written.
    Is there a way to keep the log open for a specific time?
    Below is the trigger configuration:

    find(/pippo/log[/appoggio/monitor.log,,,,skip],,,"Hardware Error")=1

    Thank you so much

    Best regards
    Riccardo
    Tags: None
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4806
      #2
      "skip" is for newly created items only. It tells agent to start looking from that moment in logfile and not read whole logfile from beginning. It has nothing to do with your trigger closing.
      Your trigger activates, if string is found in last value and is closed when it is not found any more. I.e. closing it with next line is absolutely normal.
      If you want to keep that trigger active for an hour, then you need to add "sec or #num" parameter to "find"... find(/pippo/log[/appoggio/monitor.log,,,,skip],1h,,"Hardware Error")=1. this means activate trigger, if during last 1h time there is "hardware error" found. Warning: if some more matching strings are found after trigger activation, trigger will close 1h after last one is found...

        Comment

        • Riccardo Spuri
          Junior Member
          • Oct 2013
          • 6
          #3
          Originally posted by cyber
          "skip" is for newly created items only. It tells agent to start looking from that moment in logfile and not read whole logfile from beginning. It has nothing to do with your trigger closing.
          Your trigger activates, if string is found in last value and is closed when it is not found any more. I.e. closing it with next line is absolutely normal.
          If you want to keep that trigger active for an hour, then you need to add "sec or #num" parameter to "find"... find(/pippo/log[/appoggio/monitor.log,,,,skip],1h,,"Hardware Error")=1. this means activate trigger, if during last 1h time there is "hardware error" found. Warning: if some more matching strings are found after trigger activation, trigger will close 1h after last one is found...
          Hi Cyber,
          now it's ok.
          Thank you so much.

            Comment

            Previous template Next
            Working...