Hello all,
i'm trying to get Zabbix to be able to read log files, which is working, but not completely as I was hoping for.
The goal is to use a matching filter to filter out the desired lines from a log file, but not if the non-matching filter also matches.
Think of it like reading a log file for entries "virus found" vs "no virus found", where entries should trigger an alert is matched with "virus found" , but not if the line reads "no virus found".
However, I'm struggling to get the logic of the item and trigger operational.
For the item itself, I can get it working by only using the positive match found, but I fail to see how to implement the check for the negative match.
When I change the value of {$LOG_FILTER.RESULT} to "(skipping)" (without quotes), the item and trigger work, but that's only half the story. It seems to not be possible to reference a macro from another macro?
How can I get a positive match and negative match operational at the same time?
Thank you in advance for any possible solution and/or hint
i'm trying to get Zabbix to be able to read log files, which is working, but not completely as I was hoping for.
The goal is to use a matching filter to filter out the desired lines from a log file, but not if the non-matching filter also matches.
Think of it like reading a log file for entries "virus found" vs "no virus found", where entries should trigger an alert is matched with "virus found" , but not if the line reads "no virus found".
However, I'm struggling to get the logic of the item and trigger operational.
For the item itself, I can get it working by only using the positive match found, but I fail to see how to implement the check for the negative match.
When I change the value of {$LOG_FILTER.RESULT} to "(skipping)" (without quotes), the item and trigger work, but that's only half the story. It seems to not be possible to reference a macro from another macro?
How can I get a positive match and negative match operational at the same time?
Thank you in advance for any possible solution and/or hint
Comment