We are using vmware.eventlog to monitor for alarms within our vCenters. (We have one item using vmware.eventlog to collect the data, and 15 triggers, each for the specific alarm we want.)

vmware.eventlog doesn't have any sort of filtering, so it picks up everything. That's not necessarily a problem, except if you include {ITEM.VALUE} in the name of the trigger, Zabbix doesn't necessarily return the value that actually matched the trigger. {ITEM.VALUE} is the most recent value in the data set, which may be something else. (We found this when the {ITEM.VALUE} it put in the trigger name was actually the monitoring account logging on, rather than the message that told us what ESX host was having a memory issue.)

Is there any way to get Zabbix to send the event log message that actually caused the trigger to fire? If not, is there a way to build another item that reads the event log data that Zabbix already collected for the various regular expressions we need to alert on? (For a regular log, we'd have a logrt item that would specify the 'bad' things we want to alert on. But vmware.eventlog doesn't have any filtering, so you have to collect everything.)

Thanks.