Ad Widget

**tcilmo** · 22-02-2018, 20:04

Originally posted by assassin7

I am using zabbix to monitor log file on my network for keywords like error failed and warning while using the

log["/tmp/test/test-monitoring.log","error",,1]

But what happens currently is that when zabbix see the keyword "error" than log it in the latest data area which is fine

But the issues is for some errors though the error line gets archived in zabbix. But the actual problem that need to be fixed gets outputted in the following lines after the keyword error has displayed

for example I run oracle db on my home network and for oracle log files

An error will be outputted as:

ERROR | Java.extension0824 jboss.exemption status

So the error line above will be archived into the latest data

however the next line following it will say

"INFO Cannot verify database schema"

which means the app using the database cannot connect or find the database

but that line wont get archived into zabbix which makes troubleshooting very difficult

So currently my zabbix is archiving only the line with keyword "error" in it only

So I need Help figuring out
is there a way to have zabbix not only grab the line with the keyword error in it but to also grab the next 20 or 30 line after the keyword error has displayed?

The eventlog item does not have that type of capability. You should make a feature request.

Sounds like you need a true log monitoring solution such as ELK, Splunk, etcs.

**zabbixei** · 16-03-2018, 17:13

Hello,

I am trying to do something similar but i am not getting any data. not sure what i am doing wrong or missing there.

my item setting is attached: Looking for keyword Notinstalled. Can you also explain a bit more how you have set up your log key or if you have any triggers configured.

Thank you!

Attached Files

**assassin7** · 09-04-2018, 12:34

There are 2 ways that I know of to monitor a log file that work for me

one way is to just ingest the entire log file as entries into zabbix so basically you cold grab all logged inform in the logs and archive it into zabbix

key:log[/var/log/messages]

key above will have zabbix just ingest the entire logs

makes it so you wont have to look into the problem machine to view the log file you could just filter it in zabbix.

pro: to that you wont have to log into remote host for read the logs

con: is you may overload your database especially if you have multiple logs you are monitoring

2.

key:log[/var/log/messages,warning]

this just allows zabbix to monitor the logs for only the word warning so all entry get entered with error the that shows the word warning

pro: you have a keyword that zabbix can look for instead of reading the entire log file
con: finding the keyword to monitor for

Ad Widget

zabbix log monitoring HELP!!!

zabbix log monitoring HELP!!!

Comment

Comment

Comment