Zabbix Log Monitoring - How to extract "keyword" in action

vigneshn

Junior Member

Joined: Jan 2018

Posts: 17
#1

Zabbix Log Monitoring - How to extract "keyword" in action

27-02-2018, 11:43

I want to create an Item for log monitoring, use 1 common trigger for all matching keywords and use Action to extract the "keyword" dynamically.

Item:
logrt["/tmp/messages$","error|Timeout|down|fail|LED|fmd|duplic ate|write|Manual|process is stuck|Deasserted|Device Absent|V-14-1-10205",,100]

Trigger if string is identified and close the alert in 30 minutes:
str() > 0 and nodata(30m)=0

Queries:
1. Will above solution work and create multiple alerts?
2. What is the impact if this is monitored across 3000 client servers?
3. How to extract the "keyword" dynamically and use it in automated actions?

Thanks.
Tags: None
vigneshn

Junior Member

Joined: Jan 2018

Posts: 17
#2

02-03-2018, 08:45

I managed to extract the value of the item (the exact log line that triggered the alert) in Actions by adding the below parameters in "Operations" of the Action and passing it as script parameters in the Media:

Item Value: {ITEM.VALUE}
Item Lastvalue: {ITEM.LASTVALUE}

I still want to understand how much performance impact the log monitoring in 3000 UNIX servers will have in the Zabbix agents and the Zabbix proxy/server components. Any suggestion or feedback is welcome.

Thanks.
Comment

Ad Widget