hi all,
I am in the process of testing and evaluating Zabbix. It seems to have nice features for monitoring and graphing numerical values, and I also like its powerful agents.
However, I have also come across an issue that seems cumbersome to address with Zabbix, and maybe more experienced users can provide some suggestions and recommendations.
I would like see an ability for receiving and displaying events from external applications. Suppose you have an application that logs messages to syslog with different levels (e.g., info, notice, warning, err and crit), and you would like to display all
syslog info and notice messages as Information events, warning syslog messages as Warning events, err syslog messages as Average events, and crit syslog messages as High events.
Can I do this with Zabbix reliably? I don't want Information event to set the application status to NORMAL if previous Warning, Average or High events have been received, since the Information event might not concern previous error events. Also, I don't have a hardcoded list of all possible error events with respective clear messages, but I would rather like to set the state of an application based on the most critical message not acknowledged by the operator (like it is done in HP OpenView Operations). Can this be achieved?
I tried to create the Zabbix trapper item and play with zabbix _sender, but it doesn't quite allow for the functionality I want -- when I forward several distinct error events to Zabbix through Zabbix sender, the details of all events in the Events window are set according to the last event. However, I would like to keep the syslog message text intact for each distinct message. I first used macro in the trigger name for passing the whole syslog message text (set from the regular expression), but when the macro value changes, the Description field will change for *all* previously received events. This is not what I want
Is there a way for receiving syslog events (or any other events) through a single trigger and displaying them all as events, retaining the values for previous error events?
kind regards,
risto
I am in the process of testing and evaluating Zabbix. It seems to have nice features for monitoring and graphing numerical values, and I also like its powerful agents.
However, I have also come across an issue that seems cumbersome to address with Zabbix, and maybe more experienced users can provide some suggestions and recommendations.
I would like see an ability for receiving and displaying events from external applications. Suppose you have an application that logs messages to syslog with different levels (e.g., info, notice, warning, err and crit), and you would like to display all
syslog info and notice messages as Information events, warning syslog messages as Warning events, err syslog messages as Average events, and crit syslog messages as High events.
Can I do this with Zabbix reliably? I don't want Information event to set the application status to NORMAL if previous Warning, Average or High events have been received, since the Information event might not concern previous error events. Also, I don't have a hardcoded list of all possible error events with respective clear messages, but I would rather like to set the state of an application based on the most critical message not acknowledged by the operator (like it is done in HP OpenView Operations). Can this be achieved?
I tried to create the Zabbix trapper item and play with zabbix _sender, but it doesn't quite allow for the functionality I want -- when I forward several distinct error events to Zabbix through Zabbix sender, the details of all events in the Events window are set according to the last event. However, I would like to keep the syslog message text intact for each distinct message. I first used macro in the trigger name for passing the whole syslog message text (set from the regular expression), but when the macro value changes, the Description field will change for *all* previously received events. This is not what I want
Is there a way for receiving syslog events (or any other events) through a single trigger and displaying them all as events, retaining the values for previous error events?
kind regards,
risto