Hi,
I'm monitoring some log file with zabbix_agent.
Item is set to type "Zabbix Agent (active)", with data type "Log".
Logs are collected.
At first, I wrote the following trigger:
the nodata(0) function is here to have zabbix evaluate the trigger every 30secs.
Except that it just wouldn't work/match even though I definitely had the very message the trigger is looking for among log lines.
I set DebugLevel to 4 on zabbix_server, and delved into the source code and logs and found out that zabbix_server does the following:
I rather expected zabbix_server to use like '%Authorization error%'
Is it really intended to have "strict matching" ?
Anyway, I solved my problem by rewriting my trigger:
I'm monitoring some log file with zabbix_agent.
Item is set to type "Zabbix Agent (active)", with data type "Log".
Logs are collected.
At first, I wrote the following trigger:
Code:
({Temp_POOL_PAYMENT:log[/data/www/payment/logs/confirmation.log].count(900,"Authorization error")}>0)
&
({Temp_POOL_PAYMENT:log[/data/www/payment/logs/confirmation.log].nodata(900)}=0)
Except that it just wouldn't work/match even though I definitely had the very message the trigger is looking for among log lines.
I set DebugLevel to 4 on zabbix_server, and delved into the source code and logs and found out that zabbix_server does the following:
Code:
Query [select count(value) from history_log where itemid=23136 and clock>1228819896 and value like 'Autorization error']
Is it really intended to have "strict matching" ?
Anyway, I solved my problem by rewriting my trigger:
Code:
({Temp_POOL_PAYMENT:log[/data/www/payment/logs/confirmation.log].count(900,"[B]%[/B]Authorization error[B]%[/B]")}>0)
&
...