Ad Widget

**Calimero** · 09-03-2009, 14:14

Err ... how do you expect zabbix to perform algebra on alphanumeric characters ?

string1 + string2 = ???

**tekknokrat** · 09-03-2009, 16:24

OK, seems I've missunderstood function sum. I thought it sums up the values (in my case the matchings of the regex). What trigger function is then more appropriate to what I want to achieve?

**aivarss** · 09-03-2009, 16:31

You may want use count for this. See detailed description in Zabbix manual.

**Calimero** · 09-03-2009, 16:42

And .count()'s abilities in terms of regexp are quite limited as it's just passed onto MySQL as a "LIKE" statement.

In zabbix 1.6.1 you even have to specify % % yourself if you want to find a string in the middle of a log line. It took me a while and some Debug=5 to understand it.

We use triggers like this one:
{Template_XXX:log[/var/log/some.log,ERROR|FATAL]. count( 180,%Unable to Open connection to database% ) }>2

1/ Only lines containing ERROR or FATAL are sent to zabbix_server
2/ If more than two "Unable to Open connection to database" strings are found over the last 180sec, trigger goes ON.

Depending on your "log flow" you may have to add an extra dummy condition using time() or now() or the trigger won't reset itself. Depends on what you want.

**tekknokrat** · 09-03-2009, 16:49

Originally posted by aivarss

You may want use count for this. See detailed description in Zabbix manual.

Yes. just stumbled about this. I wonder how I do implement this.

The description for first example is clear but I dont understand the second one:

Code:

count(#10,12,”gt”) will return exact
number of values which are more
than ‘12’ stored in the history among
last 10 values.

What last 10 values?

**aivarss** · 09-03-2009, 17:07

Sorry, don't saw this line: "The trigger should be set as soon as an entry appears in logfile. "

regexp should be better for you..

regexp: Check if last value matches regular expression. Parameter defines regular expression, Posix style.
Returns:
1 – found
0 - otherwise

**tekknokrat** · 09-03-2009, 17:50

Originally posted by Calimero

And .count()'s abilities in terms of regexp are quite limited as it's just passed onto MySQL as a "LIKE" statement.

In zabbix 1.6.1 you even have to specify % % yourself if you want to find a string in the middle of a log line. It took me a while and some Debug=5 to understand it.

We use triggers like this one:
{Template_XXX:log[/var/log/some.log,ERROR|FATAL]. count( 180,%Unable to Open connection to database% ) }>2

1/ Only lines containing ERROR or FATAL are sent to zabbix_server
2/ If more than two "Unable to Open connection to database" strings are found over the last 180sec, trigger goes ON.

Depending on your "log flow" you may have to add an extra dummy condition using time() or now() or the trigger won't reset itself. Depends on what you want.

This approach looks interesting. But what I need is only a check if a string exists in logfile and that is already done via the item itself. The trigger should only result how often (in an interval) the line occurs.

Dont you think this will work?:

Code:

{TMPL_SCG_LOGGING:log[/var/log/192.168.102.32/syslog,heartbeat\ missed].count(600,1,"gt")}>1

Using time interval would imo also reduce the neccessity of a dummy condition for disabling trigger.

**tekknokrat** · 09-03-2009, 17:53

Originally posted by aivarss

Sorry, don't saw this line: "The trigger should be set as soon as an entry appears in logfile. "

regexp should be better for you..

regexp: Check if last value matches regular expression. Parameter defines regular expression, Posix style.
Returns:
1 – found
0 - otherwise

That would be a double usage of regex. It seems to make no sense to have a regex check first in the item part and then map this function with the same regex in a trigger.
But If count() not work like I except I have to think about it...

**Calimero** · 09-03-2009, 18:39

Originally posted by tekknokrat

Dont you think this will work?:

Code:

{TMPL_SCG_LOGGING:log[/var/log/192.168.102.32/syslog,heartbeat\ missed].count(600,1,"gt")}>1

Using time interval would imo also reduce the neccessity of a dummy condition for disabling trigger.

.count(600) to get the raw number of lines over the last 10 minutes.

.count(600,1,"gt") means "the number of numeric values greater than 1" which is meaningless for log entries.

**tekknokrat** · 09-03-2009, 21:16

Originally posted by Calimero

.count(600) to get the raw number of lines over the last 10 minutes.

.count(600,1,"gt") means "the number of numeric values greater than 1" which is meaningless for log entries.

First sounds good - I will try that, thanks.

**tekknokrat** · 11-03-2009, 01:29

.count(600)

Works nice for what I want. Why is the count() function not in dropdown list in frontend? Also I could find no entry in documentation for above example.

**Calimero** · 11-03-2009, 10:28

It is (at least in 1.6.1).

It's called: Number of successfully retrieved values V for period of time T < > = # N.

.count() is documented on page 125 from the PDF manual. Parameters #2 and #3 are described as optional.

**tekknokrat** · 11-03-2009, 14:31

Originally posted by Calimero

.count() is documented on page 125 from the PDF manual. Parameters #2 and #3 are described as optional.

ok, missed that part

Ad Widget

Logwatch Trigger

Logwatch Trigger

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment