Ad Widget

Collapse

Log file monitoring not working as expected

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • slawrence
    Junior Member
    • Nov 2018
    • 2
    #1

    Log file monitoring not working as expected

    Hi

    I am trying out log file monitoring. The server is running Zabbix 3.0.23. This is the key to my (active agent) item...

    log[/tmp/testlog2,error,,,skip]


    Initially, testlog2 has just two lines.

    line 1 - all good
    line 2 - error

    As expected I see line 2 in the item history.

    If I now add a third line to the log file containing the string 'error' then both line 3 AND line 2 is returned for the item. My item history now looks like...

    test_server: Test log2 monitoring
    2018-11-28 14:28:11 1543415291 line 3 - error 2018-11-28 14:28:11 1543415291 line 2 - error 2018-11-28 14:24:11 1543415051 line 2 - error
    I expected only line 3 to be added to history at 14:28. Am I wrong in thinking that? Zabbix agent on the monitored host is version 3.4.8


    Thanks.

    Tags: None
    • ArtursL
      Senior Member
      Zabbix Certified Trainer
      Zabbix Certified SpecialistZabbix Certified Professional
      • Nov 2018
      • 167
      #2
      Could it be that the "Date modified" Attribute of the file was changed without changing the contents of the file, some time between the first two lines were written and the third line was added? (ex. by using the "Touch" command)
      Changing the "Date modified" of a log file without an increase in the log file size would trigger a re-read of the file from the beginning.

        Comment

        • slawrence
          Junior Member
          • Nov 2018
          • 2
          #3
          No, that's not the case here. The only time the timestamp would have changed was when I added the third line. Also, agent wasn't restarted before adding that third line.
          Anyway, does just an update of a timestamp cause the whole file to be read again? I thought the agent kept track of the last line number examined.

            Comment

            • ArtursL
              #3.1
              ArtursL commented
              29-11-2018, 11:35
              Editing a comment
              If a timestamp is updated without any changes to the file size within a certain time-frame, Zabbix assumes that a new file with the same name and file size has been generated and reads it from the start.
            Previous template Next
            Working...