Ad Widget

Collapse

Windows event logs triggers

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • servant-frost
    Junior Member
    • Apr 2021
    • 19
    #1

    Windows event logs triggers

    Hello all. I am working with Windows Event Logs on a Zabbix 6 server. Test client is a Win10 with Zabbix agent active.

    Currently, I have an item,
    Code:
    eventlog[Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational,,,,1149,,skip]
    and a trigger
    Code:
    logeventid(/Windows/eventlog[Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational,,,,1149,,skip])=1
    This works exactly as expected. It will generate a single alert for a single event log entry. However, if I add this to the trigger, it will generate a new alert every 30 seconds even if the previous triggers are closed.
    Code:
    and
(time()>=070000 or time()<=183000)
    I don't want to set the trigger to be a single alert because there may be 30 different users that have this and a single alert on a single system will only trigger for the first one.

    The goal is to be able to create different triggers based on the time of day.
    ​​​​​​​I appreciate any help on this.
    Tags: None
    • LenR
      Senior Member
      • Sep 2009
      • 1005
      #2
      Isn't (time()>=070000 or time()<=183000) always true? 000000 is <= 18300 and 190000 is >= 0700000.

        Comment

        • servant-frost
          Junior Member
          • Apr 2021
          • 19
          #3
          I thought time was calculated from 000000 so that you could use 2 to create a period of time. My goal is to establish working hours from 0700 to 1830.
          If this isn't the correct way to create a time period, what is the correct way?

          But even if that is true, it doesn't explain why the trigger begins firing every 30 seconds. Doesn't the skip mean don't go back and look for already found event IDs in this case?

          I appreciate it.

            Comment

            • cyber
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2006
              • 4807
              #4
              There should be AND. Your time() has to match conditions on both sides... As LenR pointed, it is always true right now. Simple boolean operators.. TRUE or FALSE => TRUE, TRUE and FALSE => FALSE https://en.wikipedia.org/wiki/Boolea...ean_operations

              Time based triggers are recalculated every 30 seconds. As your time condition currently is always true, you will get new ticket every 30 sec.​
              Last edited by cyber; 12-01-2023, 10:25.

                Comment

                • servant-frost
                  Junior Member
                  • Apr 2021
                  • 19
                  #5
                  Thank you very much. That was a stupid mistake on my part. I am sorry to waist everyone's time on that.

                    Comment

                    Previous template Next
                    Working...