Ad Widget

Collapse

Trigger for Eventlog, Severity query

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • sined
    Junior Member
    • Apr 2023
    • 2
    #1

    Trigger for Eventlog, Severity query

    Hello

    Not really a problem, but rather a big board in front of my head.

    I am trying to monitor an event log. (Veeam).
    Under the log "Veeam Backup" I find everything I need under ID 0. I have a separate item for each job, which then looks like this:
    eventlog[Veeam Backup,.*VM.*,,Veeam Backup,0,,all]

    Thus, the above-mentioned item history contains, for example, the following:
    Timestamp Local time Source Severity Event ID Value
    2023-04-25 08:21:13 2023-04-25 08:20:22 Veeam Backup Error 0
    Session HQ VM's (Incremental) has been completed.
    2023-04-25 00:22:03 2023-04-25 00:21:49 Veeam Backup Information 0
    Session HQ VM's (Incremental) has been completed.

    The text always says that it has been completed, and under Severity whether it went wrong "Error" or worked "information".

    How can I build a trigger now? I thought of something like:
    If the last log entry is Severity = Error, then a message is displayed until the last log entry is Severity <> Error.

    Or do you have another idea?

    I have tested the existing Veeam templates, but they do not work with my setup (S2D server).

    Translated with www.DeepL.com/Translator (free version)​
    Tags: None
    • Answer selected by sined at 26-04-2023, 10:45.
      cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4807
      logseverity is the function you may try.
      logseverity (/host/key,<#num<:time shift>>)
      Log severity of the last log entry. See common parameters.

      #num (optional) - the Nth most recent value      		 Supported value types: log

      Returns:
      0 - default severity
      N - severity (integer, useful for Windows event logs: 1 - Information, 2 - Warning, 4 - Error, 7 - Failure Audit, 8 - Success Audit, 9 - Critical, 10 - Verbose).
      Zabbix takes log severity from Information field of Windows event log.
        • Selected Answer

        Comment

        • cyber
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Dec 2006
          • 4807
          #2
          logseverity is the function you may try.
          logseverity (/host/key,<#num<:time shift>>)
          Log severity of the last log entry. See common parameters.

          #num (optional) - the Nth most recent value          		 Supported value types: log

          Returns:
          0 - default severity
          N - severity (integer, useful for Windows event logs: 1 - Information, 2 - Warning, 4 - Error, 7 - Failure Audit, 8 - Success Audit, 9 - Critical, 10 - Verbose).
          Zabbix takes log severity from Information field of Windows event log.
            • Selected Answer

            Comment

            • sined
              Junior Member
              • Apr 2023
              • 2
              #3
              Thanks Cyber, this is what I was looking for!

                Comment

                Previous template Next
                Working...