Ad Widget

**cyber** · 28-02-2024, 10:40

nodata(/host/log[/var/log/file.log,ACOMPANHAMENTO,,,skip],5m)=0
Fires when your item receives a value and keeps it open for 5 minutes, if no new values come in... (closes 5m after last received value)

**ocarlossouza** · 28-02-2024, 15:34

Thanks for answer.
Can I deploy a argument (ITEM) to ignore case distinctions between upper and lowercase?

**cyber** · 28-02-2024, 18:01

This trigger expression only looks for data being present, it does not look what data contains.

**ocarlossouza** · 29-02-2024, 04:09

Hi,
Regarding my question about item, I am creating a regular expression for this, it is almost ready. I will post here when finished.

**ocarlossouza** · 21-03-2024, 16:44

Hi, everyone.
I just adapted my scenario and now I'm using this way: system.run[grep -i "erro de acesso memoria" /var/log/file.log]
With this I resolved my case sensitive issue, my question: What would be the best way to generate a trigger when this data entry was captured by this item?

**rdf.8888** · 21-03-2024, 23:13

Originally posted by ocarlossouza

Hi, everyone.
I just adapted my scenario and now I'm using this way: system.run[grep -i "erro de acesso memoria" /var/log/file.log]
With this I resolved my case sensitive issue, my question: What would be the best way to generate a trigger when this data entry was captured by this item?

Você pode fazer um pre processamento em seu item, seria até melhor para seu banco e verificar em um periodo de tempo quantos 'erro de acesso' houve em um periodo de tempo.

Você pode utilizar regex para fazer o pre processsamento, caso retorne verdadeiro a resposta seja 1 caso não a resposta é 0.

**cyber** · 22-03-2024, 09:12

Originally posted by ocarlossouza

Thanks for answer.
Can I deploy a argument (ITEM) to ignore case distinctions between upper and lowercase?

Seems I did not understand you correctly at the time... You were asking about case sensitivity of the item..

log[/var/log/file.log,(?i)ACOMPANHAMENTO,,,skip] gives you that..

Using grep from command line will always read full logfile and give you all matches, that you probably already picked up... So your option to trigger something is only based on change of amount of lines. It would make more sense to use "grep -ic" in that case to return number of matches instead of all matches. Or go back to zabbix built in key, use logrt.count, which also takes care of rotated logs...

**ocarlossouza** · 22-03-2024, 17:35

Hi,
My problem with querying the log is that it is case sensitive. For example, I may have the phrase: access error or Access Error, for both I need to be informed if this phrase appears. My new scenario is:
system.run[tail -n 1000 /var/log/file.log | grep -i "erro de acesso a memoria"]

With this I can understand if this happened in at least a certain number of lines.

Ad Widget

Create trigger for log input

Create trigger for log input

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment