Hello,

Can you explain your problem more detail ? with every new "error" entry in the log file you are getting all older "error" entries every time as well ?

Regards
Kaspars

with every new "error" entry in the log file you are getting all older "error" entries every time as well .....yes exactly .
my requirement is need only new error entry in the last item value.

Rereading log file every time from the start means that agent "thinks" it is a new file.
Try to investigate what causes it.
How does application write into log file ? Is it opened, appended with a new record and closed ?
Does application change log file modification time without writing a new record ?
Is there any program which somehow manipulates log file modification time ?
How is log file rotation done ? Is it a "normal" rotation (i.e. "mv log log1"), copy-truncate rotation or something else ?

seems you question is giving me the answer ,seems there is a log writing procedure ,i will check this in application side later but now when i try to execute this command "echo "this is the 12th error log" >> 3dx.171207_072365.log" it is working as my requirement

Help

Hello I need to help I have been troubleshooting for days. I have been trying to get zabbix to monitor the log files. For this test I am having zabbix monitor a file in /var/log/test-dir/ called test.log.

So far I am trying to get it so that every time the word error is outputted in the test.log file. It logs it in the Latest data or triggers sections Just like you have it in your display picture in the latest data on your server. However every time I run the command echo "This is an Error" >> test.log. Then check the latest data or the triggers in monitoring tab I do not seen anything at all. not even a timestamp.

Please I want to know how to get this to work. Let me know if I have done anything wrong or have forgotten anything.

Yes I do have the permissions set correctly on the directory and the log file they both are owned by zabbix.


item

name: check test-log

type: zabbix-agent(active)

key: logrt["/var/log/test-dir/test.log", "error",,1]

type of info: Log

Trigger

name: Check error in test log

expression: {tzab-agent.test-server.local:logrt["/var/log/test-dir/test.log", "error",,1].nodata(600)}=0

please help

for single file you need to make the ITEM with log instead of logrt.

I tried your suggest to

I did change the function from logrt to log still nothing display in the latest data I attach my photos of everything

item

name: check test-log

type: zabbix-agent(active)

key: log["/var/log/test-dir/test.log", "error",,1]

type of info: Log

Trigger

name: Check error in test log

expression: {tzab-agent.test-server.local:log["/var/log/test-dir/test.log", "error",,1].nodata(600)}=0

can you check the item information ,is there any unsupported or other error in the item? if there is no error then try to generate some new error log line in the file.

ok now when I go into latest data. I check on "show items without data" and "show detail"

I now see my items however when I run the command echo "This is an error" >> /var/log/test-dir/test.log than click on history it does not show anything logged in it.

But next to my item it in the latest data section I see a red "x" and when I hover over it, it show "Accessible only as a active check" But the item is set to zabbix-agent(active).

please configure hostname matching with host configuration in the agent config file

Thanks I figured it out

for some reason the zabbix-agent.log was not properly logging any errors. So I uncommented EnableRemoteCommands in the zabbix-agent.conf than restart the zabbix-agent service . Than I saw that agent was not able to communicate over port 10051. So once I open that up on the Zabbix server than it worked fine. Thanks for your help. But I do see your problem though that you are having