Ad Widget

Collapse

Acknowledge trigger - reset trigger status

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • steria
    Junior Member
    • Jun 2007
    • 17
    #1

    Acknowledge trigger - reset trigger status

    Hello,

    I am currently monitoring a log file and set up un trigger to catch "ERROR":

    ITEM
    key: log[/var/log/messages]

    TRIGGER
    {Template_Linux:log[/var/log/messages].regexp([Ee][Rr][Rr][Oo][Rr])}=1

    When the regexp is matched, all works fine since the trigger is set to TRUE.
    However, when I try to acknowledge the trigger, it remains to TRUE! Why?

    I have seen several topics with a similar pb, but no way to manually set trigger to FALSE? It should be possible to reset trigger value, right?

    I certainly doing something wrong or misunderstanding how it works, so please, can someone explain me how it works and what is the problem?

    Acknowledge function seems to work fine with other triggers, but not with log monitoring ones.


    Thank you very much
    Last edited by steria; 28-09-2007, 16:32.
    Tags: None
    • Alexei
      Founder, CEO
      Zabbix Certified Trainer
      Zabbix Certified SpecialistZabbix Certified Professional
      • Sep 2004
      • 5654
      #2
      I am thinking of adding new trigger attribute which would specify how events are generated. One of possible options would be "Generate multiple TRUE events". In this case, every matched line of log monitoring (or SNMP trap, anything) would generate a new TRUE event, which can be be used for acknowledgements.
      Alexei Vladishev
      Creator of Zabbix, Product manager
      New York | Tokyo | Riga
      My Twitter

        Comment

        • cperera
          Junior Member
          • May 2007
          • 19
          #3
          What can we do for the moment to set the trigger status back to FALSE?

          Once a log regexp has been matched and triggered, it causes an event and an action takes place. However as the status remains as TRUE the next time a regexp is found it doesn't generate another event. I tried running the following query:

          update triggers set value = 0, lastchange = unix_timestamp() where triggerid = 100000000014810;

          Although this sets the status back to FALSE, the next time it's triggered an event doesn't get generated. What more needs to be done?

            Comment

            • Christophe
              Junior Member
              • May 2008
              • 3
              #4
              Hey,
              I'm new on zabbix, and I have the same probleme, did someone manage to write a trigger on log that works ?
              Thanks

                Comment

                • chriso
                  Junior Member
                  • May 2010
                  • 20
                  #5
                  3 years later..and I'm having the same issue. For monitoring logs, should we not be using triggers with "event generation" set to normal? For log monitoring, should this always be set to "normal + multiple true events"?

                    Comment

                    • jayalps
                      Junior Member
                      • Feb 2011
                      • 2
                      #6
                      Anyone have a resolution to this? I am looking for the same thing.

                      I want an alert to go off every instance of the string I am looking for appears in a file/log.

                      For example

                      vfs.file.regexp[/var/log/messages,error]

                      The first time the string 'error' appears in /var/log/messages I get an alert. However if the same string appears in the file after that I do not get an alert. I want to be alerted every time that string appears even if I have not acknowledged it yet.

                        Comment

                        Previous template Next
                        Working...