If you want minimal cost consider using a cron job - you write a script in bash, cron submits it periodically.Ĭreate a file, ex: list.txt, of directories and logfilenames like this, these are pretend samples.Ĭolumns are path logfilename max_hours_inactive: /var/log syslog 9 SNMP (Nagios Net-Snmp) is very good but painful to set up correctly. Secondly, the monq Collector includes a built-in connector with Zabbix, which allows you to receive all events from Zabbix triggers and then view them on the same screen with the logs. You can of course change the parameters to fit your specific needs.
ndnotfound = this is the option you're passing to the tool Maxclient = the name you're giving to this session. '.' = this is searching for any thing in the log fileĢ = if at least two lines aren't found, alert Logrobot autonda /log/file/path 60m '.' '.' 2 2 maxclient -ndnotfoundnĪutonda = the feature to be used for your scenarioĦ0m = if the last time the file was last modified is over 60m, the tool wont go any further.
#Zabbix windows log file monitor regex how to#
i'm trying to think off the top of my head how to do that. Now to also monitor and alert if there's any output, that is possible as well.
Your second question monitor log to make sure there's output: the example used on that page should affirm this. Your first question monitoring logs for strings/regex:įrom my experience with the logrobot tool used on that page, i know monitoring any type of log is not an issue, regardless of the log format. Read it carefully and see if that's what you want. Regexp parameter supports both, file_regexp parameter supports non-global expressions onlyĭevice and sensor parameters on Linux 2.There is now a Nagios Log Monitoring plugin available. Regexp, severity, source, eventid parameters The installation procedure is simple: Log into the host on which you have log files to monitor wget (the-url-link-of-zip-file-of-autoresolve.kl. An example of such a tool is autoresolve.kl.sh. According to the log item must be configured as an active check, so the type should be 'Zabbix agent (active)' instead of 'Zabbix agent'. Use of the following expression in low-level discovery to discover databases except a database with a specific name: In your case, the custom plugin you need will be a tool that was built specifically to check, monitor and alert on log files. Windows service startup states for discovery "MMCSS" or "gupdate" or "SysmonLog" or strings like "clr_optimization_v7_32" and "clr_optimization_v9_32" where instead of dots you can put any character except newline. ^(MMCSS\|gupdate\|SysmonLog\|clr_optimization_v7_32\|clr_optimization_v9_32)$ "Physical memory" or "Virtual memory" or "Memory buffers" or "Cached memory" or "Swap space" ^(Physical memory\|Virtual memory\|Memory buffers\|Cached memory\|Swap space)$ Strings starting with "Nu" optionally followed by any number of digits or dots.
Strings starting with "Lo" or "lo" and optionally followed by any number of digits or dots. Strings starting with "NULL" optionally followed by any number of digits or dots. Strings that optionally start with "In", then have "L" or "l", then "oop", then "B" or "b", then "ack", which can be optionally followed by any number of digits, dots or underscores. Strings starting with "Software Loopback Interface". "btrfs" or "ext2" or "ext3" or "ext4" or "jfs" or "reiser" or "xfs" or "ffs" or "ufs" or "jfs" or "jfs2" or "vxfs" or "hfs" or "refs" or "apfs" or "ntfs" or "fat32" or "zfs" This way it is possible to save expressions containing a slash, without errors. This parameter is active only when " Any character string included" expression type is selected.Ī checkbox to specify whether a regular expression is sensitive to capitalization of letters.Ī forward slash (/) in the expression is treated literally, rather than a delimiter. Result is FALSE - do not match the regular expressionĪ comma (,), a dot (.) or a forward slash (/) to separate text strings in a regular expression. Result is TRUE - match the regular expression The delimited list includes a comma (,), a dot (.) or a forward slash (/).Ĭharacter string not included - match any string except the substring Any Unicode characters are allowed.Ĭlick on Add in the Expressions block to add a new subexpression.Ĭharacter string included - match the substringĪny character string included - match any substring from a delimited list.
0 kommentar(er)
