Originally posted by andris View Post. There is no standard command "tailf". Have you defined your own "tailf" as an alias to "tail -f"? If so, then no wonder it shows nothing. Better try "grep springs. Last edited by marcos. Actually the springs. The item seems to be set to the host "Zabbix server", but the conditional expression in the setting of the trigger seems to specify the conditional expression to the item of the host "zabbix.
In this setting, even if the host "Zabbix server" acquires the corresponding log, the trigger event does not occur because the item is not specified in the trigger conditional expression. This is pretty serious. So, most likely, you will receive a lot of lines that might be up to a year old. And if you have some triggers configured then you will also receive a lot of false-positive trigger alarms about the lines that actually are from the past. It allows you to extract some specific lines from the matched lines in the log file.
We will see that in the examples in my demo items. I have multiple things here. First of all, this one — Log file monitoring :.
Here I have even increased debug level so it is producing quite a lot of new lines per second. So, this item will collect absolutely all new incoming lines to the log file.
Is it reasonable? Not really. Zabbix is not a syslog server. While it is possible to collect absolutely all data coming inside the log file, the amount of new lines it produces each second makes it unreasonable.
It is absolutely not wise to collect everything from this log in our database because of performance reasons — it will take a lot of the disk space and it is simply not reasonable.
But remember, during those five minutes the log continues to grow and if it produced some new lines that should be captured by Zabbix every five seconds, after five minutes there will be already a big chunk of data to send to the Zabbix server. That single moment, those incoming lines can and most likely will affect the performance of your Zabbix server.
So remember — one second update interval. If you are configuring some kind of the regular expressions in the front end or any other places online, i. Regex tester , just type a string and then you can try your regular expression and see if it works or not. The only additional parameter I have here is still the location of my proxy log:.
On the top right part of the screen, click on the Create application button. On the Host applications screen, create a new application named: LOG. After finishing the Application creation, access the Items tab. On the top right part of the screen, click on the Create item button. Click on the Add button to finish the Item creation and wait 5 minutes.
Use the filter configuration to select the desired hostname and click on the Apply button. You should be able to see the results of your Linux log file monitoring using Zabbix. You have configured the Zabbix log file monitoring on Linux. Related Posts. May 27th, October 28th, September 27th, July 29th, July 9th, July 6th, Whenever the log file becomes smaller than the log size counter known by the agent, the counter is reset to zero and the agent starts reading the log file from the beginning taking the time counter into account.
If there are several matching files with the same last modification time in the directory, then the agent tries to correctly analyze all log files with the same modification time and avoid skipping data or analyzing the same data twice, although it cannot be guaranteed in all situations. The agent does not assume any particular log file rotation scheme nor determines one.
When presented multiple log files with the same last modification time, the agent will process them in a lexicographically descending order. Thus, for some rotation schemes the log files will be analyzed and reported in their original order. For other rotation schemes the original log file order will not be honored, which can lead to reporting matched log file records in altered order the problem does not happen if log files have different last modification times.
Zabbix agent processes new records of a log file once per Update interval seconds. Zabbix agent does not send more than maxlines of a log file per second. The limit prevents overloading of network and CPU resources and overrides the default value provided by MaxLinesPerSecond parameter in the agent configuration file. To find the required string Zabbix will process 10 times more new lines than set in MaxLinesPerSecond.
Thus, for example, if a log[] or logrt[] item has Update interval of 1 second, by default the agent will analyze no more than log file records and will send no more than 20 matching records to Zabbix server in one check. By increasing MaxLinesPerSecond in the agent configuration file or setting maxlines parameter in the item key, the limit can be increased up to analyzed log file records and matching records sent to Zabbix server in one check. If the Update interval is set to 2 seconds the limits for one check would be set 2 times higher than with Update interval of 1 second.
Additionally, log and log. So for the maxlines values to be sent in one connection and not in several connections , the agent BufferSize parameter must be at least maxlines x 2. In the absence of log items all agent buffer size is used for non-log values.
For log file records longer than kB, only the first kB are matched against the regular expression and the rest of the record is ignored. However, if Zabbix agent is stopped while it is dealing with a long record the agent internal state is lost and the long record may be analyzed again and differently after the agent is started again. Regular expressions for logrt are supported in filename only, directory regular expression matching is not supported.
And, with the ability to extract and return a number, the value can be used to define triggers. Use it carefully at your own risk only when necessary. During longer communication failures all log slots get occupied and the following actions are taken: log[] and logrt[] item checks are stopped. When communication is restored and free slots in the buffer are available the checks are resumed from the previous position. No matching lines are lost, they are just reported later.
0コメント