Zabbix Log Monitoring

Zabbbix can be used for centralized monitoring and analysis of log files that support/do not support rollover.

When a log file contains a specific character or character pattern, Zabbix sends an alarm message to the user.

To log file monitoring, the following is required

Zabbix Client Agent (Zabbix agent)
Set monitoring entries for log file monitoring
The size of the monitored log file depends on the large file support.

Configuration

Confirm Client Agent Parameters

Make sure that you are in the Client Agent file:

The value of the ' Hostname ' parameter is the same as the host name defined by the front end
The host in the parameter value ' serveractive ' must be specified as active detection
Monitoring item configuration

Create a monitoring entry for log file monitoring:

650) this.width=650; "title=" 20120612074351569.png "src=" Http://img1.51cto.com/attachment/201312/164831353.png " alt= "164831353.png" style= "padding:0px;margin:0px;vertical-align:top;border:none;"/>

To log monitoring, you must enter the following:

Type here Select Zabbix Agent (Active)
Keyword (key) is set to one of the following two
log[file name format: Log file path,,,,]
Or
logrt[file name format: Log file path,,,,]
As an example:
Log[/var/log/syslog]
Log[/var/log/syslog,error]
logrt["/home/user/filelog_.*_[0-9]{1,3}", "Pattern_to_match", "UTF-8", 100].
The last one will collect information from the file "Filelog_abc_1" or "filelog__001".
For more detailed information, refer to log and logrt all information in the supported Client Agent monitoring key section.
Ensure that the Zabbix user has read access to the file or the monitoring item status will be set to ' unsupported '.
If a regular expression exists, the Zabbix client Agent uses it to filter the entire log file.
Information type (type of information) select Log here.
Check the update interval, in seconds (update interval) (in SEC) This parameter defines how often the Zabbix client-level agent checks for changes in the log file. Set it to 1 seconds to make sure you get a new record of log file changes as quickly as possible.
Logon time format
(The Log time format supports placeholders:
* Y: Year (0001-9999)
* M: Month (01-12)
* d: Day (01-31)
* H: Hours (00-23)
* M: minutes (00-59)
* S: sec (00-59)
If the blank timestamp is not resolved
For example, analyze the following line of log files from the Zabbix Client Agent:
"23480:20100328:154718.045 Zabbix agent started. Zabbix 1.8.2 (revision 11211). "
Start with six characters, as the PID, the later date, time, and other parts.
The log file time format for this line will be "PPPPPP:YYYYMMDD:HHMMSS".
Note: The two characters "P" and ":" are just placeholders, which can be any character except "Ymdhms".

Important Reminders
The server side and the client Agent record the monitored file size and the latest modification time (LOGRT support) between the two monitoring times.
The client agent starts monitoring the log from where it was previously stopped.
The number of bytes already parsed (size counter) and the most recent modification time (time counter) are stored in the Zabbix database and sent to the client agent to ensure that the log file is read from that point onwards.
Once the log file size is less than the record in the client Agent's log file counter, the counter is zeroed out. The client Agent reads the log file from the beginning and considers the redesign of the device.
In a given directory, all files that match the parameter filename format are parsed when the Zabbix Client Agent attempts to obtain access time from the log file. (LOGRT support).
If there are several files under the directory that match the ones specified in the parameters and have the same last modification time, then the client Agent will parse the one that is sorted by dictionary.
The Zabbix Client Agent (Zabbix agent) parses new records from one log file at a time interval (update interval seconds).
The Client Agent (Zabbix agent) sends a log entry within one second without exceeding the value specified by the Maxlines parameter. This limitation prevents overloading of network and CPU resources and the default values provided by the parameter Maxlinespersecond in the client Agent configuration file.
Pay special attention to the path delimiter "\": If the file format is "File\.log", then no directory exists in the path, because "." is not explicitly defined "." is escaped or is the first character of a file name.
LOGRT Regular Expressions support only filenames, and regular matching of directories is not supported.

Description: I am doing log monitoring when the latest data has been not the data for people to help to troubleshoot a long time also did not see which error, always tangled is not a log format error, the log is not a bug read carefully after the article found Zabbix client configuration file Hostname (host name) Serveractive (Zabbix server servername/ip) These two parameters are generally serveractive This parameter is the default comment out if not specified in the latest data is not available data

Zabbix Log Monitoring