Zabbix Log file Monitoring

First, the log item introduction

The following describes Zabbix another "heavyweight" function-log file monitoring, it is the most important is the monitoring log file is not a string expression, corresponding log rotation or not, Zabbix support.

When configuring item, type selects the Zabbix agent (active), where the main configuration is key. The following are two types of key--log and logtr for monitoring logs.

Log[/path/to/some/file,<regexp>,<encoding>,<maxlines>,<mode>,<output>]

Logtr[/path/to/some/filename_format,<regexp>,<encoding>,<maxlines>,<mode>,<output ;]

RegExp: to match the regular expression of the content, or to write directly the content you want to retrieve can also, for example, I want to retrieve the record with the error keyword

Encoding: Encoding related, left blank

Maxlines: The maximum number of rows committed at one time, this parameter overrides the ' Maxlinespersecond ' in the configuration file zabbxi_agentd.conf, we can also leave blank

Mode: The default is all, or skip,skip can skip old data

Output: Data that is exported to Zabbix server. Can be \1, \2 has been \9,\1 to indicate that the first regular expression matches the content, \2 that the second regular expression matches the wrong content.

If you look closely, you can see that the first parameter is different, and the first argument of LOGRT can use a regular expression. For log rollback use, for example, we cut the Nginx log every day, log fame Www.a.com_2015-01-01.log, Www.a.com_2015-01-02.log, etc., using log is not appropriate, if the file name uses a regular, Then the new log file is immediately added to the monitoring.

Note: Regardless of the new log, old log, as long as they have changed, Zabbix will monitor.

As long as the <regexp>,zabbix is configured, it matches the contents of the log according to the <regexp> regular expression. Note that it is important to ensure that the Zabbix user has read access to the log file, otherwise the status of this item becomes "Unsupported".

Second, monitoring principle and matters needing attention

1. The Zabbix server and the Zabbix agent track the size and last modification time of the log files, and are recorded in the byte counter and the latest time counter, respectively.

2, the agent will start reading the log from the place where the log was last read.

3, byte counter and the latest time counter data will be recorded in the Zabbix database, and sent to the agent, which will ensure that the agent from the last place to start reading logs.

4. When the log file size is less than the number in the byte counter, the byte counter becomes 0 and the file is read from the beginning.

5. All files that conform to the configuration will be monitored.

6. Multiple files in a directory are read in alphabetical order if the modification time is the same.

7, to each update interval time, the agent will check the directory files.

8, Zabbix Agent send log volume per second, there is a maximum number of log lines, to prevent network and CPU load is too high, this number in the Zabbix_agentd.conf maxlinepersecond.

9. In logtr, the regular expression is valid only for the file name and invalid for the directory.

Third, log monitoring configuration

Make sure the agent has the following two configurations

1, hostname settings for the server to create the host is filled in the host name, must be consistent

2, Serveractive set as the IP of the server

Host>> target host >>item>>create item, as follows:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/73/22/wKioL1X2blvTDDDmAAMwfPJcdQ8698.jpg "title=" Qq20150914144115.jpg "alt=" Wkiol1x2blvtdddmaamwfpjcdq8698.jpg "/>

Description

1. Type must select Zabbix Agent (Active) because the data is Zabbix actively submitted to the server

2. Key:log[/var/log/message,error], we are here to monitor the system log, print out the line with error, we can also go to monitor other logs, MySQL, Nginx and so on are OK.

3. Log time format:MMpddphh:mm:ss, corresponding to the journal's wardrobe Sep 07:32:38,y represents the year, M for the month, D for the day, p, and: a placeholder, h for hours, m for minutes, and s for seconds.

Iv. View of results

Switch to the latest log, find the corresponding data, the following is my monitoring

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/73/22/wKioL1X2cFCwcJIJAAXaHyc0teM948.jpg "title=" Qq20150914144942.jpg "alt=" Wkiol1x2cfcwcjijaaxahyc0tem948.jpg "/>

We can set up a trigger for the monitoring of some information, alarm and so on, no longer described here.

Reference Document: Https://www.zabbix.com/documentation/2.4/manual/config/items/itemtypes/log_items

This article is from the "Little Water Drop" blog, please make sure to keep this source http://wangzan18.blog.51cto.com/8021085/1694597

Zabbix Log file Monitoring