Difference between revisions of "Zabbix configure template"

Line 192: Line 192:
  
 
Just choose the ''email'' operation. An operation is the result of the previous action and conditions.
 
Just choose the ''email'' operation. An operation is the result of the previous action and conditions.
 +
 +
 +
 +
=Conclusion=
 +
 +
That's all.
 +
You should receive your alerts by now !
 +
 +
 +
 +
Sources:
 +
* https://www.zabbix.com/forum/showthread.php?t=20211
 +
* http://linuxkandi.blogspot.fr/2012/07/monitoring-log-files-with-zabbix.html

Revision as of 15:59, 19 August 2014


Vocable

Key points:

  1. Zabbix configuration rely on templates = set of applications, items, triggers and actions.
  1. Each template has a list of applications
  1. Each application has a set of items = datasource
  1. Each item has some triggers = conditions to raise an event with a specific alert level and type
  1. Each trigger is bound to some actions = action to perform on when the trigger event is sent. A trigger can rely on many items.
  1. Each host belongs to one or more groups. Each group has some related templates they apply to their hosts


How to create a new application and related item(s)

Access / create application

  • Access applications' list

Zabbix template 04 applications

→ Configuration menu >> Templates >> Searched template >> Applications


  • Create new application

Zabbix template 05 new application

→ Configuration menu >> Templates >> Searched template >> Applications >> Create application


==> Give a name to the new application and save.

==> It should appears it the applications list


Access / create item (~ datasource)

  • Items list

Zabbix template 06 App Items

→ Configuration menu >> Templates >> Searched template >> Applications >> Application's Items


  • Create / edit item

Zabbix template 07 create edit Item

→ Configuration menu >> Templates >> Searched template >> Applications >> Application's Item


  • Fill the form

Zabbix template 08 Item properties

→ Configuration menu >> Templates >> Searched template >> Applications >> Application's Items >> Item >> Create Item | edit Item


Key : logrt[/var/log/vehco/smartcard-service.log,ERROR]


Important notes


Each type of items has a different set of keys (functions). You can find the complete list on Zabbix documentation:


To monitor a log file I'm using:

  • Item type: zabbix agent (active) => the client will report all changes to the server, client's does NOT wait for server interrogation: it's pro-active
  • Key: logrt => to handle log files rotation


If you're using DNS configuration then the host will report using the short name. Be sure your discovery is NOT using FQDN or you'll never have any data!!! That's why IP unique criteria for hosts make more sense!

How to create a new trigger(s)

Access triggers list (~ event condition)

You can access triggers list from an item or a template.

  • From an Item:

Zabbix template 09 Trigger access from items

→ Configuration menu >> Templates >> Searched template >> Applications >> Application's Items >> Item >> Triggers (purple arrow)


  • From a Template:

Zabbix template 09 Trigger access from template

→ Configuration menu >> Templates >> Searched template >> Triggers



... You should see something like:

Zabbix trigger 10 Trigger view


Create a new trigger

Zabbix trigger 11 new trigger

→ Configuration menu >> Templates >> Searched template >> Triggers >> Create trigger


See the excellent Zabbix documentation regarding HOW to create a trigger: https://www.zabbix.com/documentation/2.2/manual/config/triggers


For the log you should have something like:

Log 02 TRIGGER


Expression = {<Template>:<ITEM>.str(<condition>)}=1

In my case:

  • Template: Vehco-smartcards
  • Item: logrt[/var/log/vehco/smartcard-service.log,ERROR]
  • Condition: ERROR => react on "ERROR" string

{Vehco-smartcards:logrt[/var/log/vehco/smartcard-service.log,ERROR].str(ERROR)}=1


Note that the <ITEM> must the related ITEM.


Action

Access actions

Zabbix action 01

→ Configuration menu >> Actions >> Create Action


Create action

The following example will react upon log file alert and send an email.


Action

Zabbix action 02

On this 1st screen, you must:

  • Give the action a name
  • Set a custom email's body. You can use Zabbix variables
  • enabled the new action


Conditions

Zabbix action 03

No matter what conditions you choose, remember:

  • Select and or or condition BEFORE adding a new condition
  • You must select the matching trigger. That's the only minimal condition (see my example)


Operations

Zabbix action 04

Just choose the email operation. An operation is the result of the previous action and conditions.


Conclusion

That's all. You should receive your alerts by now !


Sources: