User Tools
zabbix_logs
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
zabbix_logs [2025/11/07 11:31] val |
zabbix_logs [2025/11/09 08:41] (current) val |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Использование Zabbix для мониторинга журналов, или, как не пропустить что-то неожиданное ====== | ====== Использование Zabbix для мониторинга журналов, или, как не пропустить что-то неожиданное ====== | ||
| + | |||
| + | * [[https://www.zabbix.com/documentation/6.0/ru/manual/config/items/itemtypes/log_items|Руководство по Zabbix Мониторинг файлов журналов]] | ||
| + | * [[https://www.zabbix.com/documentation/current/en/manual/regular_expressions]] | ||
| + | * [[https://habr.com/ru/articles/737058/|Логи из Linux в Zabbix. Подробнейшая инструкция]] | ||
| + | * [[https://www.zabbix.com/forum/zabbix-help/457279-trying-to-make-a-trigger-of-a-monitored-logfile|Trying to make a trigger of a monitored logfile]] | ||
| + | |||
| + | ===== Реклама ===== | ||
| + | |||
| + | * Однажды мы получили сообщение от пользователей, что "не открывается" некоторый корпоративный ресурс. Как обычно, "никто ничего не менял" (log secondary zone not axfr) | ||
| + | |||
| + | |||
| + | ===== Техническое задание ===== | ||
| + | |||
| + | * | ||
| + | |||
| + | ===== Запись вебинара ===== | ||
| + | |||
| + | * Тэги: | ||
| + | |||
| + | ===== Шаг 1. Что у нас есть, для начала ===== | ||
| + | |||
| + | ===== Черновик ===== | ||
| + | |||
| + | <code> | ||
| + | # ###apt install rsyslog | ||
| + | |||
| + | # cat /var/log/syslog | grep -i 'error' | ||
| + | |||
| + | # cat /var/log/syslog | egrep -v 'DHCPACK|DHCPREQUEST|Wrote.*leases|sessionclean|ALLOWED|run-parts.*report' | ||
| + | |||
| + | # cat /etc/zabbix/zabbix_agentd.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | ServerActive=server | ||
| + | ... | ||
| + | </code><code> | ||
| + | # usermod -aG adm zabbix | ||
| + | |||
| + | # hostname | ||
| + | abcd.corpX.un | ||
| + | |||
| + | # service zabbix-agent restart | ||
| + | |||
| + | Host: abcd.corpX.un | ||
| + | |||
| + | Item: | ||
| + | Name: Error log in syslog | ||
| + | Type: Zabbix Agent(active) | ||
| + | Key: log[/var/log/syslog,rror] или log[/var/log/syslog,(?i)error] | ||
| + | History: 1d | ||
| + | |||
| + | Item: | ||
| + | Name: Unknown log in syslog | ||
| + | Type: Zabbix Agent(active) | ||
| + | Key: log[/var/log/syslog] | ||
| + | Preprocessing: | ||
| + | Name: Does not match regular expression | ||
| + | Parameters: DHCPACK|DHCPREQUEST|Wrote.*leases|sessionclean|ALLOWED|run-parts.*report | ||
| + | Custom on fail: Discard Value | ||
| + | |||
| + | Trigger: | ||
| + | Name: Error|Unknown log in syslog on {HOST.NAME} | ||
| + | Severity: Warning | ||
| + | Expression: nodata(/Zabbix server/log[/var/log/syslog,rror],1m)=0 | ||
| + | Expression: nodata(/Zabbix server/log[/var/log/syslog,(?i)error],1m)=0 | ||
| + | Expression: nodata(/Zabbix server/log[/var/log/syslog],1m)=0 | ||
| + | | ||
| + | |||
| + | </code> | ||
zabbix_logs.1762504302.txt.gz · Last modified: 2025/11/07 11:31 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
