I'm trying to monitor a log file for the word "error", and if the word appears, fire a trigger for each new occurence of "error." I'm starting simply, with a file (/var/log/test.log) that is world-readable. It contains the following lines:
test
error
also an error
but not this
The item in Zabbix is log[/var/log/test.log,error], type "Zabbix Agent (Active)", with information type "log".
I'm using the following trigger tied to this item: {nero:log[/var/log/test.log,error].str(error)}=1
I've tried leaving the "error" part out of the item, and changing the trigger value to equal 0. No matter what I do, I get a trigger status of UNKNOWN in the Events tab.
I'm not sure what I'm missing here, does someone see the issue? I checked the agent log on the server, and it doesn't mention any issues.
Best Answer
Try to use quotation marks in item:
And make sure you use "Zabbix agent (active)" type and "Log" as type of item.
You might also need to set encoding of file, but I'm not sure on that. I'm neither sure about quotation marks, but documentation says so and many examples I've found says so, when I was working with my problems with logs.