I am configured Zabbix to monitor my Jboss Server logs for Erros and exclude some know errors.
This setup is working, Zabbix will send me alerts when there is a new "ERROR" entry in the log file, but with one issue,
sometimes I get multiple alerts for the same event.
For example, I got 5 alerts with the same time stamp "2012-06-25 07:55:56,864 ERROR".
The duplicate alerts count is not constant, sometimes I get 2, sometimes 5 or 11.
I checked the Monitoring > Latest data in the GUI, and found that there are no duplicate entries.
My configuration of the log monitoring is below.
I am using the latest version of zabbix server(2.0)
Item configuration:
- Description: Server Error Monitoring.
- Key:
log["/SERVER/jboss/jboss-5/server/ps/log/server.log","ERROR",UTF-8,200,skip] - Type: Zabbix Agent (Active)
- Type of information: Log
- Interval :30
Trigger configuration:
- Description: Found Error in Server Log.
- Expression:
(({SERVER Error Monitoring - PS:log["/SERVER/jboss/jboss-5/server/ps/log/server.log","ERROR",UTF-8,200,skip].regexp("can not execute")})=0) & (({SERVER Error Monitoring - PS:log["/SERVER/jboss/jboss-5/server/ps/log/server.log","ERROR",UTF-8,200,skip].regexp("Unexpected redirect")})=0) - Event generation: Normal + Multiple TRUE events
Action configuration:
- Name: alert mail
- Event source: Trigger
- Enable escalations: Uncheck
- Default subject/message: Default
- Recovery message: Uncheck
- Action conditions: Trigger value = PROBLEM
- Action operations: Send message to User "Admin"
Best Answer
I have fixed this issue.
The reason for this issue was, I was using
{ITEM.LASTVALUE}in my Action, which caused this problem. I have changed this to{ITEM.VALUE}. Which fixed the issue.{ITEM.VALUE}is faster than{ITEM.LASTVALUE}.If you want to know more about this fix, please see the detailed explanation in Zabbix bug tracker