Zabbix configure template
Contents
Vocable
Key points:
- Zabbix configuration rely on templates = set of applications, items, triggers and actions.
- Each template has a list of applications
- Each application has a set of items = datasource
- Each item has some triggers = conditions to raise an event with a specific alert level and type
- Each trigger is bound to some actions = action to perform on when the trigger event is sent. A trigger can rely on many items.
- Each host belongs to one or more groups. Each group has some related templates they apply to their hosts
Access / create application
- Access applications' list
→ Configuration menu >> Templates >> Searched template >> Applications
- Create new application
→ Configuration menu >> Templates >> Searched template >> Applications >> Create application
==> Give a name to the new application and save.
==> It should appears it the applications list
Access / create item (~ datasource)
- Items list
→ Configuration menu >> Templates >> Searched template >> Applications >> Application's Items
- Create / edit item
→ Configuration menu >> Templates >> Searched template >> Applications >> Application's Item
- Fill the form
→ Configuration menu >> Templates >> Searched template >> Applications >> Application's Items >> Item >> Create Item | edit Item
Key : logrt[/var/log/vehco/smartcard-service.log,ERROR]
Important notes
Each type of items has a different set of keys (functions). You can find the complete list on Zabbix documentation:
- List of items (v2.2): https://www.zabbix.com/documentation/2.2/manual/config/items/itemtypes
- Item's key for Zabbix agent (v2.2): https://www.zabbix.com/documentation/2.2/manual/config/items/itemtypes/zabbix_agent
To monitor a log file I'm using:
- Item type: zabbix agent (active) => the client will report all changes to the server, client's does NOT wait for server interrogation: it's pro-active
- Key: logrt => to handle log files rotation
If you're using DNS configuration then the host will report using the short name. Be sure your discovery is NOT using FQDN or you'll never have any data!!! That's why IP unique criteria for hosts make more sense!
How to create a new trigger(s)
Access triggers list (~ event condition)
You can access triggers list from an item or a template.
- From an Item:
→ Configuration menu >> Templates >> Searched template >> Applications >> Application's Items >> Item >> Triggers (purple arrow)
- From a Template:
→ Configuration menu >> Templates >> Searched template >> Triggers
... You should see something like:
Create a new trigger
→ Configuration menu >> Templates >> Searched template >> Triggers >> Create trigger
See the excellent Zabbix documentation regarding HOW to create a trigger: https://www.zabbix.com/documentation/2.2/manual/config/triggers
For the log you should have something like:
Expression = {<Template>:<ITEM>.str(<condition>)}=1
In my case:
- Template: Vehco-smartcards
- Item: logrt[/var/log/vehco/smartcard-service.log,ERROR]
- Condition: ERROR => react on "ERROR" string
{Vehco-smartcards:logrt[/var/log/vehco/smartcard-service.log,ERROR].str(ERROR)}=1
Note that the <ITEM> must the related ITEM.
Action
Access actions
→ Configuration menu >> Actions >> Create Action
Create action
The following example will react upon log file alert and send an email.
Action
On this 1st screen, you must:
- Give the action a name
- Set a custom email's body. You can use Zabbix variables
- enabled the new action
Conditions
No matter what conditions you choose, remember:
- Select and or or condition BEFORE adding a new condition
- You must select the matching trigger. That's the only minimal condition (see my example)
Operations
Just choose the email operation. An operation is the result of the previous action and conditions.
Conclusion
That's all. You should receive your alerts by now !
Sources: