Shulou(Shulou.com)06/01 Report--

Small Q: mountain journey, water journey, the body to Yuguan that bank line, late at night thousands of tent lights. -Nalan Rong Ruo "long Acacia"

Recently, I have been learning zabbix, summing up and summarizing the configuration of trigger syntax parameters, and real-time configuration, hoping to help you.

If you have any questions, please feel free to leave a message for discussion.

1. Grammar

2. Example

-

1. The syntax of Zabbix trigger is as follows:

{: ()}

Use the triggers monitored by the host ping in the Template App Zabbix Agent template to illustrate:

{Template App Zabbix Agent:agent.ping.nodata (5m)} = 1

Template App Zabbix Agent is the monitoring template

Agent.ping is the project Items in the monitoring template

Nodata () and the method used by the project

5m and parameters used by the method

Operator, optional

Persistence, optional

"if it is a template called by a trigger, you need to change the view trigger in the template. If it is a trigger created directly, you can modify it directly in the host."

"the criteria for the selection of trigger expressions come from items under ip in each group"

1.abschange parameter: ignore support type: float,int,str,text,log function: returns the absolute value of the difference between the recently obtained value and the previously obtained value, for string type: 0 is equal, 1 is different

2.avg parameter: second or # num support type: float,int function: return the average over a period of time for example: avg (5): the average of the last 5 seconds avg (# 5): represents the average of the values obtained for the last 5 times avg (360086400): indicates the average of an hour a day ago, if there is only one parameter, represents the average of the specified time, from now on, if there is a second parameter, it indicates drift The time is calculated before the second parameter, and # n represents the value of the last n times.

3.change parameter: ignore support type: float,int,str,text,log function: return the difference between the recently obtained value and the previously obtained value. For string 0, equal, 1 means different example: change (0) > n: ignore the parameter, generally enter 0, indicating that the difference between the recently obtained value and the previous value is greater than n

4.count parameter: second or # num support type: float,int,str,text,log function: returns statistics of values within a specified time interval, for example: the number of values obtained in the last 10 minutes by count (count) the number of values obtained in the last 10 minutes is equal to 12 count (600 gt 12, "gt") the number of values obtained in the last 10 minutes is greater than 12 count (# 10 gt 12) The number of count (600 band 12, "gt", 86400) with a value greater than 12 in 10 minutes before 24 hours count (600 6 band 7, "band")-thenumberofvaluesforlast10minuteshaving'110' (inbinary) inthe3leastsignificantbits. The number of 10-minute data values before 24 hours in count (600 dyadium 86400) the first parameter: second parameter in specified time period: sample data third parameter: operation parameter fourth: drift parameter # supported operation type eq: equal ne: unequal gt: greater than or equal lt: less than le: less than or equal like: content matching

5.date parameter: ignore support type: any function: return the current time, format YYYYMMDD

6.dayofmonth returns the current day of the month

7.dayofweek returns the current day of the week

8.delta parameter: second or # num support type: float,int function: returns the difference between the maximum value and the minimum value during the interval

Parameter 9.diff: ignore supported value types: float,int,str,text,log function: a return value of 1 indicates that the most recent value is different from the previous value, and 0 indicates other cases

10.fuzzytime parameter: second supported value type: float,int function: a return value of 1 indicates that the timestamp of the monitoring item value is more than N seconds with the time of ZabbixServer, and 0 is other. System.localtime is often used to check whether the local time is the same as the Zabbixserver time.

11.last parameter: second or # num supported value type: float,int,str,text,log function: the most recent value. If it is seconds, it is ignored. # num represents the Nth most recent value. Please note that the current # num of # num and some other functions means that different last (0) is equivalent to last (# 1) last (# 3) represents the most recent * * 3rd value (not the last three values) this function also supports the second parameter * * time_shift**, for example last (0c86400) returns the most recent value of the day if multiple values exist in the same second in history The exact order of Zabbix unguaranteed values # num is supported from Zabbix1.6.2, and timeshift is supported from 1.8.2. You can query the avg () function for its usage.

12.logeventid parameter: string support value type: log description: check whether the EventID of the most recent log entry matches the regular expression. Parameter is a regular expression, POSIX extension style. A return value of 0 indicates a mismatch, and 1 indicates a match. This function is supported from Zabbix1.8.5.

13.logseverity parameter: ignore the supported value type: log description: returns the log level of the most recent log entry (logseverity). When the return value is 0, it indicates the default level, and N is the specific corresponding level (integer, often used for Windowseventlogs). The Zabbix log level comes from the Information column of Windowseventlog.

14.logsource parameter: string support value type: log description: check whether the most recent log entry matches the log source of the parameter. A return value of 0 indicates a mismatch, and 1 indicates a match. The whole field is used for Windowseventlogs monitoring. For example, logsource ["VMWareServer"]

14.max parameter: second or # num supported value type: float,int description: returns the maximum value of the specified time interval. The interval as the first parameter can be seconds or the number of collected values (prefixed with #). Starting with Zabbix1.8.2, the function supports the second optional argument, time_shift. You can check the avg () function to get how to use it.

15.min parameter: second or # num supported value type: float,int description: returns the minimum value of the specified time interval. The interval as the first parameter can be seconds or the number of collected values (prefixed with #). Starting with Zabbix1.8.2, the function supports the second optional argument, time_shift. You can check the avg () function to get how to use it.

16.nodata parameter: second support value type: any description: when the return value is 1, no data is received at the specified interval (the interval should not be less than 30 seconds), and 0 means something else.

17.now parameter: ignore supported value type: any description: number of seconds to return time from Epoch (00:00:00UTC on January 1, 1970)

18.prev parameter: ignore supported value type: float,int,str,text,log description: return the previous value, similar to last (# 2)

19.regexp parameter: the first parameter is string, the second parameter is second or # num support value type: str,log,text description: check whether the recent value matches the regular expression, the regular expression of the parameter is the POSIX extension style, the second parameter is the number of seconds or the number of collected values, multiple values will be processed. This function is case sensitive. When the return value is 1, it is found, and 0 is other.

20.str parameter: the first parameter is string, and the second parameter is second or # num support value type: str,log,text description: find the string in the most recent value. The first parameter specifies the string to look for, which is case-sensitive. The second optional parameter specifies the number of seconds or the number of values collected, and multiple values will be processed. When the return value is 1, it is found, and 0 is other.

21.strlen parameter: second or # num support value type: str,log,text description: specifies the string length of the most recent value (not bytes). The parameter value is similar to the last function. For example, strlen (0) is equivalent to strlen (# 1), strlen (# 3) represents the nearest third value, and strlen (0jre 86400) represents the most recent value a day ago. This function has been supported since Zabbix1.8.4

22.sum parameter: second or # num supported value type: float,int description: returns the sum of the values collected in the specified time interval. The interval as the first parameter supports the number of seconds or collection values (starting with #). Starting with Zabbix1.8.2, this function supports time_shift as the second argument. You can check the avg function for its usage

23.time parameter: ignore supported value type: any description: return the current time, in the format of HHMMSS, for example, 123055

2. Equivalent conversion of example parameters, parameter 1 = parameter 2

Parameter 1: {host:zabbix [proxy,zabbix_proxy,lastaccess]} > 120 {host:system.uptime [] .last (0)} 5 | {www.zabbix.com:system.cpu.load [all,avg1] .min (10m)} > 2

If the current cpu load is greater than 5 or the cpu load in the last 10 minutes is greater than 2, the expression will return true.

Example 3:

Trigger name: / etc/passwd has been changed uses the function diff (): {www.zabbix.com: vfs.file.cksum [/ etc/passwd] .diff (0)} > 0

The latest checksum of / etc/passwd is different from the checksum obtained last time, and the expression will return true. We can use the same method to monitor important configuration files of the system, such as / etc/passwd,/etc/inetd.conf, etc.

Example 4:

Trigger name: Someone is downloading a large file from the Internet uses the function min: {www.zabbix.com:net.if.in [eth0,bytes] .min (5m)} > 100K

If the current host Nic eth0 receives more traffic than 100KB in the last 5 minutes, the trigger expression will return true

Example 5:

Trigger name: Server is unreachable {zabbix.zabbix.com:icmpping.count (30m.0)} > 5

The expression above indicates that the host zabbix.zabbix.com has been unreachable more than 5 times in the last 30 minutes.

Example 6:

Trigger name: CPU activity at night time uses the function time (): {zabbix:system.cpu.load [all,avg1] .min (5m)} > 2 & {zabbix:system.cpu.load [all,avg1] .time (0)} > 000000 & {zabbix:system.cpu.load [all,avg1] .time (0)}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.