Shulou(Shulou.com)06/01 Report--

The monitoring log is an indispensable part of the daily life of the operation and maintenance personnel, and the log is the top priority of a process, because the log records all the events of the program running, so when troubleshooting, it is necessary to combine the log to find obstacles! And we will also take the initiative to be reminded of a few key words in the log, such as "ERROR!" , such as "WARINIG!" , such as "Alarm!" For example, "well done for women's volleyball girls, you really cheer up the country. Look at these women's volleyball girls who really like to have long legs and beauty plus D cups." As an excellent monitoring software, zabbix can be used as the first time when the above keywords appear in the log or alarm or record.

For example, suppose we want to monitor a process log, which is called mrs, and this is a program used within our company. The goal is that when ERROR appears in the mrs.log log, it is necessary to call the police and notify the devastated operation and maintenance staff and the development pl.

First, let's create an item, as shown in the figure:

Note that the type here is active, because the monitored server needs to actively send the log to the server. Key writes log [/ mnt/hswx/mrs/logs/mrs.log,ERROR,skip,], which I'll elaborate on here.

The format of the key log is as follows: log [file,], with the following meanings:

File: file name, write the absolute path; regexp: regular expression to match the content, or write the content you want to retrieve directly, for example, I want to retrieve the record with the ERROR keyword; encoding: code-related, leave blank; maxlines: the maximum number of lines to be submitted at a time. This parameter overrides the MaxLinesPerSecond', in the configuration file zabbxi_agentd.conf. We can also leave blank; mode: all by default, or skip,skip can skip the old data. Output: data output to zabbix server. It can be\ 1,\ 2 always\ 9,\ 1 represents the content matched by the first regular expression, and\ 2 represents the mismatched content of the second regular expression.

Since we only need to pick out the words "ERROR" here, we can't use the rest of them, so we can just write log [/ mnt/hswx/mrs/logs/mrs.log,ERROR,skip,]. If you want to pick "ERROR or error", then it is log [/ mnt/hswx/mrs/logs/mrs.log, (ERROR | error), skip,]

It is an old saying that the format of the log is "log", updated every 10 seconds and saved for 90 days. As for Log time format written in yyyy-MM-dd hh:mm:ss is a standard format for recording time, we use the format of "year-month-day: hour-minute-second". We will see the effect in a moment.

After writing, save, return to Monitoring---lastest Data, and find the item we just created

Click on the history on the right and you can see something like this.

The local time here is the log time format when we set the item, and it is indeed recorded in the format of "year-month-day: hour-minute-second".

We can see that there is an ERROR log at 18:39:53 in value, so log in to this server and go to the server's mrs.log to see if there is exactly the same log content.

You can see that the content is exactly the same, in this way, we have achieved the purpose of monitoring the log!

Then it is to set trigger and action according to this item. I won't dwell on these things depending on the specific needs of individuals. Here are a few commonly used trigger:

{Template name: keyi name] .str (ABC)} = 1 means that if the keyword "ABC" is matched, the expression is true. The combination of this and the above key is whether there is ABC in the statement of ERROR, and if so, it is true. {Template name: keyi name] .nodata (60)} = 0 means that if data is generated within 60 seconds, the expression is true, that is, if there is no new data within 60 seconds, the expression is false.

Specific trigger expression: {Template App Java logs:log [/ app/wutongshu/monitorlog/error.log,ERROR,skip,] .str (ERROR)} = 1 and {Template App Java logs:log [/ app/wutongshu/monitorlog/error.log,ERROR,skip,] .nodata (60)} = 0

Of course, some people will ask that log files often need to be cut during actual production, such as this mrs.log, which will not be saved indefinitely, but will be cut into mrs.log.1 and mrs.log.2..., according to time / size. Then use the key logrt, which supports regular expressions. In this case, we just need to change the original key to "logrt [/ absolute path / mrs.log.*,ERROR,]".

But note that logrt can only add regular expressions to files, but does not support paths.

If the monitoring log does not run correctly after configuration, adjust the log to have a look, if the log shows:

152022.958 active check "KEY of monitoring log" is not supported: Cannot obtain information for file "filename to be monitored .log": [13] Permission denied

Then you need to turn on r permission to the path where the file is located.

If there is something in the log:

2972 host 20171214 IP:10051 144031.449 no active checks on server [server IP:10051]: host [server hostname] not found

Then check whether the name of Hostname in agentd.conf is the same as that of host on the web. this must be consistent, otherwise active mode will not work (non-active mode does not matter).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.