Menu
▾
▴
Re: [Zabbix-users] complex discovery question.
|
From: David L. <da...@la...> - 2016-07-15 20:40:26
|
Yes, I've done this sort of thing in the past for sending the data. Can I send
the discovery info in a similar way?
Even if I have to write something to talk directly to the Zabbix trapper code
instead of being able to just use zabbix-sender.
David Lang
On Fri, 15 Jul 2016, Tolle, Matthew wrote:
> Date: Fri, 15 Jul 2016 20:29:16 +0000
> From: "Tolle, Matthew" <Matthew.Tolle@Level3.com>
> To: David Lang <da...@la...>
> Cc: Zabbix-Users <zab...@li...>
> Subject: Re: [Zabbix-users] complex discovery question.
>
>
> Sorry.. re-read your question and saw I may have missed something.
>
> Zabbix agent (active) does kind of push instead of pull but if you want to use zabbix sender you can do that as well. Zabbix sender gives you a little more control over time frames that data is sent in and lets you send bulk stats in. Nice if you are doing a bunch of stuff. To do something like that setup the same discovery rule but for the item prototype do something like:
>
> Name: number of lines in log file prototype
> Type: Zabbix trapper
> key: logcount[{#LOG}]
>
> Make a script that does all the log file counts and writes it out to a temp file (or holds it in memory). The format would be:
>
> <Zabbix agent host name> <key> <data>
>
> Example:
>
> myhost.mydomain.example.com<http://myhost.mydomain.example.com> logcount[/var/log/auth.log] 1456
> myhost.mydomain.example.com<http://myhost.mydomain.example.com> logcount[/var/log/messages.log] 6346446
>
> etc..
>
> Then have the script run:
>
> zabbix_sender -vv -z <your zabbix server hostname> -s <agent name> -i <file>
>
> That will bulk send in all the data. You can send them in one at a time if you like by running:
>
> zabbix_sender -vv -z <your zabbix server hostname> -s <agent name> -k <key> -o <data>
>
> The key needs to match up with what the prototype has for this to work and the key has to be unique for each item. Obviously the item has to be discovered before data will show up but it’s ok to send data before hand. Zabbix will just ignore it till the key shows up.
>
> Put the script in cron or setup a daemon to run it whenever you want. I do a lot of zabbix_sender stuff when I want to collect specific data on a daemon I wrote. It’s great for collecting and graphing response times, memory used, etc.
>
> -Matt
>
> On Jul 15, 2016, at 12:59 PM, David Lang <da...@la...<mailto:da...@la...>> wrote:
>
> Thanks, a couple follow-up questions
>
> Is it possible to do this in a push mode (something similar to zabbix-send)?
>
> this is sending
>
> {"data": ["{#LOG}":"foo","{#LOG}":"bar"]}
>
> what happens if I later send:
>
> {"data": ["{#LOG}":"foo"}
>
> does the data for bar remain? or does it get deleted?
>
> David Lang
>
> On Fri, 15 Jul 2016, Tolle, Matthew wrote:
>
>
> On the monitored host change the agent config file to use user parameters. Something like:
>
> UserParameter=logfind[*],/usr/local/zabbix/bin/logfind.sh
> UserParameter=logcount[*],wc -l ‘$1’ | awk ‘{print $1}’
>
> (Might use cut instead of awk.. there are a number of ways todo both of these).
>
> for the logfind.sh script something like:
>
> TOT=`ls /var/log/ | egrep '(log$)’ | wc -l`
>
> echo "{ \"data\": ["
>
> for i in `ls /var/log/ | egrep '(log$)' | awk '{print $1}' `;
> do echo " { \”{#LOG}\":\"$i\" }"
> NUM=`expr $NUM + 1`
>
> if test "$NUM" -lt "$TOT"; then
> echo ","
> fi
>
> done
>
> echo "] }"
>
>
> In the Zabbix UI for discovery you use:
>
> Name: Log file finder
> Type: Zabbix agent (active)
> Key: log find[]
>
> Create an item prototype with that:
>
> Name: number of lines in log file prototype
> Type Zabbix agent (active)
> Key logcount[{#LOG}]
>
> The zabbix user on the host with the agent will need access to run the script, read the log directory, and the files in the log directory.
>
> add some triggers and that should do it.
>
> this was just off the cuff and not tested so might need some tweaks. If it was me I’d merge those userparamerters into one script that does both discovery and the counting.
>
> Hope that helps,
>
> -Matt
>
>
>
>
>
>
> On Jul 15, 2016, at 12:23 PM, David Lang <da...@la...<mailto:da...@la...><mailto:da...@la...>> wrote:
>
> I have processes that watch logs and keep running totals of things from in the
> logs, each minute I then dump the totals.
>
> I would like to put this data into Zabbix, but I need to understand how I can
> setup the templates for this (probably discovery templates)
>
> I currently use active mode and have used zabbix-sender to send some of this
> data. I'm using 2.4 but would upgrade to 3.0 in a heartbeat if needed.
>
> But I have other categories that are driven by the data in the logs, and so I
> think I am needing to do something with discovery to make things work.
>
> As a trivial example, I want to graph how many logs I have from each server
> sending to me, and alert if any of them drop to zero.
>
> The list of servers that send me data is going to change over time, but in any
> reasonable timeframe, it's going to be pretty static. Not all of the servers are
> monitored by Zabbix (think network devices monitored by another department), so
> I can't easily have my central log server add it to the sender's system in
> zabbix.
>
> Ideally I want to have something like logs.received[foo] and be able to create a
> stacked graph of logs.received[*] or things like that.
>
> Is there a way to setup an item that can have an arbitrary number of sub-items?
> Or is there a way to push discovery data to the server to give it the current
> list of items?
>
> Is there another way to do what I'm talking about?
>
> David Lang
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Zabbix-users mailing list
> Zab...@li...<mailto:Zab...@li...><mailto:Zab...@li...>
> https://lists.sourceforge.net/lists/listinfo/zabbix-users
>
> |