Collect and react on entries in your Windows or Linux logs with Zabbix log monitoring.
Log file entries can contain OS or application-level information that can help you react proactively to potential issues or track the root cause of a problem after it has occurred. For this reason, keeping a constant lookout for issues in mission-critical log files is vital.
Collect log file entries with Zabbix agent and react on them:
- Zabbix agent can monitor log files on Windows and Unix-like operating systems
- Decide between collecting every log entry or only entries matching your criteria
- Monitor Windows event logs and collect entries matching specific severity, source or eventid
- Choose between returning the whole log line or simply count the number of matched lines
Check out the video to learn how to collect and match log file entries.
How to match and collect log file entries:
- Navigate to Configuration → Hosts
- Find your Host
- Click on the Items button next to the host
- Click the Create item button
- Select the item type – Zabbix agent (active)
- Make sure that the Type of information is selected as Log
- Provide the item name and key
- Select the log item key
- Use the log file as the first parameter of the key
- The second parameter should contain a regular expression used to match the log lines
- Optionally, provide the log time format to collect the local log timestamp
- Set the Update interval to 1s
- Press the Add button
- Generate new log line entries
- Navigate to Monitoring → Latest data
- Confirm that the matching log entries are being collected
Tips and best practices
- Log monitoring is supported only by active Zabbix agent
- If restarted, Zabbix agent will continue monitoring the log file from where it left off
- The mode log item parameter can be used to specify should the monitoring begin from the start of the file or its latest entry
- The logrt item can be used to monitor log files that are being rotated
- The output parameter can be used to output specific regexp capture groups
Learn how to configure and optimize your log monitoring by attending our Zabbix Certified Specialist course, where under the guidance of a Zabbix certified trainer you will obtain hands-on experience with different log file monitoring items and learn how to create trigger expressions to detect problems based on the collected log lines.
