Reputation: 1
zabbix_get and AWK/substr - ZBX_NOTSUPPORTED: Too many parameters
I'm trying to use Zabbix to gather information about 500 errors in Apache logs. I thought, I will use zabbix_get to execute command on Agent's OS, however when trying to test that, I get ZBX_NOTSUPPORTED: Too many parameters. error. At first, I tried to escape all " and other special characters, however without any success. When trying to debug the command (which works well locally, without using zabbix_get) I found that the issue is probably somewhere close to AWK and substr. I would appreciate if anyone could take a look...
tail -n 1000 /content/logs/httpd/*_access.log | awk -v d1="$(date --date='-5 min' '+%_d/%b/%Y:%H:%M:%S')" -v d2="$(date '+%_d/%b/%Y:%H:%M:%S')" 'substr($5,2) > d1 && substr($5,2) < d2 || substr($5,2) ~ d2' | cut -d" " -f10 | grep "500" | wc -l
Sample Input:
IP IP - - [21/Jan/2019:03:14:06 -0500] "GET /path HTTP/1.1" 200 2068 referrer "UserAgent" 7634.
IP IP - - [21/Jan/2019:03:14:06 -0500] "GET /path HTTP/1.1" 500 1 "-" "UserAgent" 1892
Output:
1
I would like to execute command listed above every 5 minutes to count number of entries with 500 error which happened during previous 5 minutes.
I know that I can always create a script but if I could avoid doing that...
Thanks!
Upvotes: 0
Views: 860
Answers (2)
Reputation: 10039
Assuming your date compare is correct (in fact not the case due to the letter of month) try this:
tail -n 1000 /content/logs/httpd/*_access.log | awk -v d1="$(date --date='-5 min' '+%_d/%b/%Y:%H:%M:%S')" -v d2="$(date '+%_d/%b/%Y:%H:%M:%S')" '{Ti=substr($5,2)};( Ti > d1 && Ti <= d2 ) && $10 ~ /5[0-9][0-9]/ {Cnt++;print $10} END{print Cnt+0}'
you can also skip the tail using only awk directly, it's fast enough with few change:
awk -v d1="$(date --date='-5 min' '+%_d/%b/%Y:%H:%M:%S')" -v d2="$(date '+%_d/%b/%Y:%H:%M:%S')" '($5 < "[" d1){next};{Ti=substr($5,2)};( Ti > d1 && Ti <= d2 ) && $10 ~ /5[0-9][0-9]/ {Cnt++;print $10} END{print Cnt+0}' /content/logs/httpd/*_access.log
you can also limit the *_access.log with a $( find /content/logs/httpd -name *_access.log -mmin -6)
Upvotes: 0
Reputation: 2113
Instead of using zabbix_get you could create a system.run[blablabla].
However, you should user the native log file monitoring feature: use the logrt.count or log.count functions to extract the number of matching lines.
Upvotes: 1
Related Questions
- Zabbix server is not running: the information displayed may not be current
- How to get host where problem appears Zabbix-api
- userparameters and ZBX_NOTSUPPORTED
- Zabbix server set value from agent failed: ZBX_TCP_READ() timed out
- pyzabbix unexpected behavior
- python script with zabbix causing setroubleshootd high CPU usage
- Using MACROS in Zabbix
- Parse Zabbix output format
- Received empty response from Zabbix Agent
- zabbix_get shows no return values