ncc.zabbix_templates
ncc.zabbix_templates/Linux.common/zbx_export_templates.yaml
+ Поддержка фильтрации сообщений в Linux журнале
| awgur@0 | 1 zabbix_export: |
| awgur@33 | 2 version: '7.0' |
| awgur@33 | 3 template_groups: |
| awgur@0 | 4 - uuid: 22941f4e01294888a9bed3aae15f6ef9 |
| awgur@0 | 5 name: Templates/AWNET |
| awgur@0 | 6 templates: |
| awgur@0 | 7 - uuid: d9ed1ecc0bc14cafb7fcbd309ad9a944 |
| awgur@0 | 8 template: 'AWNET Linux Template' |
| awgur@0 | 9 name: 'AWNET Linux Template' |
| awgur@37 | 10 description: 'Версия: v0.r202506.1' |
| awgur@33 | 11 templates: |
| awgur@33 | 12 - name: OSI_v2 |
| awgur@0 | 13 groups: |
| awgur@0 | 14 - name: Templates/AWNET |
| awgur@0 | 15 items: |
| awgur@0 | 16 - uuid: 85da57ac953f48c5a1e08f74fb2b65d5 |
| awgur@0 | 17 name: 'Пакеты к обновлению' |
| awgur@0 | 18 key: aw.linux.apt.updatable |
| awgur@13 | 19 delay: 5m |
| awgur@33 | 20 history: 90d |
| awgur@33 | 21 value_type: TEXT |
| awgur@0 | 22 trends: '0' |
| awgur@0 | 23 preprocessing: |
| awgur@0 | 24 - type: JAVASCRIPT |
| awgur@0 | 25 parameters: |
| awgur@0 | 26 - | |
| awgur@0 | 27 var buf = value.split('\n'); |
| awgur@0 | 28 var res = ""; |
| awgur@0 | 29 |
| awgur@0 | 30 var re_test = [ |
| awgur@0 | 31 /^WARNING:/, |
| awgur@0 | 32 /^Вывод списка/, |
| awgur@4 | 33 /^Listing\.\.\./, |
| awgur@0 | 34 ]; |
| awgur@0 | 35 |
| awgur@0 | 36 var flag; |
| awgur@0 | 37 for (var i in buf) { |
| awgur@0 | 38 flag = true; |
| awgur@0 | 39 for (var j in re_test) { |
| awgur@0 | 40 if (re_test[j].test(buf[i])) { |
| awgur@0 | 41 flag = false |
| awgur@0 | 42 break; |
| awgur@0 | 43 } |
| awgur@0 | 44 } |
| awgur@0 | 45 |
| awgur@0 | 46 if (flag && buf[i].length > 0) { |
| awgur@0 | 47 res += buf[i] + "\n"; |
| awgur@0 | 48 } |
| awgur@0 | 49 } |
| awgur@0 | 50 |
| awgur@0 | 51 return res |
| awgur@12 | 52 - type: DISCARD_UNCHANGED |
| awgur@0 | 53 parameters: |
| awgur@12 | 54 - '' |
| awgur@0 | 55 tags: |
| awgur@0 | 56 - tag: Module |
| awgur@0 | 57 value: 'Система пакетов' |
| awgur@0 | 58 triggers: |
| awgur@0 | 59 - uuid: 9a2fbf76b8f44d45b8a987c1997de212 |
| awgur@12 | 60 expression: 'length(last(/AWNET Linux Template/aw.linux.apt.updatable))>2' |
| awgur@0 | 61 name: 'Появились обновления системы' |
| awgur@0 | 62 opdata: '{ITEM.VALUE}' |
| awgur@0 | 63 priority: WARNING |
| awgur@12 | 64 type: MULTIPLE |
| awgur@0 | 65 - uuid: 33c23ce59f3c49068057013b35ffb849 |
| awgur@0 | 66 name: 'Ошибка в системном журнале' |
| awgur@0 | 67 key: 'aw.linux.journalctl[2]' |
| awgur@0 | 68 delay: 2m |
| awgur@33 | 69 history: 90d |
| awgur@33 | 70 value_type: TEXT |
| awgur@0 | 71 trends: '0' |
| awgur@0 | 72 preprocessing: |
| awgur@0 | 73 - type: JAVASCRIPT |
| awgur@0 | 74 parameters: |
| awgur@0 | 75 - | |
| awgur@0 | 76 var buf = value.split('\n'); |
| awgur@0 | 77 var res = ""; |
| awgur@0 | 78 |
| awgur@0 | 79 var re_test = [ |
| awgur@37 | 80 new RegExp('^ *$'), |
| awgur@0 | 81 new RegExp('^-- Journal begins'), |
| awgur@0 | 82 new RegExp('^-- No entries --'), |
| awgur@0 | 83 new RegExp('[0-9]{2} [0-9:]{8} [a-zA-Z0-9._-]* sudo\[[0-9]*\]: '), |
| awgur@0 | 84 new RegExp('CONFIG: restrict nopeer ignored'), |
| awgur@0 | 85 new RegExp('statistics directory /var/log/ntpsec/ does not exist or is unwriteable, error No such file or directory'), |
| awgur@0 | 86 new RegExp('error\: kex_exchange_identification\: Connection closed by remote host'), |
| awgur@0 | 87 new RegExp('error\: maximum authentication attempts exceeded for [^ ]* from [a-f0-9.:-]* port [0-9]+ ssh[0-9]*'), |
| awgur@0 | 88 new RegExp('error\: kex_exchange_identification\: client sent invalid protocol identifier "[^"]*"'), |
| awgur@0 | 89 new RegExp('error\: beginning MaxStartups throttling'), |
| awgur@0 | 90 new RegExp('error\: kex_exchange_identification\: read\: Connection reset by peer'), |
| awgur@6 | 91 new RegExp('fatal\: Timeout before authentication for [a-zA-Z.:0-9-]+ port [0-9]+'), |
| awgur@0 | 92 new RegExp('error\: kex_exchange_identification\: banner line contains invalid characters'), |
| awgur@0 | 93 new RegExp('error\: maximum authentication attempts exceeded for invalid user [a-zA-Z0-9_.-]+ from [0-9a-f:.]+ port [0-9]+ ssh[0-9]*'), |
| awgur@0 | 94 new RegExp('fatal\: userauth_pubkey\: parse request failed: incomplete message'), |
| awgur@0 | 95 new RegExp('sshd\[[0-9]*\]\: error\: Protocol major versions differ\: [0-9]+ vs\. [0-9]+'), |
| awgur@0 | 96 new RegExp('sshd\[[0-9]*\]\: fatal\: userauth_finish\: Broken pipe \\[preauth\\]'), |
| awgur@0 | 97 new RegExp('openvpn\[[0-9]*\]\: [0-9.:a-fA-F]* Connection reset, restarting \\[[0-9]\\]'), |
| awgur@0 | 98 new RegExp('/system\.journal\: Journal header limits reached or header out-of-date, rotating\.'), |
| awgur@9 | 99 new RegExp('sshd\[[0-9]+\]\: error\: kex protocol error\:'), |
| awgur@18 | 100 new RegExp('sshd\[[0-9]+\]\: error\: kex_protocol_error\:'), |
| awgur@33 | 101 new RegExp('sshd\[[0-9]+\]\: error\: kex_exchange_identification\: read: Connection timed out'), |
| awgur@33 | 102 new RegExp('sshd\[[0-9]+\]\: fatal\: userauth_pubkey\: parse publickey packet\: incomplete message'), |
| awgur@34 | 103 new RegExp('sshd\[[0-9]+\]\: fatal\: userauth_finish\: send failure packet\: Connection reset by peer'), |
| awgur@0 | 104 ]; |
| awgur@0 | 105 |
| awgur@37 | 106 var MACROS = "{$AWLIN_LOG_NOT_MATCH}"; |
| awgur@37 | 107 if (MACROS.length > 0 ) { |
| awgur@37 | 108 try { |
| awgur@37 | 109 _buf = new RegExp(MACROS) |
| awgur@37 | 110 re_test.push(_buf) |
| awgur@37 | 111 |
| awgur@37 | 112 } catch (e) { |
| awgur@37 | 113 Zabbix.log(3, 'AWNET LIN :: LOG READER :: Error creating regexp from string "{$AWLIN_LOG_NOT_MATCH}": ' + e); |
| awgur@37 | 114 } |
| awgur@37 | 115 } |
| awgur@37 | 116 |
| awgur@0 | 117 var flag; |
| awgur@0 | 118 for (var i in buf) { |
| awgur@0 | 119 flag = true; |
| awgur@0 | 120 for (var j in re_test) { |
| awgur@0 | 121 if (re_test[j].test(buf[i])) { |
| awgur@0 | 122 flag = false |
| awgur@0 | 123 break; |
| awgur@0 | 124 } |
| awgur@0 | 125 } |
| awgur@0 | 126 |
| awgur@0 | 127 if (flag) { |
| awgur@0 | 128 res += buf[i] + "\n"; |
| awgur@0 | 129 } |
| awgur@0 | 130 } |
| awgur@0 | 131 |
| awgur@0 | 132 return res |
| awgur@0 | 133 - type: NOT_MATCHES_REGEX |
| awgur@0 | 134 parameters: |
| awgur@0 | 135 - '^ *$' |
| awgur@0 | 136 error_handler: DISCARD_VALUE |
| awgur@0 | 137 tags: |
| awgur@0 | 138 - tag: Module |
| awgur@0 | 139 value: 'Системный журнал' |
| awgur@0 | 140 triggers: |
| awgur@0 | 141 - uuid: e8001f72a356424ea8e83abfd2a83c63 |
| awgur@0 | 142 expression: 'nodata(/AWNET Linux Template/aw.linux.journalctl[2],5m)=0' |
| awgur@0 | 143 name: 'Ошибки в системном журнале' |
| awgur@0 | 144 opdata: '{ITEM.VALUE}' |
| awgur@0 | 145 priority: WARNING |
| awgur@16 | 146 - uuid: a7879de7638a4333993b90f0db757619 |
| awgur@16 | 147 name: 'Версия ОС' |
| awgur@16 | 148 key: aw.linux.version |
| awgur@33 | 149 history: 90d |
| awgur@33 | 150 value_type: TEXT |
| awgur@16 | 151 trends: '0' |
| awgur@16 | 152 preprocessing: |
| awgur@17 | 153 - type: DISCARD_UNCHANGED_HEARTBEAT |
| awgur@16 | 154 parameters: |
| awgur@17 | 155 - 1d |
| awgur@37 | 156 macros: |
| awgur@37 | 157 - macro: '{$AWLIN_LOG_NOT_MATCH}' |
| awgur@37 | 158 description: 'Регулярное выражение, по которому сообщения лога будут отбрасываться' |