[ZBXNEXT-470] Expand (return) support of the Severity levels displayed in history for eventlog (needs for custom syslog solution). Created: 2010 Aug 07  Updated: 2015 Aug 25

Status: Open
Project: ZABBIX FEATURE REQUESTS
Component/s: Frontend (F)
Affects Version/s: 1.8.2
Fix Version/s: None

Type: New Feature Request Priority: Major
Reporter: Oleksii Zagorskyi Assignee: Unassigned
Resolution: Unresolved Votes: 4
Labels: severity, syslog
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

last trunk

Attachments: PNG File 1_1.8.1_events_severity.png     PNG File 2_1.8.2_events_severity.png     PNG File 3_1.8.1_real_syslog_DEMO.png     PNG File 4_1.8.3_real_syslog_DEMO12G.png     File zbxlog-r1.5.tgz    

 Description   

Please return and expand support of the Severity levels displayed in the history.

In version 1.8.1 the history of items supported the following severity levels to display (i.e. there were 5 different severity levels):

After ZBX-2077 (added support of Failure / Success Audit eventlog severity) severity levels of events became exactly as in Windows. At the same time in revision 10518 interpretation of events has been lost with for severity levels 3 and 5:

I ask to return severities 3 and 5, plus add a severity for 6.
Naming them as:
3 - Warning
5 - Critical (perfectly suited for ZBXNEXT-427)
6 - Emergency
All these levels currently are free, and for the future they will be quite universal names.

Why I'm asking:
I use and want to publish a solution I made (a script that is very beautiful and interesting treats Syslog) (both from servers and from different hardware).
Using items with Type of information "Text" is ideal for this situation.

Later a "zbxlog" solution has been published, which is much more complete than mine, see comments below.

The result can be seen on next two pictures:

This request would be convenient to perform with ZBXNEXT-427

Just information:
According to RFC3164 supports the following severity levels:
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages

I plan to combine 6 and 7 as well as 0 and 1. That will be enough.

 Comments   
Comment by Oleksii Zagorskyi [ 2010 Aug 07 ]

I am a little confused and mistaken - support for "3 - Warning" is not necessary. Now it is in the severity of "2".

If you agree, perhaps more easily and correctly, will realize the severity for example in the new range of 10-17 but 100% accurate according to the RFC3164.
http://www.ietf.org/rfc/rfc3164.txt

Comment by Oleksii Zagorskyi [ 2010 Sep 15 ]

My last suggestion (new range 10-17) coincides with this excellent solution - zbxlog.
http://www.zabbix.com/forum/showthread.php?t=19180
There are ready-made patches.

Attaching sources archive here (v 1.5), just in case.
Main site is http://www.alixen.org/projects/zbxlog/files

Comment by Oleksii Zagorskyi [ 2012 Aug 31 ]

Just a note - currently in 2.0.2 the page "history.php" shows all columns (as for windows eventlog) only for items with a key "eventlog[...]"
I checked that and I see that it has been changed from 1.8.5 release.

Just in case see ZBX-2932

Comment by Oleksii Zagorskyi [ 2013 Jun 23 ]

ZBXNEXT-1798 asks more severities for triggers

Comment by Oleksii Zagorskyi [ 2015 Aug 25 ]

Just to keep things linked - there is another (a bit similar to zbxlog, though) solution for syslog monitoring.
http://habrahabr.ru/company/zabbix/blog/252915/ (on Russian)

Generated at Fri Apr 04 21:11:29 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.