image-2023-10-17-13-26-48-229.png
ui-itemkey.png
|
Duplicate |
Team B
[ZBXNEXT-5524] Filter by event fields for vmware.eventlog Created: 2019 Oct 24 Updated: 2024 Jun 27 Resolved: 2023 Nov 07 |
|
| Status: | Closed |
| Project: | ZABBIX FEATURE REQUESTS |
| Component/s: | Documentation (D), Frontend (F), Proxy (P), Server (S) |
| Affects Version/s: | None |
| Fix Version/s: | 7.0.0alpha7, 7.0 (plan) |
| Type: | New Feature Request | Priority: | Major |
| Reporter: | Alexey Pustovalov | Assignee: | Mihails Prihodko |
| Resolution: | Fixed | Votes: | 6 |
| Labels: | eventlog, filter, vmware | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
image-2023-10-17-13-26-48-229.png
ui-itemkey.png
|
||||
| Issue Links: |
|
||||
| Epic Link: | Zabbix 7.0 | ||||
| Team: | Team B |
||||
| Sprint: | Sprint 104 (Sep 2023), Sprint 105 (Oct 2023) | ||||
| Story Points: | 2 | ||||
| Description |
|
Currently Zabbix gather VMware event log without any additional fields, but it has many fields, like Windows event log. It would be great to have possibility to filter event log by these additional fields: https://pubs.vmware.com/vi3/sdk/ReferenceGuide/vmodl.ManagedObjectReference.html <mprihodko> The new link received from Alexey Pustovalov https://vdc-download.vmware.com/vmwb-repository/dcr-public/4b836a92-c980-497d-809e-e1bf168d551c/8de7abfc-8ad9-42cb-b15f-ae5228324a6e/vmodl.ManagedObjectReference.html |
| Comments |
| Comment by Mihails Prihodko [ 2023 Sep 21 ] | ||||
|
Mini-specification v1.0 What's affected:
New parameter in vmware.eventlog item A new optional parameter <severity> should be added to item vmware.eventlog. This parameter should specify the severity of events, which should be logged. <severity> should be of a string type. Possible values are
Multiple values must be separated with commas and quoted. If no value is specified, then events should be logged regardless of their severity. If an invalid value is specified, then vmware.eventlog item should become invalid, no events should be collected, and an error message should be displayed near the item. The request of type CreateCollectorForEvents(createCollector) should be modified in src/zabbix_server/vmware/vmware.c. The parameter filter should be extended with zero or more entries of category based on user input of argument "severity" of item "vmware.eventlog". Extend the event description in "Monitoring -> Latest data" in column "value" 1. Add event type like so: If "eventTypeID" is defined for the event, then the line should be "eventTypeID: <value>", where <value> is the "eventTypeId" property. Otherwise, the line should be "type: <severity>/<value>", where <value> is the event type. 2. Add a line Before the change, it was capable of showing datacenter/computeResource/host for events originated from hosts and IP for all other events. After the change, value should be a list of names of the following properties in the following format: source: datacenter/computeResource/host/vm ds:xxx net:xxx dvs:xxx Only the properties that are defined should be written if they are present. Limitations First, with the current architecture, an event can be collected only once. So it is impossible to create more than one vmware.eventlog item so that they do not interfere with each other. Second, if severity of events is specified in vmware.eventlog item, only events with the specified severity are collected. This is the reason we are not going to implement any filters except severity at the stage of collecting VMware events. Extended filtering would be possible using dependent items derived from vmware.eventlog using regexp. Such items should be created in user templates. Signoff:
| ||||
| Comment by Mihails Prihodko [ 2023 Oct 20 ] | ||||
|
Available in versions:
| ||||
| Comment by Martins Valkovskis [ 2023 Oct 24 ] | ||||
|
Updated documentation: |
-1.0