|
<?xml version="1.0" encoding="UTF-8"?> |
|
<zabbix_export> |
|
<version>3.4</version> |
|
<date>2017-10-13T08:44:24Z</date> |
|
<groups> |
|
<group> |
|
<name>Templates</name> |
|
</group> |
|
</groups> |
|
<templates> |
|
<template> |
|
<template>Graylog</template> |
|
<name>Graylog</name> |
|
<description/> |
|
<groups> |
|
<group> |
|
<name>Templates</name> |
|
</group> |
|
</groups> |
|
<applications> |
|
<application> |
|
<name>Graylog server</name> |
|
</application> |
|
</applications> |
|
<items> |
|
<item> |
|
<name>Current journal size</name> |
|
<type>18</type> |
|
<snmp_community/> |
|
<snmp_oid/> |
|
<key>graylog.journal.currentsize</key> |
|
<delay>0</delay> |
|
<history>15d</history> |
|
<trends>90d</trends> |
|
<status>0</status> |
|
<value_type>3</value_type> |
|
<allowed_hosts/> |
|
<units>b</units> |
|
<snmpv3_contextname/> |
|
<snmpv3_securityname/> |
|
<snmpv3_securitylevel>0</snmpv3_securitylevel> |
|
<snmpv3_authprotocol>0</snmpv3_authprotocol> |
|
<snmpv3_authpassphrase/> |
|
<snmpv3_privprotocol>0</snmpv3_privprotocol> |
|
<snmpv3_privpassphrase/> |
|
<params/> |
|
<ipmi_sensor/> |
|
<authtype>0</authtype> |
|
<username/> |
|
<password/> |
|
<publickey/> |
|
<privatekey/> |
|
<port/> |
|
<description/> |
|
<inventory_link>0</inventory_link> |
|
<applications> |
|
<application> |
|
<name>Graylog server</name> |
|
</application> |
|
</applications> |
|
<valuemap/> |
|
<logtimefmt/> |
|
<preprocessing> |
|
<step> |
|
<type>12</type> |
|
<params>$.journal_size</params> |
|
</step> |
|
</preprocessing> |
|
<jmx_endpoint/> |
|
<master_item> |
|
<key>system.run["curl -sSfL -u {$GRAYLOG_TOKEN}:token http://{HOST.CONN}:8080/api/system/journal"]</key> |
|
</master_item> |
|
</item> |
|
<item> |
|
<name>Max journal size</name> |
|
<type>18</type> |
|
<snmp_community/> |
|
<snmp_oid/> |
|
<key>graylog.journal.maxsize</key> |
|
<delay>0</delay> |
|
<history>15d</history> |
|
<trends>90d</trends> |
|
<status>0</status> |
|
<value_type>3</value_type> |
|
<allowed_hosts/> |
|
<units>b</units> |
|
<snmpv3_contextname/> |
|
<snmpv3_securityname/> |
|
<snmpv3_securitylevel>0</snmpv3_securitylevel> |
|
<snmpv3_authprotocol>0</snmpv3_authprotocol> |
|
<snmpv3_authpassphrase/> |
|
<snmpv3_privprotocol>0</snmpv3_privprotocol> |
|
<snmpv3_privpassphrase/> |
|
<params/> |
|
<ipmi_sensor/> |
|
<authtype>0</authtype> |
|
<username/> |
|
<password/> |
|
<publickey/> |
|
<privatekey/> |
|
<port/> |
|
<description/> |
|
<inventory_link>0</inventory_link> |
|
<applications> |
|
<application> |
|
<name>Graylog server</name> |
|
</application> |
|
</applications> |
|
<valuemap/> |
|
<logtimefmt/> |
|
<preprocessing> |
|
<step> |
|
<type>12</type> |
|
<params>$.journal_size_limit</params> |
|
</step> |
|
</preprocessing> |
|
<jmx_endpoint/> |
|
<master_item> |
|
<key>system.run["curl -sSfL -u {$GRAYLOG_TOKEN}:token http://{HOST.CONN}:8080/api/system/journal"]</key> |
|
</master_item> |
|
</item> |
|
<item> |
|
<name>Uncommited journal entries</name> |
|
<type>18</type> |
|
<snmp_community/> |
|
<snmp_oid/> |
|
<key>graylog.journal.uncommitedentries</key> |
|
<delay>0</delay> |
|
<history>15d</history> |
|
<trends>90d</trends> |
|
<status>0</status> |
|
<value_type>3</value_type> |
|
<allowed_hosts/> |
|
<units/> |
|
<snmpv3_contextname/> |
|
<snmpv3_securityname/> |
|
<snmpv3_securitylevel>0</snmpv3_securitylevel> |
|
<snmpv3_authprotocol>0</snmpv3_authprotocol> |
|
<snmpv3_authpassphrase/> |
|
<snmpv3_privprotocol>0</snmpv3_privprotocol> |
|
<snmpv3_privpassphrase/> |
|
<params/> |
|
<ipmi_sensor/> |
|
<authtype>0</authtype> |
|
<username/> |
|
<password/> |
|
<publickey/> |
|
<privatekey/> |
|
<port/> |
|
<description/> |
|
<inventory_link>0</inventory_link> |
|
<applications> |
|
<application> |
|
<name>Graylog server</name> |
|
</application> |
|
</applications> |
|
<valuemap/> |
|
<logtimefmt/> |
|
<preprocessing> |
|
<step> |
|
<type>12</type> |
|
<params>$.uncommitted_journal_entries</params> |
|
</step> |
|
</preprocessing> |
|
<jmx_endpoint/> |
|
<master_item> |
|
<key>system.run["curl -sSfL -u {$GRAYLOG_TOKEN}:token http://{HOST.CONN}:8080/api/system/journal"]</key> |
|
</master_item> |
|
</item> |
|
<item> |
|
<name>Journal usage</name> |
|
<type>15</type> |
|
<snmp_community/> |
|
<snmp_oid/> |
|
<key>graylog.journal.usage</key> |
|
<delay>60s</delay> |
|
<history>15d</history> |
|
<trends>90d</trends> |
|
<status>0</status> |
|
<value_type>0</value_type> |
|
<allowed_hosts/> |
|
<units>%</units> |
|
<snmpv3_contextname/> |
|
<snmpv3_securityname/> |
|
<snmpv3_securitylevel>0</snmpv3_securitylevel> |
|
<snmpv3_authprotocol>0</snmpv3_authprotocol> |
|
<snmpv3_authpassphrase/> |
|
<snmpv3_privprotocol>0</snmpv3_privprotocol> |
|
<snmpv3_privpassphrase/> |
|
<params>100*last("graylog.journal.currentsize")/last("graylog.journal.maxsize")</params> |
|
<ipmi_sensor/> |
|
<authtype>0</authtype> |
|
<username/> |
|
<password/> |
|
<publickey/> |
|
<privatekey/> |
|
<port/> |
|
<description/> |
|
<inventory_link>0</inventory_link> |
|
<applications> |
|
<application> |
|
<name>Graylog server</name> |
|
</application> |
|
</applications> |
|
<valuemap/> |
|
<logtimefmt/> |
|
<preprocessing/> |
|
<jmx_endpoint/> |
|
<master_item/> |
|
</item> |
|
<item> |
|
<name>Journal status</name> |
|
<type>7</type> |
|
<snmp_community/> |
|
<snmp_oid/> |
|
<key>system.run["curl -sSfL -u {$GRAYLOG_TOKEN}:token http://{HOST.CONN}:8080/api/system/journal"]</key> |
|
<delay>60s</delay> |
|
<history>1d</history> |
|
<trends>0</trends> |
|
<status>0</status> |
|
<value_type>4</value_type> |
|
<allowed_hosts/> |
|
<units/> |
|
<snmpv3_contextname/> |
|
<snmpv3_securityname/> |
|
<snmpv3_securitylevel>0</snmpv3_securitylevel> |
|
<snmpv3_authprotocol>0</snmpv3_authprotocol> |
|
<snmpv3_authpassphrase/> |
|
<snmpv3_privprotocol>0</snmpv3_privprotocol> |
|
<snmpv3_privpassphrase/> |
|
<params/> |
|
<ipmi_sensor/> |
|
<authtype>0</authtype> |
|
<username/> |
|
<password/> |
|
<publickey/> |
|
<privatekey/> |
|
<port/> |
|
<description/> |
|
<inventory_link>0</inventory_link> |
|
<applications> |
|
<application> |
|
<name>Graylog server</name> |
|
</application> |
|
</applications> |
|
<valuemap/> |
|
<logtimefmt/> |
|
<preprocessing/> |
|
<jmx_endpoint/> |
|
<master_item/> |
|
</item> |
|
<item> |
|
<name>Received messages per second</name> |
|
<type>7</type> |
|
<snmp_community/> |
|
<snmp_oid/> |
|
<key>system.run["curl -sSfL -u {$GRAYLOG_TOKEN}:token http://{HOST.CONN}:8080/api/system/metrics/org.graylog2.shared.buffers.InputBufferImpl.incomingMessages"]</key> |
|
<delay>60s</delay> |
|
<history>15d</history> |
|
<trends>90d</trends> |
|
<status>0</status> |
|
<value_type>0</value_type> |
|
<allowed_hosts/> |
|
<units/> |
|
<snmpv3_contextname/> |
|
<snmpv3_securityname/> |
|
<snmpv3_securitylevel>0</snmpv3_securitylevel> |
|
<snmpv3_authprotocol>0</snmpv3_authprotocol> |
|
<snmpv3_authpassphrase/> |
|
<snmpv3_privprotocol>0</snmpv3_privprotocol> |
|
<snmpv3_privpassphrase/> |
|
<params/> |
|
<ipmi_sensor/> |
|
<authtype>0</authtype> |
|
<username/> |
|
<password/> |
|
<publickey/> |
|
<privatekey/> |
|
<port/> |
|
<description/> |
|
<inventory_link>0</inventory_link> |
|
<applications> |
|
<application> |
|
<name>Graylog server</name> |
|
</application> |
|
</applications> |
|
<valuemap/> |
|
<logtimefmt/> |
|
<preprocessing> |
|
<step> |
|
<type>12</type> |
|
<params>$.count</params> |
|
</step> |
|
<step> |
|
<type>10</type> |
|
<params/> |
|
</step> |
|
</preprocessing> |
|
<jmx_endpoint/> |
|
<master_item/> |
|
</item> |
|
<item> |
|
<name>Balancer status</name> |
|
<type>7</type> |
|
<snmp_community/> |
|
<snmp_oid/> |
|
<key>system.run["curl -sSfL http://{HOST.CONN}:8080/api/system/lbstatus"]</key> |
|
<delay>30s</delay> |
|
<history>15d</history> |
|
<trends>0</trends> |
|
<status>0</status> |
|
<value_type>4</value_type> |
|
<allowed_hosts/> |
|
<units/> |
|
<snmpv3_contextname/> |
|
<snmpv3_securityname/> |
|
<snmpv3_securitylevel>0</snmpv3_securitylevel> |
|
<snmpv3_authprotocol>0</snmpv3_authprotocol> |
|
<snmpv3_authpassphrase/> |
|
<snmpv3_privprotocol>0</snmpv3_privprotocol> |
|
<snmpv3_privpassphrase/> |
|
<params/> |
|
<ipmi_sensor/> |
|
<authtype>0</authtype> |
|
<username/> |
|
<password/> |
|
<publickey/> |
|
<privatekey/> |
|
<port/> |
|
<description/> |
|
<inventory_link>0</inventory_link> |
|
<applications> |
|
<application> |
|
<name>Graylog server</name> |
|
</application> |
|
</applications> |
|
<valuemap/> |
|
<logtimefmt/> |
|
<preprocessing/> |
|
<jmx_endpoint/> |
|
<master_item/> |
|
</item> |
|
</items> |
|
<discovery_rules/> |
|
<httptests/> |
|
<macros/> |
|
<templates/> |
|
<screens/> |
|
</template> |
|
</templates> |
|
<triggers> |
|
<trigger> |
|
<expression>{Graylog:system.run["curl -sSfL http://{HOST.CONN}:8080/api/system/lbstatus"].str("DEAD")}<>0</expression> |
|
<recovery_mode>0</recovery_mode> |
|
<recovery_expression/> |
|
<name>Graylog status is DEAD</name> |
|
<correlation_mode>0</correlation_mode> |
|
<correlation_tag/> |
|
<url/> |
|
<status>0</status> |
|
<priority>3</priority> |
|
<description/> |
|
<type>0</type> |
|
<manual_close>1</manual_close> |
|
<dependencies/> |
|
<tags/> |
|
</trigger> |
|
<trigger> |
|
<expression>{Graylog:system.run["curl -sSfL http://{HOST.CONN}:8080/api/system/lbstatus"].str("THROTTLED")}<>0</expression> |
|
<recovery_mode>0</recovery_mode> |
|
<recovery_expression/> |
|
<name>Graylog status is THROTTLED</name> |
|
<correlation_mode>0</correlation_mode> |
|
<correlation_tag/> |
|
<url/> |
|
<status>0</status> |
|
<priority>3</priority> |
|
<description/> |
|
<type>0</type> |
|
<manual_close>1</manual_close> |
|
<dependencies/> |
|
<tags/> |
|
</trigger> |
|
<trigger> |
|
<expression>{Graylog:graylog.journal.usage.min(5m)}>60</expression> |
|
<recovery_mode>0</recovery_mode> |
|
<recovery_expression/> |
|
<name>High Graylog journal usage ({ITEM.LASTVALUE})</name> |
|
<correlation_mode>0</correlation_mode> |
|
<correlation_tag/> |
|
<url/> |
|
<status>0</status> |
|
<priority>3</priority> |
|
<description/> |
|
<type>0</type> |
|
<manual_close>1</manual_close> |
|
<dependencies/> |
|
<tags/> |
|
</trigger> |
|
<trigger> |
|
<expression>{Graylog:system.run["curl -sSfL http://{HOST.CONN}:8080/api/system/lbstatus"].nodata(5m)}<>0</expression> |
|
<recovery_mode>0</recovery_mode> |
|
<recovery_expression/> |
|
<name>No data for Graylog status</name> |
|
<correlation_mode>0</correlation_mode> |
|
<correlation_tag/> |
|
<url/> |
|
<status>0</status> |
|
<priority>3</priority> |
|
<description/> |
|
<type>0</type> |
|
<manual_close>1</manual_close> |
|
<dependencies/> |
|
<tags/> |
|
</trigger> |
|
<trigger> |
|
<expression>{Graylog:graylog.journal.uncommitedentries.min(5m)}>1000</expression> |
|
<recovery_mode>0</recovery_mode> |
|
<recovery_expression/> |
|
<name>Too many uncommited entries in the Graylog journal ({ITEM.LASTVALUE})</name> |
|
<correlation_mode>0</correlation_mode> |
|
<correlation_tag/> |
|
<url/> |
|
<status>0</status> |
|
<priority>3</priority> |
|
<description/> |
|
<type>0</type> |
|
<manual_close>1</manual_close> |
|
<dependencies/> |
|
<tags/> |
|
</trigger> |
|
</triggers> |
|
</zabbix_export> |
is there a way of run this from shell/cron and get the output to file ? or mail