![Page 4: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/4.jpg)
TableofContents
ZabbixNetworkMonitoringEssentials
Credits
AbouttheAuthors
AbouttheReviewers
www.PacktPub.com
Supportfiles,eBooks,discountoffers,andmore
Whysubscribe?
FreeaccessforPacktaccountholders
Preface
Whatthisbookcovers
Whatyouneedforthisbook
Whothisbookisfor
Conventions
Readerfeedback
Customersupport
Downloadingtheexamplecode
Errata
Piracy
Questions
1.InstallingaDistributedZabbixSetup
Zabbixarchitectures
UnderstandingZabbixdataflow
UnderstandingtheZabbixproxies’dataflow
InstallingZabbix
Installingfrompackages
SettingupaZabbixagent
CreatingaZabbixagentpackagewithCheckInstall
Serverconfiguration
Installingadatabase
www.it-ebooks.info
![Page 5: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/5.jpg)
Consideringthedatabasesize
MySQLpartitioning
InstallingaZabbixproxy
InstallingtheWebGUIinterface
Summary
2.ActiveMonitoringofYourDevices
UnderstandingZabbixhosts
Hostsandhostgroups
Hostinterfaces
Hostinventory
GoingbeyondZabbixagents
Simplechecks
KeepingSNMPsimple
GettingSNMPdataintoZabbix
FindingtherightOIDstomonitor
MappingSNMPOIDstoZabbixitems
Gettingdatatypesright
SNMPtraps
Snmptrapd
TransformingatrapintoaZabbixitem
Gettingnetflowfromthedevicestothemonitoringserver
Receivingnetflowdataonyourserver
MonitoringalogfilewithZabbix
Summary
3.MonitoringYourNetworkServices
MonitoringtheDNS
DNS–responsetime
DNSSEC–monitoringthezonerollover
Apachemonitoring
NTPmonitoring
NTP–whatarewemonitoring?
www.it-ebooks.info
![Page 6: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/6.jpg)
Squidmonitoring
Summary
4.DiscoveringYourNetwork
FindinghoststheZabbixway
Definingactionconditions
Choosingactionoperations
Remotecommands
Low-leveldiscovery
Summary
5.VisualizingYourTopologywithMapsandGraphs
Creatingcustomgraphs
Maps–aquicksetupforalargetopology
Maps–automatingtheDOTcreation
DraftingZabbixmapsfromDOT
Puttingeverythingtogetherwithscreens
Summary
A.PartitioningtheZabbixDatabase
MySQLpartitioning
Thepartition_maintenanceprocedure
Thepartition_createprocedure
Thepartition_verifyprocedure
Thepartition_dropprocedure
Thepartition_maintenance_allprocedure
Housekeepingconfiguration
B.CollectingSquidMetrics
Squidmetricscript
Index
www.it-ebooks.info
![Page 10: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/10.jpg)
ZabbixNetworkMonitoringEssentialsCopyright©2015PacktPublishing
Allrightsreserved.Nopartofthisbookmaybereproduced,storedinaretrievalsystem,ortransmittedinanyformorbyanymeans,withoutthepriorwrittenpermissionofthepublisher,exceptinthecaseofbriefquotationsembeddedincriticalarticlesorreviews.
Everyefforthasbeenmadeinthepreparationofthisbooktoensuretheaccuracyoftheinformationpresented.However,theinformationcontainedinthisbookissoldwithoutwarranty,eitherexpressorimplied.Neithertheauthors,norPacktPublishing,anditsdealersanddistributorswillbeheldliableforanydamagescausedorallegedtobecauseddirectlyorindirectlybythisbook.
PacktPublishinghasendeavoredtoprovidetrademarkinformationaboutallofthecompaniesandproductsmentionedinthisbookbytheappropriateuseofcapitals.However,PacktPublishingcannotguaranteetheaccuracyofthisinformation.
Firstpublished:February2015
Productionreference:1210215
PublishedbyPacktPublishingLtd.
LiveryPlace
35LiveryStreet
BirminghamB32PB,UK.
ISBN978-1-78439-976-4
www.packtpub.com
www.it-ebooks.info
![Page 12: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/12.jpg)
CreditsAuthors
AndreaDalleVacche
StefanoKewanLee
Reviewers
RaviBhure
NicholasPier
NicolaVolpini
CommissioningEditor
AmarabhaBanerjee
AcquisitionEditor
NikhilKarkal
ContentDevelopmentEditor
SiddheshSalvi
TechnicalEditor
HumeraShaikh
CopyEditor
SarangChari
ProjectCoordinator
KrantiBerde
Proofreaders
SimranBhogal
LindaMorris
Indexer
HemanginiBari
Graphics
DishaHaria
ProductionCoordinator
AparnaBhagat
CoverWork
AparnaBhagat
www.it-ebooks.info
![Page 15: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/15.jpg)
AbouttheAuthorsAndreaDalleVaccheisahighlyskilledITprofessionalwithover14yearsofexperienceintheITindustryandbanking.HegraduatedfromUniversitàdegliStudidiFerrarawithaninformationtechnologycertification.ThislaidthetechnologyfoundationthatAndreahasbuiltoneversince.Andreahasacquiredvariousindustry-respectedaccreditations,whichincludeCisco,Oracle,RHCE,ITIL,andofcourse,Zabbix.Throughouthiscareer,hehasworkedinmanylarge-scaleenvironments,ofteninrolesthathavebeenverycomplex,onaconsultantbasis.Thishasfurtherenhancedhisgrowingskillset,addingtohispracticalknowledgebaseandincreasinghisappetitefortheoreticaltechnicalstudying.
Andrea’sloveforZabbixcamefromhistimespentintheOracleworldasadatabaseadministrator/developer.Histimewasspentmainlyonreducingownershipcosts,specializinginmonitoringandautomation.ThisiswherehecameacrossZabbixandtheflexibilityitoffered,bothtechnicallyandadministratively.Withthisasalaunchpad,AndreawasinspiredtodevelopOrabbix,thefirstopensourcesoftwaretomonitorOracle’scompleteintegrationwithZabbix.HehaspublishedanumberofarticlesonZabbix-relatedsoftware,suchasDBforBIX.Hisprojectsarepubliclyavailableathttp://www.smartmarmot.com.Currently,Andreaisworkingasaseniorarchitectforaleadingglobalinvestmentbankinaverydiverseandchallengingenvironment.HedealswithmanyaspectsoftheUnix/Linuxplatformsaswellasmanytypesofthird-partysoftware,whicharestrategicallyalignedtothebank’stechnicalroadmap.Inadditiontothistitle,AndreaDalleVaccheisacoauthorofMasteringZabbix,PacktPublishing.
StefanoKewanLeeisanITconsultantwithmorethan12yearsofexperienceinsystemintegration,security,andadministration.HeisacertifiedZabbixspecialistinlargeenvironmentsholdsaLinuxadministrationcertificationfromtheLPIandaGIACGCFWcertificationfromSANSInstitute.Whenhe’snotbusybreakingwebsites,helivesinthecountrysidewithhistwocatsandtwodogsandpracticesmartialarts.Inadditiontothistitle,StefanoKewanLeeisacoauthorofMasteringZabbix,PacktPublishing.
www.it-ebooks.info
![Page 17: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/17.jpg)
AbouttheReviewersRaviBhureisbasicallyanITengineerwithnicheskills,suchasChef,CloudAnsible,SaltStack,Python,Ruby,andShell/Bash.Healsowritescodeforinfrastructure,dailyIToperations,andsoon.Inshort,heisfondofusinghisskillsandknowledgeoffault-tolerantsolutionsfortheday-to-daymaintenanceofmission-criticalproductioninfrastructure.
Ravistartedinteractingwithcomputerssince1996whenhegothisfirstcomputerathome.Thingschangedveryfast,andin1998,heenteredthemagicalworldoftheInternet☺forthefirsttimeever,whichchangedhislife!Hestartedhisowncybercafein1999.In2004,hegothisfirstjobasafieldengineer,hiredtomaintainandsupportVRIUFOsystems.After2years,hemovedtoPuneandworkedwithmanyorganizations,suchasVyomLabs,GlamIndia,Symphony,andDhingana.
Themosthappeningandinterestingfactabouthisdiverseexposureisthatheisfromanartsbackground.Yes,heholdsabachelor’sdegreeinartsfromSRTMUniversity,Nanded,Maharashtra,India.Andweallwillhavetoagreethathehasthearttosolveproblems☺,agreatinspirationforpeoplewhoarenonengineers!
Currently,RaviisassociatedwithOpexSoftwareasaseniorDevOpsengineer.
NicholasPierisanetworkengineerinthemanagedservices/professionalservicesfield.HisexperienceincludesdesigningdatacenternetworkinfrastructureswithvirtualizationandSANsolutions,webdevelopment,andwritingmiddlewareforbusinessapplications.Atthetimeofwritingthis,Nicholasholdsanumberofindustrycertifications,includingtheCiscoCCNP,VMwareVCP5-DCV,andvariousotherCiscoandCompTIAcertifications.Inhisfreetime,heindulgesinhispassionforcraftbeer,distancerunning,andreading.
I’dliketothankPacktPublishingforthisopportunity!
NicolaVolpinihasbeenplayingwithtechnologyfromayoungage,havingahardtimeresistingtheurgetodisassemblecomplextoysorkitchenappliances.
Theloveforcomputersoriginatedaroundhistenthbirthday,whenheaccidentallytoastedhisfirstCPU.Thisepisodeonlyincreasedhisfascinationforcomputers,andtheaccidents,fortunately,stopped.
Forthepast10years,he’sbeenworkingasanITprofessional,specializinginenterprisenetworkingandsystemadministration.ExperimentingwiththemostdiversetechnologiesinthefieldandbeinganavidfanoftheFOSSphilosophy,Linux,and*BSD,hedreamsofseeingthecollaborativethinkingoftheFOSSmovementhelpinspiretheworld.
He’scurrentlyworkingatStockholm,Sweden,whereheresideswithhisgirlfriend.
www.it-ebooks.info
![Page 20: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/20.jpg)
Supportfiles,eBooks,discountoffers,andmoreForsupportfilesanddownloadsrelatedtoyourbook,pleasevisitwww.PacktPub.com.
DidyouknowthatPacktofferseBookversionsofeverybookpublished,withPDFandePubfilesavailable?YoucanupgradetotheeBookversionatwww.PacktPub.comandasaprintbookcustomer,youareentitledtoadiscountontheeBookcopy.Getintouchwithusat<[email protected]>formoredetails.
Atwww.PacktPub.com,youcanalsoreadacollectionoffreetechnicalarticles,signupforarangeoffreenewslettersandreceiveexclusivediscountsandoffersonPacktbooksandeBooks.
https://www2.packtpub.com/books/subscription/packtlib
DoyouneedinstantsolutionstoyourITquestions?PacktLibisPackt’sonlinedigitalbooklibrary.Here,youcansearch,access,andreadPackt’sentirelibraryofbooks.
www.it-ebooks.info
![Page 21: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/21.jpg)
Whysubscribe?FullysearchableacrosseverybookpublishedbyPacktCopyandpaste,print,andbookmarkcontentOndemandandaccessibleviaawebbrowser
www.it-ebooks.info
![Page 22: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/22.jpg)
FreeaccessforPacktaccountholdersIfyouhaveanaccountwithPacktatwww.PacktPub.com,youcanusethistoaccessPacktLibtodayandview9entirelyfreebooks.Simplyuseyourlogincredentialsforimmediateaccess.
www.it-ebooks.info
![Page 24: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/24.jpg)
PrefaceNetworkadministratorsarefacinganinterestingchallengethesedays.Ontheonehand,computernetworksarenotsomethingnewanymore.Theyhavebeenaroundforquiteawhile:theirphysicalcomponentsandcommunicationprotocolsarefairlywellunderstoodanddon’trepresentabigmysterytoanincreasingnumberofprofessionals.Moreover,networkappliancesaregettingcheaperandeasiertosetup,tothepointthatitdoesn’ttakeacertifiedspecialisttoinstallandconfigureasimplenetworkorconnectittoothernetworks.Theveryconceptofnetworkingissowidespreadandingrainedinhowusersanddevelopersthinkofacomputersystemthatbeingonlineinsomeformisexpectedandtakenforgranted.Inotherwords,acomputernetworkisincreasinglyseenasacommodity.
Ontheotherhand,theverysameforcesthatarecallingforsimpler,easier,accessiblenetworksaretheonesthatareactuallypushingthemtogrowmoreandmorecomplexeveryday.It’samatterofbothquantityandquality.Thenumberofconnecteddevicesonagivennetworkisalmostalwaysconstantlygrowingandsoistheamountofdataexchanged:mediastreams,applicationdata,backups,databasequeries,andreplicationtendtosaturatebandwidthjustasmuchastheyeatupstoragespace.Asforquality,therearedozensofdifferentrequirementsthatfactorinagivennetworksetup:fromhavingtomanagedifferentphysicalmediums(fiber,cable,radio,andsoon),totheneedtoprovidehighperformanceandavailability,bothontheconnectionandontheapplicationlevel;fromtheneedtoincreaseperformanceandreliabilityforgeographicallinks,toprovidingconfidentiality,security,anddataintegrityatalllevels,andthelistgoeson.
Thesetwocontrasting,yetintertwined,tendenciesareforcingnetworkadministratorstodomore(moreservices,moreavailability,andmoreperformance)withless(lessbudget,butalsolessattentionfromthemanagementcomparedtonewer,flashiertechnologies).Now,morethanever,asanetworkadmin,youneedtobeabletokeepaneyeonyournetworkinordertokeepitinahealthystate,butalsotoquicklyidentifyandresolvebottlenecksandoutagesofanykind—orbetteryet,findwaystoanticipateandworkaroundthembeforetheyhappen.You’llalsoneedtointegrateyoursystemswithdifferenttoolsandenvironments(bothlegacyandstrategicones)thatwillbeoutofyourdirectcontrol,suchasassetdatabases,incidentmanagementsystems,accountingandprofilingsystems,andsoon.Evenmoreimportantly,you’llneedtobeabletoshowyourworkandexplainyourneedsinclear,understandabletermstonontechnicalpeople.
Now,ifweweretosaythatZabbixistheperfect,one-size-fits-allsolutiontoallyournetworkmonitoringandmanagementproblems,wewouldclearlybelying.Tothisday,nosuchtoolexistsdespitewhatmanyvendorswantyoutobelieve.Eveniftheyhavemanyfeaturesincommon,whenitcomestomonitoringandcapacitymanagement,everynetworkhasitsownquirks,specialcases,andpeculiarneeds,tothepointthatanytoolhastobecarefullytunedtotheenvironmentorfacetheriskofbecominguselessandneglectedveryquickly.
WhatistrueisthatZabbixisamonitoringsystempowerfulenoughandflexibleenough
www.it-ebooks.info
![Page 25: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/25.jpg)
that,withtherightamountofwork,canbecustomizedtomeetyourspecificneeds.Andagain,thoseneedsarenotlimitedtomonitoringandalerting,butalsotoperformanceanalysisandprediction,SLAreporting,andsoon.WhenusingZabbixtomonitoranenvironment,youcancertainlycreateitemsthatrepresentvitalmetricsforthenetworkinordertohaveareal-timepictureofwhat’shappening.However,thosesameitemscanalsoproveveryusefultoanalyzeperformancebottlenecksandtoplannetworkexpansionandevolution.Items,triggers,andactionscanworktogethertoletyoutakeanactiveroleinmonitoringyournetworkandeasilyidentifyandpre-emptcriticaloutages.
Inthisbook,we’llassumethatyoualreadyknowZabbixasageneral-purposemonitoringtool,andthatyoualsousedittoacertainextent.Specifically,wewon’tcovertopicssuchasitem,trigger,oractioncreationandconfigurationwithabasic,step-by-stepapproach.Here,wewanttofocusonafewtopicsthatcouldbeofparticularinterestfornetworkadministrators,andwe’lltrytohelpthemfindtheirownanswerstoreal-worldquestionssuchasthefollowing:
Ihavealargenumberofappliancestomonitorandhavetokeepmonitoringdataavailableforalongtimeduetoregulatoryrequirements.HowdoIinstallandconfigureZabbixsothatitisabletomanageeffectivelythislargeamountofdata?Whatarethebestmetricstocollectinordertobothhaveaneffectivereal-timemonitoringsolutionandleveragehistoricaldatatomakeperformanceanalysisandpredictions?ManyZabbixguidesandtutorialsfocusonusingtheZabbixagent.Theagentiscertainlypowerfulanduseful,buthowdoIleverageinaneffectiveandsecurewaymonitoringprotocolsthatarealreadyavailableonmynetwork,suchasSNMPandnetflow?Loadbalancers,proxies,andwebserverssometimesfallunderagrayareabetweennetworkandapplicationadministration.Ihaveabunchofwebserversandproxiestomonitor.Whatkindofmetricsaremostusefultocheck?Ihaveacomplexnetworkwithhoststhataredeployedanddecommissionedonadailybasis.HowdoIkeepmymonitoringsolutionup-to-datewithoutresortingtolong,error-pronemanualinterventionsasmuchaspossible?NowthatIhavecollectedalargeamountofmonitoringandperformancedata,howcanIanalyzeitandshowtheresultsinameaningfulway?HowdoIputtogetherthegraphsIhaveavailabletoshowhowtheyarerelated?
Inthecourseofthenextfewchapters,we’lltrytoprovidesomepointersonhowtoanswerthosequestions.Wediscussasmanypracticalexamplesandreal-worldapplicationsaswecanaroundthesubjectofnetworkmonitoring,butmorethananything,wewantedtoshowyouhowit’srelativelysimpletoleverageZabbix’spowerandflexibilitytoyourownneeds.
Theaimofthisbookisnottoprovideyouwithasetofprepackagedrecipesandsolutionsthatyoucanapplyuncriticallytoyourownenvironment.Eventhoughweprovidedsomescriptsandcodethataretestedandworking(andhopefullyyou’llfindthemuseful),therealintentionwasalwaystogiveyouadeeperunderstandingofthewayZabbixworksso
www.it-ebooks.info
![Page 26: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/26.jpg)
thatyouareabletocreateyourownsolutionstoyourownchallenges.
Wehopewehavesucceededinourgoal,andthatbytheendofthebook,you’llfindyourselfamoreconfidentnetworkadministratorandamoreproficientZabbixuser.Evenifthiswillnotbethecase,wehopeyou’llbeabletofindsomethingusefulinthefollowingchapters:wetouchupondifferentaspectsofZabbixandnetworkmonitoringandalsodiscussacoupleoflessknownfeaturesthatyoumightfindveryinterestingnonetheless.
So,withoutfurtherado,let’sgetstartedwiththeactualcontentwewanttoshowyou.
www.it-ebooks.info
![Page 27: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/27.jpg)
WhatthisbookcoversChapter1,InstallingaDistributedZabbixSetup,teachesyouhowtoinstallZabbixinadistributedsetup,withalargeuseofproxies.Thechapterwillguideyouthroughallthepossiblesetupscenarios,showingyouthemaindifferencesbetweentheactiveandpassiveproxysetup.ThischapterwillexplainhowtoprepareandsetupaZabbixinstallation,whichisreadytobegrownwithinyourinfrastructure,readytosupportyou,andmonitoralargeenvironmentorevenaverylargeone.
Chapter2,ActiveMonitoringofYourDevices,offersyouafewveryusefulexamplesofthedifferentmonitoringpossibilitiesZabbixcanachievebyrelyingondifferentmethodsandprotocols.You’llseehowtoqueryyournetworkfromthelinkleveluptoroutingandnetworkflowusingICMP,SNMP,andlog-parsingfacilitiestocollectyourmeasurements.Youwillalsolearnhowtoextractmeaningfulinformationfromthegathereddatausingaggregatedandcalculateditems,andconfiguringcomplextriggersthatwillalertyouaboutrealnetworkissueswhileminimizingsignalnoiseandfalsepositives.
Chapter3,MonitoringYourNetworkServices,takesyouthroughhowtoeffectivelymonitorthemostcriticalnetworkservices,suchasDNS,DHCP,NTP,Apacheproxy/reverseproxies,andproxycacheSquid.Asitiseasytounderstand,allofthemarecriticalserviceswhereasimpleissuecanaffectyournetworksetupandquicklypropagatetheissuetoyourentirenetwork.Youwillunderstandhowtoextractmeaningfulmetricsandusefuldatafromallthelistedservices,beingablethennotonlytomonitortheirownreliability,butalsotoacquireimportantmetricsthatcanhelpyoutopredictfailuresorissues.
Chapter4,DiscoveringYourNetwork,explainshowtodeeplyautomatethemonitoringconfigurationofnetworkobjects.Itwillmassivelyusethebuilt-indiscoveryfeatureinordertokeepthemonitoringsolutionup-to-datewithinanevolvingnetworkenvironment.ThischapterisdividedintotwocorepartsthatcoverthetwomainlevelsofZabbix’sdiscovery:hostdiscoveryandlow-leveldiscovery.
Chapter5,VisualizingYourTopologywithMapsandGraphs,showsyouhowtocreatecomplexgraphsfromyouritem’snumericalvalues,automaticallydrawmapsthatreflectthecurrentstatusofyournetwork,andbringitalltogetherusingscreensasatooltocustomizemonitoringdatapresentation.ThischapteralsopresentsasmartwaytoautomatetheinitialstartupofyourZabbix’ssetup,makingyouabletodrawnetworkdiagramsusingmapsinafullyautomatedway.Youwillthenlearnaproduction-readymethodtomaintainmapswhileyournetworkisgrowingorrapidlychanging.
AppendixA,PartitioningtheZabbixDatabase,containsalltherequiredsoftwareandstoredprocedurestoefficientlypartitionyourZabbixdatabase.
AppendixB,CollectingSquidMetrics,containsthesoftwareusedtomonitorSquid.
www.it-ebooks.info
![Page 29: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/29.jpg)
WhatyouneedforthisbookThesoftwarethathasbeenusedandisnecessaryforthisbookis:
LinuxRedHatEnterpriseLinux6.5orhigherZabbix4.2ApacheHTTPD2.2MySQLServer-5.1Netflow1.6.12Nmap
Thisbookalsorequiresanintermediateexperienceinshellscripting,abasic-to-intermediateknowledgeofPython,andanintermediateknowledgeofZabbix.
Anyway,alltheexamplesdiscussedandproposedinthisbookareexplainedwellandcommentedupon.Thesameapproachhasbeenappliedeventothesoftwareusedonthisbookwhereitisexplained,withareasonablelevelofdetail,howtosetupandconfigureeachsoftwarecomponent.
www.it-ebooks.info
![Page 31: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/31.jpg)
WhothisbookisforThisbookisintendedforexperiencednetworkadministratorslookingforacomprehensivemonitoringsolutionfortheirnetworks.ThereadermusthaveagoodknowledgeofUnix/Linux,networkingconcepts,protocols,andappliancesandabasic-to-intermediateknowledgeofZabbix.Thereaderwillbeguidedstepbysteptomanageandleadalltheimportantpointsyouwillhavetodealwith.Youwillthenbeabletostartupaneffectiveandlarge-environment-readyZabbixmonitoringsolutionthatwillbeaperfectfitwithinyournetwork.
www.it-ebooks.info
![Page 33: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/33.jpg)
ConventionsInthisbook,youwillfindanumberoftextstylesthatdistinguishbetweendifferentkindsofinformation.Herearesomeexamplesofthesestylesandanexplanationoftheirmeaning.
Codewordsintext,databasetablenames,foldernames,filenames,fileextensions,pathnames,dummyURLs,userinput,andTwitterhandlesareshownasfollows:“OntheZabbixserver-side,youneedtocarefullysetthevalueofStartTrappers=.”
Ablockofcodeissetasfollows:
#FirstofallweneedtoimportcsvandNetworkx
importcsv
importnetworkxasnx
#Thenweneedtodefinewhoisourzabbixserverandsomeotherdetailto
properlyproducetheDOTfile
zabbix_service_ipaddr="192.168.1.100"
main_loop_ipaddr="10.12.20.1"
Whenwewishtodrawyourattentiontoaparticularpartofacodeblock,therelevantlinesoritemsaresetinbold:
#wecanopenourCSVfile
csv_reader=csv.DictReader(open('my_export.csv'),\
delimiter=",",\
fieldnames=("ipaddress","hostname","oid","dontcare","neighbors"))
#Skiptheheader
csv_reader.next()
Anycommand-lineinputoroutputiswrittenasfollows:
#chkconfig--level345zabbix-serveron
Newtermsandimportantwordsareshowninbold.Wordsthatyouseeonthescreen,forexample,inmenusordialogboxes,appearinthetextlikethis:“Thereisaclearwarningonthewebsitethatwarnsuswiththisstatement:TheApplianceisnotintendedforseriousproductionuseatthistime.”
NoteWarningsorimportantnotesappearinaboxlikethis.
TipTipsandtricksappearlikethis.
www.it-ebooks.info
![Page 35: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/35.jpg)
ReaderfeedbackFeedbackfromourreadersisalwayswelcome.Letusknowwhatyouthinkaboutthisbook—whatyoulikedordisliked.Readerfeedbackisimportantforusasithelpsusdeveloptitlesthatyouwillreallygetthemostoutof.
Tosendusgeneralfeedback,simplye-mail<[email protected]>,andmentionthebook’stitleinthesubjectofyourmessage.
Ifthereisatopicthatyouhaveexpertiseinandyouareinterestedineitherwritingorcontributingtoabook,seeourauthorguideatwww.packtpub.com/authors.
www.it-ebooks.info
![Page 37: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/37.jpg)
CustomersupportNowthatyouaretheproudownerofaPacktbook,wehaveanumberofthingstohelpyoutogetthemostfromyourpurchase.
www.it-ebooks.info
![Page 38: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/38.jpg)
DownloadingtheexamplecodeYoucandownloadtheexamplecodefilesfromyouraccountathttp://www.packtpub.comforallthePacktPublishingbooksyouhavepurchased.Ifyoupurchasedthisbookelsewhere,youcanvisithttp://www.packtpub.com/supportandregistertohavethefilese-maileddirectlytoyou.
www.it-ebooks.info
![Page 39: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/39.jpg)
ErrataAlthoughwehavetakeneverycaretoensuretheaccuracyofourcontent,mistakesdohappen.Ifyoufindamistakeinoneofourbooks—maybeamistakeinthetextorthecode—wewouldbegratefulifyoucouldreportthistous.Bydoingso,youcansaveotherreadersfromfrustrationandhelpusimprovesubsequentversionsofthisbook.Ifyoufindanyerrata,pleasereportthembyvisitinghttp://www.packtpub.com/submit-errata,selectingyourbook,clickingontheErrataSubmissionFormlink,andenteringthedetailsofyourerrata.Onceyourerrataareverified,yoursubmissionwillbeacceptedandtheerratawillbeuploadedtoourwebsiteoraddedtoanylistofexistingerrataundertheErratasectionofthattitle.
Toviewthepreviouslysubmittederrata,gotohttps://www.packtpub.com/books/content/supportandenterthenameofthebookinthesearchfield.TherequiredinformationwillappearundertheErratasection.
www.it-ebooks.info
![Page 40: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/40.jpg)
PiracyPiracyofcopyrightedmaterialontheInternetisanongoingproblemacrossallmedia.AtPackt,wetaketheprotectionofourcopyrightandlicensesveryseriously.IfyoucomeacrossanyillegalcopiesofourworksinanyformontheInternet,pleaseprovideuswiththelocationaddressorwebsitenameimmediatelysothatwecanpursuearemedy.
Pleasecontactusat<[email protected]>withalinktothesuspectedpiratedmaterial.
Weappreciateyourhelpinprotectingourauthorsandourabilitytobringyouvaluablecontent.
www.it-ebooks.info
![Page 41: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/41.jpg)
QuestionsIfyouhaveaproblemwithanyaspectofthisbook,youcancontactusat<[email protected]>,andwewilldoourbesttoaddresstheproblem.
www.it-ebooks.info
![Page 43: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/43.jpg)
Chapter1.InstallingaDistributedZabbixSetupMostlikely,ifyouarereadingthisbook,youhavealreadyusedandinstalledZabbixasanetworkmonitoringsolution.Now,inthischapter,wewillseehowtoinstallZabbixinadistributedsetup,eventuallymovingontoalargeuseofproxies.Thechapterwilltakeyouthroughallthepossiblescenariosandexplainthemaindifferencesbetweentheactiveandpassiveproxysetup.Usually,thefirstZabbixinstallationisdoneasapartoftheconcepttoseewhethertheplatformisgoodenoughforyou.Here,thecommonerroristostartusingthissetuponalargeproductionenvironment.Afterreadingthischapter,youwillbereadytoinstallandsetupalargeenvironmentreadyinfrastructure.
Inthischapter,wewillexplainhowtoprepareandsetupaZabbixinstallation,whichisreadytobegrownwithinyourinfrastructure,andreadyforalargetoaverylargeenvironment.ThisbookismainlyfocusedonZabbixfornetworkmonitoring.Thischapterwillquicklytakeyouthroughtheinstallationprocess,emphasizingonallthemostimportantpointsyouneedtoconsider.Inthenextchapter,wewillspendmoretimedescribingabetterapproachtomonitoryournetworkdevicesandhowtoretrieveallthecriticalmetricsfromthem.Afterreadingthischapter,youwillbecomeawareofthecommunicationbetweenserverandproxiesbeingabletomixtheactiveandpassivesetupinordertoimproveyourinfrastructure.YoucanextendthestrongcentralZabbixcoresetupwithmanylightweightandeffectiveZabbixproxiesactingasasatelliteinsideyournetworktoimproveyourmonitoringsystem.
www.it-ebooks.info
![Page 44: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/44.jpg)
ZabbixarchitecturesZabbixwasbornasadistributednetworkmonitoringtoolwithacentralwebinterfacewhereyoucanmanagealmosteverything.Nowadays,withZabbix2.4,thenumberofpossiblearchitectureshasbeenreducedtoasingleserversetupandaZabbix-proxiesdistributedsetup.
NoteFromZabbix2.4,thenode-setupwasdiscontinued.Moreinformationisavailableathttps://www.zabbix.com/documentation/2.4/manual/introduction/whatsnew240#node-based_distributed_monitoring_removed.
Now,thesimplestarchitecture(whichisreadytohandlelargeenvironmentssuccessfully)thatyoucanimplementcomposesofthreeservers:
WebserverRDBMSserverZabbixserver
Topreparethissimplesetupforalargeenvironmentsetting,it’sbettertouseadedicatedserverforeachoneofthesecomponents.
Thisisthesimplestsetupthatcanbeeasilyextendedandisreadytosupportalargeenvironment.
Theproposedarchitectureisshowninthefollowingdiagram:
ThiskindofsetupcanbeextendedbyaddingmanyZabbixproxiesresultinginaproxy-basedsetup.Theproxy-basedsetupisimplementedwithoneZabbixserverandseveralproxies:oneproxyperbranch,datacenteror,inourcase,foreachremotenetworksegmentyouneedtomonitor.
Thisconfigurationiseasytomaintainandofferstheadvantagetohaveacentralizedmonitoringsolution.Thiskindofconfigurationistherightbalancebetweenlargeenvironmentmonitoringandcomplexity.
www.it-ebooks.info
![Page 45: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/45.jpg)
TheZabbixproxy,likeaserver,isusedtocollectdatafromanynumberofhostsordevices,acquiringallthemetricsrequestedandactingasaproxy.Thismeansthatitcanretainthisdataforanarbitraryperiodoftime,relyingonadedicateddatabasetodoso.Theproxydoesn’thaveafrontendandismanageddirectlyfromthecentralserver.
NoteTheproxylimitsitselftodatacollectionwithouttriggerevaluationsoractions;allthedataisstoredinitsdatabase.Forthisreason,it’sbettertouseanefficientrobustRDBMSthatcanpreventdatalossincaseofacrash.
AllthesecharacteristicsmaketheZabbixproxyalightweighttooltodeployandoffloadsomechecksfromthecentralserver.Ourobjectiveistocontrolandstreamlinetheflowofmonitoreddataacrossnetworks,andtheZabbixproxygivesusthepossibilitytosplitandsegregateitemsanddataonthedifferentnetworks.Themostimportantfeatureisthattheacquiredmetricsarestoredinitsdatabase.Therefore,incaseofanetworkloss,youwillnotlosethem.
www.it-ebooks.info
![Page 47: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/47.jpg)
UnderstandingZabbixdataflowThestandardZabbixdataflowiscomposedofseveralactorsthatsenddatatoourZabbixserver.OfallthesourcesthatcansenddatatoourZabbixserver,wecanidentifythreemaindatasources:
ZabbixagentZabbixsenderOtheragents(externalscriptsorcomponentsbuiltinhouse)
Theotheragentsrepresentedinthenextdiagramcanbeoftwomaintypes:
Customand/orthird-partyagentsZabbixproxy
Asthediagramdisplaysthedatathatgetsacquiredfrommanydifferentsourcesintheformofitems.Attheendofthediagram,youseetheGUI,whichpracticallyrepresentstheusersconnectedandthedatabasethatistheplacewhereallthevaluesarestored.
Inthenextsection,wewilldivedeepintotheZabbixproxies’dataflow.
www.it-ebooks.info
![Page 49: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/49.jpg)
UnderstandingtheZabbixproxies’dataflowZabbixproxiescanoperateintwodifferentmodes,activeandpassive.Thedefaultsetupistheactiveproxy.Inthissetup,theproxyinitiatesallconnectionstotheZabbixserver,theoneusedtoretrieveconfigurationinformationonmonitoredobjects,andtheconnectiontosendmeasurementsbacktotheserver.Here,youcanchangeandtweakthefrequencyofthesetwoactivitiesbysettingthefollowingvariablesintheproxyconfigurationfile:/etc/zabbix/zabbix_proxy.conf:
ConfigFrequency=3600
DataSenderFrequency=1
Valuesareexpressedinseconds.OntheZabbixserver-side,youneedtocarefullysetthevalueofStartTrappers=.
Thisvalueneedstobegreaterthanthenumberofallactiveproxiesandnodesyoudeployed.Thetrapperprocesses,indeed,managealltheincominginformationfromtheproxies.
NotePleasenotethattheserverwillforkextraprocessesasrequired,ifneeded,butitisstronglyadvisabletopreforkalltheprocessesthatareneededduringthestartup.Thiswillreducetheoverheadduringthenormaloperation.
Ontheproxyside,anotherparametertoconsideris:
HeartbeatFrequency
Thisparametersetsasortofkeepalive,whichafterthedefinednumberofseconds,willcontacttheserveralthoughitdoesn’thaveanydatatosend.Theproxyavailabilitycanbeeasilycheckedwiththefollowingitem:
zabbix[proxy,"proxyuniquename",lastaccess]
Heretheproxyuniquename,ofcourse,istheidentifieryouassignedtotheproxyduringdeployment.Theitemwillreturnthenumberofsecondsasthelasttimethattheproxywascontacted,avalueyoucanthenusewiththeappropriatetriggeringfunctions.
TipIt’sreallyimportanttohaveatriggerassociatedtothisitem,soyoucanbewarnedincaseofconnectionloss.Lookingatthetrendofthistrigger,youcanlearnaboutaneventualreapingtimesetonthefirewall.Let’slookatapracticalexample:ifyounoticethatafter5minutesyourconnectionsaredropped,settheheartbeatfrequencyto120secondsandcheckforthelastaccesstimeabove300seconds.
Inthefollowingdiagram,youcanseethecommunicationflowbetweentheZabbixserverandtheproxy:
www.it-ebooks.info
![Page 50: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/50.jpg)
Asyoucanseefromthediagram,theserverwillwaittoreceiverequestsfromtheproxyandnothingmore.
NoteTheactiveproxyisthemostefficientwaytooffloaddutiesfromtheserver.Indeed,theserverwilljustsitherewaitingtobeaskedaboutchangesinconfiguration,ortoreceivenewmonitoringdata.
Ontheotherside,proxiesareusuallydeployedtomonitorsecurenetworksegmentswithstrictoutgoingtrafficpolicies,andareusuallyinstalledonDMZs.Inthesekindofscenarios,normally,itisverydifficulttoobtainpermissionfortheproxytoinitiatethecommunicationwiththeserver.Unfortunately,it’snotjustduetopolicies.DMZsareisolatedasmuchaspossiblefrominternalnetworks,astheyneedtobeassecureastheycan.Generally,it’softeneasierandmoreacceptedfromasecuritypointofviewtoinitiateaconnectionfromtheinternalnetworktoaDMZ.Inthiskindofscenario,thepassiveproxyisveryhelpful.Thepassiveproxyisalmostamirroredimageoftheactiveproxysetup,asyoucanseeinthefollowingdiagram:
Withthisconfiguration,theZabbixserverwillcontacttheproxyperiodicallytodelivertheconfigurationchangesandtorequesttheitemvaluestheproxyisholding.
Thisistheproxyconfigurationtoenabletheproxyyouneedtoset:
www.it-ebooks.info
![Page 51: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/51.jpg)
ProxyMode=1
Thisparameterspecifiesthepassiveproxy,youdon’tneedtodoanythingelse.Now,ontheserverside,youneedtosetthefollowingparameters:
StartProxyPollers=
Thiswillsetthenumberofprocessesdedicatedtothepassiveproxies
NoteTheStartProxyPollersparametershouldmatchthenumberofpassiveproxiesyouhavedeployed.
ProxyConfigFrequency=
Thisvalueexpressesthefrequencywithwhichtheserversendstheconfigurationtoitsproxy
ProxyDataFrequency=
Thisistheintervalparameterthatexpressesthenumberofsecondsbetweentwoconsecutiverequeststogettheacquiredmetricsfromtheproxy
Theitemusedtocheckapassiveproxy’savailabilityisasfollows:
zabbix[proxy,"proxyuniquename",lastaccess]
Thisisexactlythesameastheactiveone.
Thepassiveproxyenablesustogathermonitoringdatafromotherwiseclosedandlockeddownnetworkswithaslightlyincreasedoverhead.
NoteYoucanmixasmanyactiveandpassiveproxiesasyouwantinyourenvironment.Thisenablesyoutoexpandyourmonitoringsolutiontoreacheachpartofthenetworkandtohandlealargenumberofmonitoredobjects.Thisapproachkeepsthearchitecturesimpleandeasytomanagewithastrongcentralcoreandmanysimple,lightweightsatellites.
Ifyouwouldliketokeeptrackofalltheremainingitemsthattheproxyneedstosend,youcansetuptheproxytorunthisqueryagainstitsdatabase:
SELECT((SELECTMAX(proxy_history.id)FROMproxy_history)-nextid)FROMids
WHEREfield_name='history_lastid'
TipDownloadingtheexamplecode
Youcandownloadtheexamplecodefilesfromyouraccountathttp://www.packtpub.comforallthePacktPublishingbooksyouhavepurchased.Ifyoupurchasedthisbookelsewhere,youcanvisithttp://www.packtpub.com/supportandregistertohavethefilese-maileddirectlytoyou.
ThisquerywillreturnthenumberofitemsthattheproxystillneedstosendtotheZabbix
www.it-ebooks.info
![Page 52: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/52.jpg)
server.ConsideringthatyouareusingMySQLasadatabase,youneedtoaddthefollowinguserparameterintheproxyagentconfigurationfile:
UserParameter=zabbix.proxy.items.sync.remaining,mysql-u<yourdbname
here>-p'<yourpasswordhere>'-e'SELECT((SELECTMAX(proxy_history.id)
FROMproxy_history)-nextid)FROMidsWHEREfield_name=history_lastid'2>&1
Now,allyouneedtodoissetanitemontheZabbixserversideandyoucanseehowyourproxyisfreeingitsqueue.
www.it-ebooks.info
![Page 54: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/54.jpg)
InstallingZabbixZabbix,likealltheothersoftware,canbeinstalledintwoways:
1. Downloadthelatestsourcecodeandcompileit.2. Installitfrompackages.
Actually,thereisanotherwaytohaveaZabbixserverupandrunning:usingthevirtualappliance.TheZabbixserverappliancewillnotbeconsideredinthisbookasZabbixitselfdefinesthisvirtualapplianceasnotreadyforproductiveenvironments.Thisvirtualapplianceisnotaproductionreadysetupformanyreasons:
Itisamonolithwhereeverythingisinstalledonthesameserver.Thereisnoseparationfromthedatabaselayerandthepresentationlayer.Thismeansthateachoneofthesecomponentscanaffecttheperformanceoftheother.Thereisaclearwarningonthewebsitethatwarnsuswiththisstatement:TheApplianceisnotintendedforseriousproductionuseatthistime.
Ontheotherhand,theinstallationfrompackagesgivesussomebenefits:
ThepackagesmakeiteasytoupgradeandupdateDependenciesareautomaticallysortedout
Thesourcecodecompilationalsogivesussomebenefits:
WecancompileonlytheneededfeaturesWecanbuildtheagentstaticallyanddeployondifferentLinuxflavorsCompletecontrolonupdate
It’squiteusualtohavedifferentversionsofLinux,Unix,andMicrosoftWindowsonalargeenvironment.Thiskindofscenarioisquitediffusedonaheterogeneousinfrastructure,andifweusetheZabbix’sagentdistributionpackageoneachLinuxserver,wewillhavedifferentversionsoftheagentforsure,anddifferentlocationsfortheconfigurationfiles.
Themorethethingsarestandardizedacrossourserver,theeasieritwillbecometomaintainandupgradetheinfrastructure.The--enable-staticoptiongivesusawaytostandardizetheagentacrossdifferentLinuxversionsandrelease,whichisastrongbenefit.Theagent,staticallycompiled,canbeeasilydeployedeverywhereand,forsure,wewillhavethesamelocation(andwecanusethesameconfigurationfileapartfromthenodename)fortheagentandhis/herconfigurationfile.Theonlythingthatmightvaryisthestart/stopscriptandhowtoregisteritontherightinitrunlevel,butatleastthedeploymentwillbestandardized.
ThesamekindofconceptcanbeappliedtothecommercialUnix,bearinginmindtocompileitonthetargetenvironmentsothatthesameagentcanbedeployedondifferentUnixreleasesofthesamevendor.
www.it-ebooks.info
![Page 55: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/55.jpg)
InstallingfrompackagesThefirstthingtodotoinstallZabbixfromrepoistoaddtheyumrepositorytoourlist.Thiscanbedonewiththefollowingcommand:
$rpm-Uvhhttp://repo.zabbix.com/zabbix/2.4/rhel/6/x86_64/zabbix-release-
2.4-1.el6.noarch.rpm
Retrievinghttp://repo.zabbix.com/zabbix/2.4/rhel/6/x86_64/zabbix-release-
2.4-1.el6.noarch.rpm
warning:/var/tmp/rpm-tmp.dsDB6k:HeaderV4DSA/SHA1Signature,keyID
79ea5ed4:NOKEY
Preparing…###########################################[100%]
1:zabbix-release###########################################[100%]
Oncethisisdone,wecantakeadvantageofallthebenefitsintroducedbythepackagemanagerandhavethedependenciesautomaticallyresolvedbyyum.
ToinstalltheZabbixserver,yousimplyneedtorun:
$yuminstallzabbix-server-mysqlzabbix-agentzabbix-javagateway
Now,youhaveyourserverreadytostart.Wecan’tstartitnowasweneedtosetupthedatabase,whichwillbedoneinthenextheading,anyway,whatyoucandoissetupthestart/stoprunlevelforourzabbix_serverandzabbix_agentdaemons:
$chkconfig--level345zabbix-serveron
$chkconfig--level345zabbix-agenton
Pleasedoublecheckifthepreviouscommandransuccessfullywiththefollowing:
$chkconfig--list|grepzabbix
zabbix-agent0:off1:off2:off3:on4:on5:on6:off
zabbix-server0:off1:off2:off3:on4:on5:on6:off
www.it-ebooks.info
![Page 56: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/56.jpg)
SettingupaZabbixagentNow,asusuallyhappensinalargeserverfarm,itispossiblethatyouhavemanydifferentvariantsofLinux.Here,ifyoucan’tfindthepackageforyourdistribution,youcaneventhinktocompiletheagentfromscratch.Thefollowingarethestepsforthesame:
1. DownloadthesourcecodefromtheZabbixwebsite.2. Unpackthesoftware.3. Satisfyallthesoftwaredependencies,installingalltherelated-develpackages.4. Runthefollowingcommand:$./configure--enable-agent.
TipHere,youcanstaticallylinktheproducedbinarywiththe--enable-staticoption.Withthis,thebinaryproducedwillnotrequireanyexternallibrary.ThisisreallyusefultodistributetheagentacrossdifferentversionsofLinux.
Compileeverythingwith$make.
Now,beforeyourun$makeinstall,youcandecidetocreateyourownpackagetodistributewithCheckInstall.
www.it-ebooks.info
![Page 57: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/57.jpg)
CreatingaZabbixagentpackagewithCheckInstallTheadviceistonotrunmakeinstall,butuseCheckInstalltoproducetherequiredpackageforyourLinuxOSfromhttp://asic-linux.com.mx/~izto/checkinstall/.
NoteWecanalsouseaprebuiltCheckInstall;thecurrentreleaseischeckinstall-1.6.2-20.2.i686.rpmonRedHat/CentOS.Thepackagewillalsoneedtherpm-buildpackage:
rpm-buildyuminstall
Also,weneedtocreatethenecessarydirectories:
mkdir-p~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
Thissoftwareenablesyoutocreateapackageformanydifferentversionsofthepackagemanager,namely,RPM,deb,andtgz.
NoteCheckInstallwillproducepackagesforDebian,Slackware,andRedHat,helpingustopreparetheZabbix’sagentpackage(staticallylinked)anddistributeitaroundourserver.
Now,weneedtoswitchtotherootaccountusing$sudosu–.Also,usethecheckinstallfollowedbytheseoptions:
$checkinstall--nodoc--install=yes-y
Ifyoudon’tfaceanyissue,youshouldgetthefollowingmessage:
******************************************************************
Done.Thenewpackagehasbeensavedto
/root/rpmbuild/RPMS/i386/zabbix-2.4.0-1.i386.rpm
Youcaninstallitinyoursystemanytimeusing:
rpm-izabbix-2*.4.0-1.i386.rpm
******************************************************************
Rememberthattheserverbinarieswillbeinstalledin<prefix>/sbin,utilitieswillbein<prefix>/bin,andthemainpagesunderthe<prefix>/sharelocation.
TipTospecifyadifferentlocationforZabbixbinaries,weneedtouse--prefixontheconfigureoptions(forexample,--prefix=/opt/zabbix).
www.it-ebooks.info
![Page 58: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/58.jpg)
ServerconfigurationFortheserverconfiguration,weonlyhaveonefiletocheckandedit:
/etc/zabbix/zabbix_server.conf
Alltheconfigurationfilesarecontainedinthefollowingdirectory:
/etc/zabbix/
Allyouneedtochangefortheinitialsetupisthe/etc/zabbix/zabbix_server.confconfigurationfileandwritetheusername/passwordanddatabasenamehere.
NotePleasetakecaretoprotecttheaccesstotheconfigurationfilewithchmod400/etc/zabbix/zabbix_server.conf.
Thedefaultexternalscriptslocationis:
/usr/lib/zabbix/externalscripts
Also,thealertscriptdirectoryis:
/usr/lib/zabbix/alertscripts
Thiscanbechangedbyeditingthezabbix_server.conffile.
Theconfigurationontheagentsideisquiteeasy;basically,weneedtowritetheIPaddressofourZabbixserver.
www.it-ebooks.info
![Page 60: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/60.jpg)
InstallingadatabaseThedatabasewewilluseonthisbook,asalreadyexplained,isMySQL.
Now,consideringthatyouhaveaRedHatserver,theproceduretoinstallMySQLfromtheRPMrepositoryisquiteeasy:
$yuminstallmysqlmysql-server
Now,youneedtosetuptheMySQLservicetostartautomaticallywhenthesystemboots:
$chkconfig--levels235mysqldon
$/etc/init.d/mysqldstart
TipRemembertosetapasswordfortheMySQLrootuser
Tosetapasswordfortheroot,youcanrunthesetwocommands:
/usr/bin/mysqladmin-urootpassword'new-password'
/usr/bin/mysqladmin-uroot-hhostname-of-your.zabbix.dbpassword'new-
password'
Alternatively,youcanrun:
/usr/bin/mysql_secure_installation
Thiswillalsohelpyoutoremovethetestdatabasesandanonymoususerdatathatwascreatedbydefault.Thisisstronglyrecommendedforproductionservers.
Now,it’stimetocreatetheZabbixdatabase.Forthis,wecanusethefollowingcommands:
$mysql-uroot-p
$mysql>CREATEDATABASEzabbixCHARACTERSETUTF8;
QueryOK,1rowaffected(0.00sec)
$mysql>GRANTALLPRIVILEGESonzabbix.*to'zabbixuser'@'localhost'
IDENTIFIEDBY'zabbixpassword';
QueryOK,0rowsaffected(0.00sec)
$mysql>FLUSHPRIVILEGES;
$mysql>quit
Next,weneedtorestorethedefaultZabbixMySQLdatabasefiles:
$mysql-uzabbixuser-pzabbixpasswordzabbix</usr/share/doc/zabbix-
server-mysql-2.4.0/create/schema.sql
$mysql-uzabbixuser-pzabbixpasswordzabbix</usr/share/doc/zabbix-
server-mysql-2.4.0/create/images.sql
$mysql-uzabbixuser-pzabbixpasswordzabbix</usr/share/doc/zabbix-
server-mysql-2.4.0/create/data.sql
Now,ourdatabaseisready.Beforewebegintoplaywiththedatabase,it’simportanttodosomeconsiderationaboutdatabasesizeandheavytasksagainstit.
www.it-ebooks.info
![Page 61: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/61.jpg)
ConsideringthedatabasesizeZabbixusestwomaingroupsoftablestostoreitsdata:
HistoryTrends
Now,thespaceconsumedbythesetablesisinfluencedby:
Items:Thisisthenumberofitemsyou’regoingtoacquireRefreshrate:ThisisthemeanaveragerefreshrateofouritemsSpacetostorevalues:ThisdependsonRDBMS
Thespaceusedtostoredatacanvaryduetothedatabase,butwecanresumethespaceusedbythesetablesinthefollowingtable:
Typeofmeasure Retentionindays Spacerequired
History 30 10.8G
Events 1825(5years) 15.7GB
Trends 1825(5years) 26.7GB
Total NA 53.2GB
Thiscalculationis,ofcourse,doneconsideringtheenvironmentafter5yearsofretention.Anyway,weneedtohaveanenvironmentreadytosurvivethisperiodoftimeandretainthesameshapethatithadwhenitwasinstalled.Wecaneasilychangethehistoryandtrendsretentionpolicyperitem.Thismeansthatwecancreateatemplatewithitemsthathaveadifferenthistoryretentionbydefault.Normally,thehistoryissetto30days,butforsomekindofmeasure(suchasinwebscenarios)orotherparticularmeasures,weneedtokeepallthevaluesformorethanaweek.Thispermitsustochangethisvalueoneachitem.
www.it-ebooks.info
![Page 62: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/62.jpg)
MySQLpartitioningNowthatweareawareofhowbigourdatabasewillbe,it’seasytoimaginethathousekeepingwillbeaheavytaskandthetime,CPU,andresourceconsumedbythisonewillgrowtogetherwiththedatabasesize.
Housekeepingisinchargetoremovetheoutdatedmetricsfromthedatabaseandtheinformationdeletedbyauser,andaswe’veseenthehistory,trends,andeventstablesare,aftersometime,hugetables.Thisexplainswhytheprocessissoheavytomanage.
Theonlywaywecanimproveperformancesoncewehavereachedthisvolumeofdataisbyusingpartitioninganddisablingthehousekeeperaltogether.
Partitioningthehistoryandtrendtableswillprovideuswithmanymajorbenefits:
Allhistorydatainatableforaparticulardefinedwindowtimeareself-containedinitsownpartition.Thisallowsyoutoeasilydeleteolddatawithoutimpactingthedatabaseperformance.WhenyouuseMySQLwithInnoDB,andifyoudeletedatacontainedinatable,thespaceisnotreleased.Thespacefreedismarkedasfree,butthediskspaceconsumedwillnotchange.Whenyouusepartition,andifyoudropapartition,thespaceisimmediatelyfreed.Queryperformancecanbeimproveddramaticallyinsomesituations,inparticular,whenthereisheavyaccesstothetable’srowsinasinglepartition.Whenaqueryupdatesahugeamountofdataorneedsaccesstoalargepercentageofthepartition,thesequentialscanisoftenmoreefficientthantheindexusagewitharandomaccessorscatteredreadsagainstthisindex.
Unfortunately,Zabbixisnotabletomanagethepartitions.So,weneedtodisablehousekeeping,anduseanexternalprocesstoaccomplishhousekeeping.
Whatweneedtohaveisastoredprocedurethatdoesalltheworkforus.
Thefollowingisthestoredprocedure:
DELIMITER$$
CREATEPROCEDURE`partition_maintenance`(SCHEMA_NAMEVARCHAR(32),
TABLE_NAMEVARCHAR(32),KEEP_DATA_DAYSINT,HOURLY_INTERVALINT,
CREATE_NEXT_INTERVALSINT)
BEGIN
DECLAREOLDER_THAN_PARTITION_DATEVARCHAR(16);
DECLAREPARTITION_NAMEVARCHAR(16);
DECLARELESS_THAN_TIMESTAMPINT;
DECLARECUR_TIMEINT;
Untilhere,wehavedeclaredthevariableweneedafter.Now,onthenextline,wewillcallthestoredprocedureresponsibletocheckwhetherapartitionisalreadypresentandifnot,wewillcreatethem:
CALLpartition_verify(SCHEMA_NAME,TABLE_NAME,HOURLY_INTERVAL);
SETCUR_TIME=UNIX_TIMESTAMP(DATE_FORMAT(NOW(),'%Y-%m-%d
00:00:00'));
www.it-ebooks.info
![Page 63: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/63.jpg)
IFDATE(NOW())='2014-04-01'THEN
SETCUR_TIME=UNIX_TIMESTAMP(DATE_FORMAT(DATE_ADD(NOW(),
INTERVAL1DAY),'%Y-%m-%d00:00:00'));
ENDIF;
SET@__interval=1;
create_loop:LOOP
IF@__interval>CREATE_NEXT_INTERVALSTHEN
LEAVEcreate_loop;
ENDIF;
SETLESS_THAN_TIMESTAMP=CUR_TIME+(HOURLY_INTERVAL*@__interval
*3600);
SETPARTITION_NAME=FROM_UNIXTIME(CUR_TIME+HOURLY_INTERVAL*
(@__interval-1)*3600,'p%Y%m%d%H00');
Nowthatwehavecalculatedalltheparametersneededbythecreate_partitionprocedure,wecanrunit.Thisstoredprocedurewillcreatethenewpartitiononthedefinedschema:
CALLpartition_create(SCHEMA_NAME,TABLE_NAME,
PARTITION_NAME,LESS_THAN_TIMESTAMP);
SET@__interval=@__interval+1;
ENDLOOP;
SETOLDER_THAN_PARTITION_DATE=DATE_FORMAT(DATE_SUB(NOW(),INTERVAL
KEEP_DATA_DAYSDAY),'%Y%m%d0000');
Thesectionthatfollowsisresponsibletoremovetheolderpartitions,usingtheOLDER_TAN_PARTITION_DATEprocedure,whichwehavecalculatedonthelinesbefore:
CALLpartition_drop(SCHEMA_NAME,TABLE_NAME,
OLDER_THAN_PARTITION_DATE);
END$$
DELIMITER;
Thisstoredprocedurewillbethecoreofourhousekeeping.Itwillbecalledwiththefollowingsyntax:
CALLpartition_maintenance('<zabbix_db_name>','<table_name>',
<days_to_keep_data>,<hourly_interval>,<num_future_intervals_to_create>)
Theprocedureworksbasedon1hourintervals.Next,ifyouwanttopartitiononadailybasis,theintervalwillbe24hours.Instead,ifyouwant1hourpartitioning,theintervalwillbe1.
Youneedtospecifythenumberofintervalsthatyouwantcreatedinadvance.Forexample,ifyouwant2weeksintervaloffuturepartitions,use14.Ifyourintervalis1(forhourlypartitioning),thenthenumberofintervalstocreateis336(24*14).
Thisstoredprocedureusessomeotherstoresprocedures:
partition_create:Thiscreatesthepartitionforthespecifiedtablepartition_verify:Thischeckswhetherthepartitionisenabledonatable,ifnot,thencreateasinglepartitionpartition_drop:Thisdropspartitionsolderthanatimestamp
Forallthedetailsaboutthesestoredprocedures,seeAppendixA,PartitioningtheZabbix
www.it-ebooks.info
![Page 64: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/64.jpg)
Database.
Onceyou’vecreatedalltherequiredstoredprocedures,youneedtochangetwoindexestoenabletheminordertobereadyforapartitionedtable:
mysql>Altertablehistory_textdropprimarykey,addindex(id),drop
indexhistory_text_2,addindexhistory_text_2(itemid,id);
QueryOK,0rowsaffected(0.49sec)
Records:0Duplicates:0Warnings:0
mysql>Altertablehistory_logdropprimarykey,addindex(id),dropindex
history_log_2,addindexhistory_log_2(itemid,id);
QueryOK,0rowsaffected(2.71sec)
Records:0Duplicates:0Warnings:0
Oncethisisdone,youneedtoschedulethepartition_maintenance_allstoredprocedurewithacronjob.Formoredetailsaboutthepartition_maintenance_allprocedure,pleasechecktheinstructionscontainedinAppendixA,PartitioningtheZabbixDatabase.Thecronjobneedstoexecutethefollowingcommand:
mysql-h<zabbix_db_host>-u<zabbixuser>-p<zabbixpassword>zabbixdatabase
-e"CALLpartition_maintenance_all('zabbix');"
Oncethishasbeenset,youneedtobearinmindtodisablethehousekeepingforhistoryandtrends.VerifythattheOverrideitem<trend/history>periodZabbixconfigurationischeckedforbothhistoryandtrends.Here,youneedtosettheDatastorageperiod(indays)boxforhistoryandtrendstothevalueyou’vedefinedinyourprocedure,ourexampleinAppendixA,PartitioningtheZabbixDatabaseisof28and730.
www.it-ebooks.info
![Page 66: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/66.jpg)
InstallingaZabbixproxyInstallationoftheZabbixproxyfrompackagesisaquitesimpletask.Onceyou’veaddedtheZabbixrepository,youonlyneedtorunthefollowingcommand:
$yuminstallzabbix-proxy-mysql
Thiswillinstalltherequiredpackages:
Installation:
zabbix-proxy-mysqlx86_642.4.0-1.el6zabbix390k
Installingfordependencies:
zabbix-proxyx86_642.4.0-1.el6zabbix21k
TheZabbixproxyinstallationisquitesimilartotheserverone.Onceyou’veinstalledtheserver,youneedtoinstallMySQL,createthedatabase,andimporttheDBschema:
$mysql-uroot-p
$mysql>CREATEDATABASEzabbixCHARACTERSETUTF8;
QueryOK,1rowaffected(0.00sec)
$mysql>GRANTALLPRIVILEGESonzabbix.*to'zabbixuser'@'localhost'
IDENTIFIEDBY'zabbixpassword';
QueryOK,0rowsaffected(0.00sec)
$mysql>FLUSHPRIVILEGES;
$mysql>quit
Next,weneedtorestorethedefaultZabbixMySQLdatabasefiles:
$mysql-uzabbixuser-pzabbixpasswordzabbix</usr/share/doc/zabbix-
proxy-mysql-2.4.0/create/schema.sql
Now,weneedtostartthedatabase,configuretheproxy,andstarttheservice.Inthisexample,wehaveconsideredtouseaZabbixproxythatreliesonaMySQLwithInnoDBdatabase.Thisproxycanbeperformedintwodifferentways:
Lightweight(andthenuseSQLite3)Robustandsolid(andthenuseMySQL)
Here,wehavechosenthesecondoption.Inalargenetworkenvironmentwheretheproxy,incaseofissue,needstopreserveallthemetricsacquireduntiltheserveracquiresthemetrics,it’sbettertoreduce,attheminimum,theriskofdataloss.Also,ifyouconsiderthisscenarioinalargenetworkenvironment,youmostlikelywillhavethousandsofsubnetworksconnectedtotheZabbixserverwithallthepossiblenetworkdevicesin-between.Well,exactly,thisisnecessarytouseadatabasethatcanpreventanydatacorruptions.
www.it-ebooks.info
![Page 68: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/68.jpg)
InstallingtheWebGUIinterfaceTheWebGUIinterfacewillbedoneoncemoreusingtheRPMs.
Toinstallthewebinterface,youneedtorunthefollowingcommand:
$yuminstallzabbix-web-mysql
Yumwilltakecaretoresolveallthedependencies.Onceyou’redone,theprocessofthiscomponentisquiteeasy:weneedtoopenawebbrowser,pointatthefollowingURL:http://your-web-server/zabbix,andfollowtheinstructions.
OnthestandardRedHatsystem,yousimplyneedtochangetheseparametersonyour/etc/php.inifile:
php_valuemax_execution_time300
php_valuememory_limit128M
php_valuepost_max_size16M
php_valueupload_max_filesize2M
php_valuemax_input_time300
Also,setyourtimezoneonthesamefile(forexample,php_valuedate.timezoneEurope/Rome).
Now,it’stimetostartupApache,butbeforethis,weneedtocheckwhetherwehaveSELinuxenabledandonwhichmode?TocheckyourSELinuxstatus,youcanrun:
#sestatus
SELinuxstatus:enabled
SELinuxfsmount:/selinux
Currentmode:permissive
Modefromconfigfile:permissive
Policyversion:24
Policyfromconfigfile:targeted
Now,youneedtocheckwhetheryouhavethehttpddaemonenabledtousethenetworkwiththefollowingcommand:
#getseboolhttpd_can_network_connect
httpd_can_network_connect-->off
Mostlikely,youwillhavethesamekindofresult,thenallweneedtodoisenablethehttpd_can_network_connectoptionusingthenextcommandwith–Ptopreservethevalueafterareboot:
#setsebool–Phttpd_can_network_connecton
#getseboolhttpd_can_network_connect
httpd_can_network_connect-->on
Now,allthatwestillhavetodoisenablethehttpddaemonandstartourhttpdserver:
#servicehttpdstart
Startinghttpd:[OK]
Next,enablethehttpdserverasaservice:
www.it-ebooks.info
![Page 69: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/69.jpg)
#chkconfighttpdon
Wecancheckthechangedonewiththenextcommand:
#chkconfig--listhttpd
httpd0:off1:off2:on3:on4:on5:on6:off
Onceyou’vedonethis,youonlyneedtofollowthewizard,andinafewclicks,youwillhaveyourwebinterfacereadytostartup.
TipIfyouknowthattheloadagainstthewebserverwillbehigh,duetoahighnumberofaccountsthatwillaccessit,probably,it’sbettertoconsiderusingNginx.
Now,youcanfinallystartyourZabbixserverandthefirstentryinthe/var/log/zabbix/zabbix_server.logfilewilllooksomethinglikethefollowingcode:
37909:20140925:091128.868StartingZabbixServer.Zabbix2.4.0(revision
48953).
37909:20140925:091128.868******Enabledfeatures******
37909:20140925:091128.868SNMPmonitoring:YES
37909:20140925:091128.868IPMImonitoring:YES
37909:20140925:091128.868WEBmonitoring:YES
37909:20140925:091128.868VMwaremonitoring:YES
37909:20140925:091128.868Jabbernotifications:YES
37909:20140925:091128.868EzTextingnotifications:YES
37909:20140925:091128.868ODBC:YES
37909:20140925:091128.868SSH2support:YES
37909:20140925:091128.868IPv6support:YES
37909:20140925:091128.868******************************
37909:20140925:091128.868usingconfigurationfile:
/etc/zabbix/zabbix_server.conf******************************
Next,youcanstarttoimplementandacquirealltheitemscriticalforyournetwork.
www.it-ebooks.info
![Page 71: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/71.jpg)
SummaryInthischapter,wecoveredalargenumberofcomponents.Westartedwithdefiningwhatalargeenvironmentis.Wealsosawhowthenetworksetupcanbedesignedandhowitcanevolvewithinyourinfrastructure.Wesawtheheaviesttaskontheserverside(housekeeping)andhowtoavoidperformancedegradationduetothis.WediscussedMySQLpartitioningin-depth.Wealsobrieflydiscussedthedifferencesbetweenactiveandpassiveproxies;youwillnowbeabletodecidehowtosetthemupandwhichonetochooseonceyouknowyournetworktopology.Also,wesawhowtoacquiresomecriticalmetricstomonitortheZabbixproxyconnectionandtheamountofitemsthatitstillneedstosendus.
Asyoucansee,wecoveredalotofargumentsinjustonechapter;wedidthisbecausewewouldliketousemorespaceintheupcomingchapters.Inthenextchapter,wewillexplorethedifferentappliancesandprotocolsatlayer2andlayer3oftheISO/OSIstack.Also,youwillseehowtobestextrapolatemeaningfulmonitoringdatafromthecollectedmeasurefortheprotocollayers2and3.
www.it-ebooks.info
![Page 73: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/73.jpg)
Chapter2.ActiveMonitoringofYourDevicesNowthatyouhaveaworkingZabbixsetup,it’stimetotakealookatyournetworkandfigureoutthecomponentsthatyouwanttomonitor,thekindofdatayouwanttocollect,andtheconditionsunderwhichyouwanttobenotifiedaboutproblemsandstatechanges.
Itwouldbeimpossibleforanybookonthistopictofullycoverallthedifferentkindsofnetworkappliancesandtopologiesandallthedifferentmonitoringscenariosthatanetworkadministratormightneedaseveryenvironmenthasitsownspecificquirksthatagoodmonitoringsolutionhastoaccountfor.ThischapterwillofferyouafewexamplesofthedifferentmonitoringpossibilitiesZabbixcanachievebyrelyingondifferentmethodsandprotocols.You’llseehowtoqueryyournetworkfromthedatalinklayeruptoroutingandnetworkflowusingICMP,SNMP,andlogparsingfacilitiestocollectyourmeasurements.
You’lllearnhowtoextractmeaningfulinformationfromthedatayougatheredusingaggregatedandcalculateditemsandhowtoconfigurecomplextriggersthatwillalertyouaboutrealnetworkissueswhileminimizinguninterestingornonrelevantdata.
Bytheendofthechapter,you’llhaveagoodoverviewofZabbix’snetworkmonitoringpossibilities,andyou’llbereadytoadaptwhatyoulearnedforyourspecificrequirements.Butlet’sfirsthaveaquickoverviewofhowZabbixorganizesmonitoringdatawithhosts,templates,items,andtriggers.
www.it-ebooks.info
![Page 74: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/74.jpg)
UnderstandingZabbixhostsOneofZabbix’sgreatstrengthsisitsflexibilitywhenitcomestoorganizingmonitoringdata.Evenwithoutconsideringitspowerfultemplatinganddiscoveryfeatures,whichwillbecoveredinChapter4,DiscoveringYourNetwork,thereisalotthatyoucandowithstandardhosts,items,andtriggers.Hereareafewtipsonhowyoucanusethemeffectively.
www.it-ebooks.info
![Page 75: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/75.jpg)
HostsandhostgroupsZabbixhostsusuallyrepresentasingle,specificboxorapplianceinyournetwork.Theycanalsobeapartofoneormorehostgroups.
HostgroupsareveryusefulastheymakeiteasytonavigateZabbix’sinterface,separatinghostsintocategoriesandallowingyoutoorganizeandmanageahugeamountofapplianceswithouthavingtodealwithimpossiblylonglistsofhostnames.Thesamehostcanbepartofdifferenthostgroups,andthiscanbeveryusefulasyoumightwant,forexample,tohaveagroupforallyourrouters,agroupforallyourswitches,andagroupforeverysubnetyoumanage.So,asinglerouterwillbepartoftheroutersgroupandallthesubnetgroupsithasaninterfaceon,whileaswitchwillbepartoftheswitchesgroupandofthesubnetit’spartof,andsoon.
Whilethisiscertainlyagoodwaytoorganizeyourhosts,bothtovisualizeandtomanageyourmonitoringdata,thereareacoupleofnot-too-obviouspitfallsyoushouldbeawareofifyoudecidetoputthesamehostinmultiplegroups:
Calculateditemsshowaggregatemonitoringdatabasedonhostgroupmembership.Ifyouconfigureanaggregateditemthatusesmorethanonecalculateditemfromdifferenthostgroups,youcanendupusingthesamehost’sdatamorethanonce,introducingasignificanterrorinyourcalculations.Actionsareusuallyfilteredbasedonhostgroups.Thismeansthatthesametriggereventcouldfireupmorethanoneactionifthehostispartofmorethanonehostgroup,leadingtopotentiallyduplicatemessagesandalerts.Useraccesspermissionsarehost-group-based.Thismeansthatsomeuserscouldbeabletoseemorehostsandmonitoringdatathantheyactuallyneedtoifahostendsupinahostgrouptheyhaveaccessto.
Thisisbynomeansanattempttodiscouragethepracticeofassigningmultiplehostgroupstothesamehost.Justbeawareoftheramificationsofsuchapracticeanddon’tforgettotakeintoconsiderationtheaddedcomplexitywhenyouconfigureyouritems,actions,andaccesspermissions.
HostinterfacesEachhostiscomposedofacollectionofitemsthatrepresenttherawmonitoringdata,andtriggers,whichrepresentZabbix’smonitoringintelligencebasedonthedatagathered.It’salsocomposedofaseriesofinterfacesthattelltheZabbixserverorproxyhowtocontactthehosttocollecttheaforesaidmonitoringdata.Mostnetworkapplianceshavemorethanoneinterface,soyouwouldwanttomakesurethatallhoststhatrepresentrouters,firewalls,proxies,gateways,andwhatnot,arelistingallthoseappliances’interfacesandtheiraddresses.Theadvantagesareobvious:
You’llbeabletoquicklyreviewwhataddressesareconfiguredonaspecifichostwhilelookingatmonitoringdataYou’llbeabletodifferentiateyourchecksbyqueryingdifferentaddressesorportsofthesamehostbasedonyourneeds
www.it-ebooks.info
![Page 76: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/76.jpg)
Yourmapsandtopologieswillbemoreconsistentwithwhat’sactuallydeployed
Addinginterfacestoahostisfairlystraightforward.AllyouneedtodoisnavigatetoConfiguration|Hostsandthenselectthehostyouwanttoedit.Theinterfacessectionisinthemainconfigurationtab,asshowninthefollowingscreenshot:
Asyoucanseeintheaboveexample,therearethreeagentinterfacesthatshowallthenetworkstherouterisconnectedtoandjustoneSNMPinterface.AgentinterfacesareusednotonlyforZabbixagentitems,butalsoforsimpleandexternalchecks.Ontheotherhand,you’lluseSNMPinterfacestosendSNMPqueriestoyourhost.Theprecedingexampleassumesthatyou’llonlyuseSNMPontherouter’sinterfacethatisconnectedtoamanagementnetwork(192.168.1.0inthisexample),whileyou’llalsouseICMP,TCP,andexternalchecksonitstwoproductioninterfaces.Ofcourse,youarefreetoconfiguredifferentIPaddressesforAgentandSNMPinterfacesdependingonwhatprotocolsandchecksyouplantoactivateonwhichinterfaces.
HostinventoryHavinginventorydatadirectlyavailableinyourmonitoringsolutionhasalotofobviousadvantageswhenitcomestoattachingusefulinformationtoyouralertsandalarms.Unfortunately,themorehostsyouhavetomanage,themoreessentialitistohaveup-to-dateinventoryinformation,andtheharderitistomaintaintheaforesaidinformationinareliableandtimelymanner.Manuallyupdatingahost’sinventorydatacanquicklybecomeanimpossibletaskwhenyouhavetensorhundredsofhoststomanage,andit’snotalwayspossibletowriteautomatedscriptsthatwilldothejobforyou.Fortunately,Zabbixoffers
www.it-ebooks.info
![Page 77: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/77.jpg)
anautomaticinventoryfeaturethatcanatleastpartiallyfillininventorydatabasedonactualmonitoringdata.Toactivatethisfeature,firstyou’llneedtoselectAutomaticintheHostinventorytabofahostconfigurationpageandthenmovetotheitemsthatyou’llusetopopulatetheinventorydata.
Whenconfiguringanitem,youshouldassignitsdatatoaspecificinventoryfieldsothattheaforesaidfield’svaluewillbesetandautomaticallyupdatedbasedontheitem’smeasurements,asshowninthefollowingscreenshot:
Asyoucanseeintheprecedingexample,ahost’slocationinventoryvaluewillbepopulatedbasedonthecorrespondingSNMPquery.Thismeansthatifyouchangeadevice’slocationinformation,thatchangewillbereflectedinZabbixassoonastheitem’svalueispolledonthedevice.Dependingonthedataavailableonthedevice,you’llbeabletopopulateonlyafewinventoryfieldsormostofthem,whilefallingbackonmanualupdatesofthefieldsthatfalloutsideofyourdevice’sreportingpossibilities.
Speakingofitems,let’snowfocusonthedifferentmonitoringpossibilitiesthatZabbixitemsofferandhowtoapplythemtoyourenvironment.
www.it-ebooks.info
![Page 79: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/79.jpg)
GoingbeyondZabbixagentsTherearecertainlymanyadvantagesinusingZabbix’sownagentsandprotocolwhenitcomestomonitoringWindowsandUnixoperatingsystemsortheapplicationsthatrunonthem.However,whenitcomestonetworkmonitoring,thevastmajorityofmonitoredobjectsarenetworkappliancesofvariouskinds,whereit’softenimpossibletoinstallandrunadedicatedagentofanytype.Thisbynomeansimpliesthatyou’llbeunabletofullyleverageZabbix’spowertomonitoryournetwork.Whetherit’sasimpleICMPechorequest,anSNMPquery,anSNMPtrap,netflowlogging,oracustomscript,therearemanypossibilitiestoextractmeaningfuldatafromyournetwork.Thissectionwillshowyouhowtosetupthesedifferentmethodsofgatheringdata,andgiveyouafewexamplesonhowtousethem.
www.it-ebooks.info
![Page 80: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/80.jpg)
SimplechecksLet’sstartwiththesimplestcase.Atfirstglance,simplechecksdon’tlookthatinteresting:excludingalltheVMwareHypervisorchecksthatareincludedinthiscategory,simplechecksarereducedtoacoupleofgenericTCP/IPconnectionchecksandthreeICMPechochecks,asfollows:
Checkname Description
Icmpping Thisreturns1ifthehostrespondstoanICMPping;0otherwise
Icmppingloss ThisreturnsthepercentageoflostICMPpingpackets
Icmppingsec ThisreturnstheICMPresponsetimeinseconds
Net.tcp.service Thisreturns1ifthehostacceptsconnectionsonaspecifiedTCPport;0otherwise
Net.tcp.service.perf ThisreturnsthenumberofsecondsspenttoobtainaconnectiononaspecifiedTCPport
Generallyspeaking,thesechecksprovemoreusefulasthedistancebetweenthemonitoringprobeandthemonitoredhostincreases,bothintermsofphysicaldistance(ageographicallinktoanothercityforexample)andintermsofhopsapackethastogothrough.Thismeansthatifyouareinterestedinyournetwork’sperformance,itwouldmakesensetoassignhostswithsimplecheckstoZabbixproxiesthatarenotinthesamesubnet,butaresituatedwheretheywillmimicascloselyaspossibleyouractualnetworktraffic.Net.tcp.serviceisparticularlyusefulfromthispointofview,notjusttocheckthestatusoftheavailabilityofspecificserviceswhenyoucannotuseZabbixagents,butalsotocheckgeneralhostavailabilityacrossrestrictivefirewallsthatblockICMPtraffic.
TipInordertoreducenetworktrafficandtomakemoreefficientICMPchecks,Zabbixusesfpinginsteadoftheregularpingwhenexecutingicmpping,icmppingloss,andicmppingsecitemchecks.
MakesureyouhavefpinginstalledonyourZabbixserverandalsoonalltheZabbixproxiesthatmightneedit.Ifyoudon’thaveit,asimpleyuminstallfpingwillusuallybeenoughfortheZabbixdaemonstofinditanduseit.
Whilebothnet.tcp.serviceandnet.tcp.service.perfdosupportsomewell-knownprotocols,suchasSSH,FTP,HTTP,andsoon,thesetwoitems’mostusefuloptionisprobablytheonethatallowsyoutoperformasimpleTCPhandshakeconnectionandcheckwhetheraspecificIPisreachableonaspecificport.Thesekindofchecksareusefulbecause,justlikeICMPpings,theywillmostlyinvolvethenetworkstack,reducingapplicationoverheadtoaminimum,thusgivingyoudatathatmorecloselymatchesyouractualnetworkperformance.Ontheotherhand,unlikeICMPpings,theywillallowyoutocheckforTCPportavailabilityforagivenhost.Obvioususecasesincludemakinglightweightservicechecksthatwillnotimpactverybusyhostsorappliancestoomuch,
www.it-ebooks.info
![Page 81: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/81.jpg)
andmakingsurethatagivenfirewallisallowingtrafficthrough.
Aslightlylessobvioususecaseisusingoneormorenet.tcp.serviceitemstomakesurethatsomeservicesarenotrunningonagiveninterface.Takeforexample,thecaseofaborderrouterorfirewall.Unlessyouhavesomeveryspecialandspecificneeds,you’lltypicallywanttomakesurethatnoadminconsolesareavailableontheexternalinterfaces.Youmighthavedouble-checkedtheappliance’sinitialconfiguration,butasystemupdate,acarelessadmin,orasecuritybugmightchangetheaforesaidconfigurationandopenyourappliance’sadmininterfacestoafarwideraudiencethanintended.AsecuritybreachlikethisonecouldpassunobservedforalongtimeunlessyouconfigureafewsimpleTCP/IPchecksonyourappliance’sexternalinterfacesandthensetupsometriggersthatwillreportaproblemifthosechecksreportanopenandresponsiveport.
Let’staketheexampleoftherouterwithtwoproductioninterfacesandamanagementinterfaceshowninthesectionabouthostinterfaces.Iftherouter’sHTTPSadminconsoleisavailableonTCPport8000,you’llwanttoconfigureasimplecheckitemforeveryinterface:
Itemname Itemkey
management_https_console net.tcp.service[https,192.168.1.254,8000]
zoneA_https_console net.tcp.service[https,10.10.1.254,8000]
zoneB_https_console net.tcp.service[https,172.16.7.254,8000]
Allthesecheckswillreturn1iftheserviceisavailable,and0iftheserviceisnotavailable.Whatchangesishowyouimplementthetriggersontheseitems.Forthemanagementitem,you’llhaveaproblemiftheserviceisnotavailable,whilefortheothertwo,you’llhaveaproblemiftheserviceisindeedavailable,asshowninthefollowingtable:
Triggername Triggerexpression
Managementconsoledown {it-1759-r1:net.tcp.service[http,192.168.1.254,8000].last()}=0
ConsoleavailablefromzoneA {it-1759-r1:net.tcp.service[http,10.10.1.254,8000].last()}=1
ConsoleavailablefromzoneB {it-1759-r1:net.tcp.service[http,172.16.7.254,8000].last()}=1
Thisway,you’llalwaysbeabletomakesurethatyourdevice’sconfigurationwhenitcomestoopenorclosedportswillalwaysmatchyourexpectedsetupandbenotifiedwhenitdivergesfromthestandardyouset.
Tosummarize,simplechecksaregreatforallcaseswhereyoudon’tneedcomplexmonitoringdatafromyournetworkastheyarequitefastandlightweight.Forthesamereason,theycouldbethepreferredsolutionifyouhavetomonitoravailabilityforhundredstothousandsofhostsastheywillimpartarelativelylowoverheadonyour
www.it-ebooks.info
![Page 82: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/82.jpg)
overallnetworktraffic.
Whenyoudoneedmorestructureandmoredetailinyourmonitoringdata,it’stimetomovetothebreadandbutterofallnetworkmonitoringsolutions:SNMP.
www.it-ebooks.info
![Page 83: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/83.jpg)
KeepingSNMPsimpleTheSimpleNetworkMonitoringProtocol(SNMP)isanexcellent,generalpurposeprotocolthathasbecomewidelyusedbeyonditsoriginalpurpose.Whenitcomestonetworkmonitoringthough,it’salsooftentheonlyprotocolsupportedbymanyappliances,soit’softenaforced,albeitnaturalandsensible,choicetointegrateitintoyourmonitoringscenarios.Asanetworkadministrator,youprobablyalreadyknowallthereistoknowaboutSNMPandhowitworks,solet’sfocusonhowit’sintegratedintoZabbixandwhatyoucandowithit.
Firstofall,we’llneedtotalkaboutSNMPgetsandSNMPtrapsintwodifferentdiscussionsastheyareimplementedandusedindifferentwaysbyZabbix.ThereasonforthisseparationisintheverynatureofSNMPgetsasopposedtoSNMPtraps.AnSNMPgetrepresentsasingle,discretepieceofinformationthatrepresentsthecurrentstatusofametric,andit’snottiedtoanyspecificevent.Whetherit’sacounterwiththetotalnumberofbytesthatpassedthroughaninterface,aBooleanvaluethatwilltellifalinkisupordown,orastringwithanappliance’slocationorcontactinformation,anSNMPvaluewillbeavailableatanymoment,anditwillbepossibletopollitwithanarbitraryfrequency.
ThismapsnicelytoZabbixitems.JustlikeSNMPgetvalues,theyalsorepresentsingle,discretevaluesthatcanbepolledwitharbitraryfrequency.ThismakesitreallystraightforwardtouseregularSNMPqueriestopopulateZabbixitemssincetheonlythingsyouhavetoworryaboutaretheSNMPOID,thedatatype,andthecommunitystringorauthenticationinformation.We’llseeafewexamplesinthenextparagraph.
AnSNMPtraprepresentsaspecificeventthathappensataspecificpointintime.Itmightrepresentalinkstatechange,arebootevent,orauserlogin.Inanycase,youcannotquerythestateofanSNMPtrap;youjusthavetowaittoreceiveone,anditwillnotrepresentasingle,discretevaluebutachangefromonevaluetoanother.Theyresemble,inmanyways,Zabbixeventsinsteadofrawdata.ThiscomplicatesthingsalittlesinceZabbixeventsaretheresultofevaluatingtriggersagainstcollecteddata,whileSNMPtrapscanonlyenterZabbixasitemvalues,thatis,ascollecteddata.Sowe’llneedtoresolvethisapparentmismatchinordertofullyleveragetheinformationcontainedinSNMPtraps.We’llseehowinashortwhile,butfirstlet’slookatafewdetailsconcerningregularSNMPqueriesexecutedfromZabbix.
GettingSNMPdataintoZabbixAZabbixserverusuallycomeswithgoodSNMPsupportoutofthebox.Notonlydoesitsupportthequeryingprotocolnatively,butitalsocomesequippedwithanumberofSNMPtemplatesthatcangetyoustartedintherightdirection.ThismeansthatformostdevicesyouonlyhavetolinktheTemplateSNMPDevicetemplate,andyou’llimmediatelybeabletogetsomebasicinformationaboutit,asshowninthefollowingscreenshot:
www.it-ebooks.info
![Page 84: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/84.jpg)
We’vealreadyseenhowtheDevicelocationitemcanbeusedtopopulateahost’sinventorylocationrecord,butthereareacoupleofotherusefulbitsofinformationintheabovepicture.
Firstofall,there’salow-leveldiscoveryruletoexplore.We’lldelvemoredeeplyintodiscoveryrulesinChapter4,DiscoveringYourNetwork,butfornow,we’lljustseethatit’saboutdynamicallycreatingnetworkinterfaceitems:
Foreveryinterface,eightitemswillbecreated,includingtheinterfacename,operationalstatus,incomingandoutgoingtraffic,andsoon.Thismeansthatthesametemplatewillbeusefulforthebasicmonitoringofnetworkapplianceswithanynumberofnetworkinterfaces.
Thesecondthingtonotice,lookingatbothimages,istheupdateinterval,andhistoryandtrendretentionperiodsfortheitems.Zabbixtriestosetsomesensibledefaults,butyou’llprobablyneedtoupdatesomeofthosevaluesbasedonthenumberofmonitoredhostsyouhaveinyourenvironment,yourstoragespaceavailability,andthenetworkloadofyourmonitoringtraffic.
NoteAnotherparameterthatisrelatedtoZabbix’sperformanceistheinitial(andminimum)numberofpollersthattheserverkeepsactiveatanygiventime.Ifyoufindthatyourpollingqueueisgettinglonger,youmightwanttoincreasethenumberofpollersinzabbix_server.conf.Theavailabledefaultoptionsare:
www.it-ebooks.info
![Page 85: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/85.jpg)
#StartPollers=5
#StartIPMIPollers=0
#StartPollersUnreachable=1
#StartTrappers=5
#StartPingers=1
#StartDiscoverers=1
#StartHTTPPollers=1
Workyourwayupslowly,oryou’lljustendupwithunnecessaryprocessesbeingcreatedwhenZabbixisstarted.
Ifyouhavehundredsofhoststomonitor,andforeveryhost,youcollecttensofsinglemeasurementseveryminute,youwouldreachapointwhereyourZabbixserver’snetworkloadorCPUloadwillstarttoimpactontheserver’sperformance,leadingtodelaysinitempollingordroppedconnections.Ifyoucannotjustupgradetomorepowerfulhardware,youmighthavetotweakthepollingintervalofyourtemplatessothattheystrikeagoodbalancebetweengranularityofdetailandperformance.
Adevice’sname,contactdetails,description,location,andsuchlike,willrarelychangeoncethedevicehasbeendeployed,soitwouldbeawastetopollforthosevalueseveryhour(3,600seconds).Bychangingtheintervalto6hoursorevenaday,you’llautomaticallyreduceyournetworktrafficrelatedtoessentiallyfixedinformationbyafactorof6,upto24.
Raisingthepollingintervalforsomeoftheinterfacecounterscanhaveanevenmoredramaticimpactonyoursystemandnetworkload.Whileyou’llprobablywanttochecktheadminandoperationalstatusofaninterfaceasoftenaspossible—otherwiseyouruntheriskofnotgettingnotifiedaboutpossibleproblemsinatimelymanner—ontheotherhand,you’llprobablybeabletolivewithpollingincomingandoutgoingtrafficanderrorseveryfiveminutes(300seconds)insteadofeveryminute.Yourgraphswillstillbeverydetailed,butyournetworkwillbemuchlessfloodedwithSNMPrequests.Keepinmindthatchangeslikethesemightnotseemmuchwhenreferredtoasinglehost,butasthenumberofyourmonitoredobjectsgrow,youcanveryquicklyrunuptohundredsoreventhousandsofnewmonitoringvaluespersecondcomingintoyourZabbixserver.
Thesamecanbesaidwhenitcomestoretentionperiodsandstoragespace.Inthiscase,keepinmindthattrendsstoreaboutthreevaluesperhour(min,maxandaverage)overthetimerangespecified,whilehistorystoresallvaluescollectedinthespecifiedtimerange.Thismeansthatbasedonyourpollinginterval,it’susuallycheapertoextendatrendretentionvaluethanahistoryone.Thisis,ofcourse,validonlyfornumericalvaluesasstringonescan’treallyhavetrends,justhistory.
OnelastthingtonoticeintheaboveimagesisthatthemonitoringprotocolforallitemsissettoSNMPv2.JustlikeSNMPv1,SNMPv2doesn’tofferrealsecurityforthemonitoringdatathatcrossesthenetworkbetweenanapplianceandthemonitoringserver:alltrafficissentandreceivedintheclear,andtheSNMPcommunityisjustastring,easilyparsablefrominterceptedtraffic.Whileit’scertainlytruethatafewnetworkappliancesdon’tsupportSNMPv3becauseeithertheyaretoooldortheyaretoosimple,It’salsotruethat
www.it-ebooks.info
![Page 86: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/86.jpg)
thenewversionoftheprotocolhasbeenaroundforquiteawhilenowandanumberofappliancesdosupportit.ThemainadvantagesofSNMPv3areitsauthenticationandencryptioncapabilities.Thesecanhelpmakesurethatallmonitoringtrafficisnotbogusorcorrupted,andthatit’skeptconfidentialfrompryingeyes.Thisisparticularlyimportantifyouneedtomonitorsomehostsoveranetworklinkyouhavenorealcontrolover,suchasaWANconnectionthroughathird-partyprovider.ItwouldalwaysbenicetouseSNMPv3acrossyournetwork,butincaseslikethese,youarestronglyencouragedtodosoasthere’sarealpossibilitythatyourtrafficcanbeindeedinterceptedandtappedinto.
Let’staketheexampleofaCiscorouter,andlet’sseehowtoconfigureSNMPv3onitbeforemovingontotheZabbixside.
Firstofall,let’screateamonitoringgroup.Thisisusedtodefineaccesstothedevice’sMIBs.OntheCiscorouter,openaconsolesessionandgointoconfigurationmode.Thenissuethefollowingcommand:
R1(config)#snmp-servergroupMonitoringGroupv3priv
Thev3keywordspecifiesthatwewanttouseSNMPv3,whiletheprivkeywordspecifiesthatwewanttousebothauthenticationandencryption.It’spossibletopassmoreoptionstotheprecedingcommandinordertodefineanaccesslistifyouwanttolimitaccesstospecificMiBs,butwe’llkeepthingssimplehereandletourZabbixprobeaccessallMIBs.
Nowthatwehaveagroup,wecancreateauser,asfollows:
R1(config)#snmp-serveruserzabbixMonitoringGroupv3authshazbxpasspriv
aes128zbxpriv
Asyoucansee,weassignedtheZabbixusertothepreviouslycreatedgroupanddefinedtheauthenticationandencryptionpassphrases.Takenoteofalltheseelementsasyou’llneedtospecifyallofthemonZabbix’ssideandtheywillneedtomatchwhatyouusedhere.Tosummarize,hereiswhatyou’llinputlaterwhenconfiguringanSNMPv3Zabbixitem:
Field Value
User zabbix
Authenticationprotocol sha
Authenticationpassphrase zbxpass
Privacyprotocol aes
Privacypassphrase zbxpriv
NotePleasedon’tusethepassphrasesshownhere.Theseareintentionallyweak,andweusedthemforillustrationpurposesonly.
Thisisallthereistoit.Later,we’lladdsomeinformationabouttellingtheappliance
www.it-ebooks.info
![Page 87: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/87.jpg)
wheretosendSNMPtraps,butfornowyou’rereadytogetSNMPvaluesfromyourappliance,solet’sfocusonthatforawhile.
FindingtherightOIDstomonitorWhileZabbix’sdefaultSNMPtemplateswillhelpyougetstartedwithbasicmonitoring,you’llsoonfindtheneedtopollyourdevicesformoreinformation.Todothat,you’llneedtoknowtheOIDofthemetricyouwanttomonitoraswellasthedatatypeitwillyield.Afirstoptionistoconsultyourvendor’sdocumentationonthedeviceandfindoutwhichMIBsandOIDsareexposedbytheSNMPagent.Another,moreinteractive,optionistofindthemusingthesnmpwalkutilityanddirectlyaskingyourdeviceforthem.
NoteIfyoudon’talreadyhavesnmpwalk(andtheotherSNMPutilitiesforLinux)installed,youcanquicklydosowithasimplecommand:
#yuminstallnet-snmp-utils
OIDsaresentandreceivedbySNMPagentsandserversasdottedsequencesofnumbers.JustlikeIPaddresses,thisisconvenientformachine-to-machinecommunication,buthardtoreadforhumans.Inordertomakethemostfromtheexplorationofyourdeviceusingsnmpwalk,makesureyouhavealltheMIBsyouneedinstalled.MIBsessentiallymapOIDstoreadableandunderstandabledescriptionsofthemselves.Inotherwords,theytakeoutputlikethisone:
.1.3.6.1.2.1.2.2.1.1.1=INTEGER:1
.1.3.6.1.2.1.2.2.1.1.2=INTEGER:2
.1.3.6.1.2.1.2.2.1.1.3=INTEGER:3
.1.3.6.1.2.1.2.2.1.1.5=INTEGER:5
.1.3.6.1.2.1.2.2.1.2.1=STRING:lo
.1.3.6.1.2.1.2.2.1.2.2=STRING:eth1
.1.3.6.1.2.1.2.2.1.2.3=STRING:tap0
.1.3.6.1.2.1.2.2.1.2.5=STRING:br0
.1.3.6.1.2.1.2.2.1.3.1=INTEGER:softwareLoopback(24)
.1.3.6.1.2.1.2.2.1.3.2=INTEGER:ethernetCsmacd(6)
.1.3.6.1.2.1.2.2.1.3.3=INTEGER:ethernetCsmacd(6)
.1.3.6.1.2.1.2.2.1.3.5=INTEGER:ethernetCsmacd(6)
.1.3.6.1.2.1.2.2.1.4.1=INTEGER:16436
.1.3.6.1.2.1.2.2.1.4.2=INTEGER:1500
.1.3.6.1.2.1.2.2.1.4.3=INTEGER:1500
.1.3.6.1.2.1.2.2.1.4.5=INTEGER:1500
.1.3.6.1.2.1.2.2.1.5.1=Gauge32:10000000
.1.3.6.1.2.1.2.2.1.5.2=Gauge32:1000000000
.1.3.6.1.2.1.2.2.1.5.3=Gauge32:10000000
.1.3.6.1.2.1.2.2.1.5.5=Gauge32:0
.1.3.6.1.2.1.2.2.1.6.1=STRING:
.1.3.6.1.2.1.2.2.1.6.2=STRING:0:c:29:24:15:50
.1.3.6.1.2.1.2.2.1.6.3=STRING:2:10:f7:72:77:50
.1.3.6.1.2.1.2.2.1.6.5=STRING:0:c:29:24:15:50
.1.3.6.1.2.1.2.2.1.7.1=INTEGER:up(1)
.1.3.6.1.2.1.2.2.1.7.2=INTEGER:up(1)
.1.3.6.1.2.1.2.2.1.7.3=INTEGER:up(1)
.1.3.6.1.2.1.2.2.1.7.5=INTEGER:up(1)
www.it-ebooks.info
![Page 88: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/88.jpg)
.1.3.6.1.2.1.2.2.1.8.1=INTEGER:up(1)
.1.3.6.1.2.1.2.2.1.8.2=INTEGER:up(1)
.1.3.6.1.2.1.2.2.1.8.3=INTEGER:up(1)
.1.3.6.1.2.1.2.2.1.8.5=INTEGER:up(1)
Then,theyturnitintoamuchmorereadableform:
IF-MIB::ifIndex.1=INTEGER:1
IF-MIB::ifIndex.2=INTEGER:2
IF-MIB::ifIndex.3=INTEGER:3
IF-MIB::ifIndex.5=INTEGER:5
IF-MIB::ifDescr.1=STRING:lo
IF-MIB::ifDescr.2=STRING:eth1
IF-MIB::ifDescr.3=STRING:tap0
IF-MIB::ifDescr.5=STRING:br0
IF-MIB::ifType.1=INTEGER:softwareLoopback(24)
IF-MIB::ifType.2=INTEGER:ethernetCsmacd(6)
IF-MIB::ifType.3=INTEGER:ethernetCsmacd(6)
IF-MIB::ifType.5=INTEGER:ethernetCsmacd(6)
IF-MIB::ifMtu.1=INTEGER:16436
IF-MIB::ifMtu.2=INTEGER:1500
IF-MIB::ifMtu.3=INTEGER:1500
IF-MIB::ifMtu.5=INTEGER:1500
IF-MIB::ifSpeed.1=Gauge32:10000000
IF-MIB::ifSpeed.2=Gauge32:1000000000
IF-MIB::ifSpeed.3=Gauge32:10000000
IF-MIB::ifSpeed.5=Gauge32:0
IF-MIB::ifPhysAddress.1=STRING:
IF-MIB::ifPhysAddress.2=STRING:0:c:29:24:15:50
IF-MIB::ifPhysAddress.3=STRING:2:10:f7:72:77:50
IF-MIB::ifPhysAddress.5=STRING:0:c:29:24:15:50
IF-MIB::ifAdminStatus.1=INTEGER:up(1)
IF-MIB::ifAdminStatus.2=INTEGER:up(1)
IF-MIB::ifAdminStatus.3=INTEGER:up(1)
IF-MIB::ifAdminStatus.5=INTEGER:up(1)
IF-MIB::ifOperStatus.1=INTEGER:up(1)
IF-MIB::ifOperStatus.2=INTEGER:up(1)
IF-MIB::ifOperStatus.3=INTEGER:up(1)
IF-MIB::ifOperStatus.5=INTEGER:up(1)
IfyouhavetherightMIBs,youwon’thavetoguessthemeaningofeachOIDfromitsvalueasmostofthetime,itwillbeclearenoughfromitsname.ToaddanewMIBtoyourSNMPtools,youhavetoobtainitfromthevendorofyourdeviceandtheninstallitonyoursystem.VendorsusuallymaketheirMIBsfreelyavailable,soyoushouldn’thaveanyproblemsfindingthem.
HerearesomeofthemajorvendorsofMIBsources,compiledatthetimeofwriting:
Vendor MIBs
Cisco http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Juniper http://www.juniper.net/techpubs/software/index_mibs.html
Barracudanetworks https://techlib.barracuda.com/search/go/global?q=MIB
www.it-ebooks.info
![Page 89: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/89.jpg)
NoteAveryusefulresourceisOIDView’sfreeMIBdatabasethatyoucanfindhere:
http://www.oidview.com/mibs/detail.html
Atthetimeofwritingthis,thedatabasehadmorethan7,000MIBs,sochancesareyou’llbeabletofindaMIBforthemostobscurenetworkdeviceyoumighthavetomonitor.
MIBsareplaintextfiles,soifyouhaveacompressedarchive,youwillneedtounpackitbeforeyoucaninstallitscontents.OnceyouhavetheplaintextMIBS,it’sasimplematterofcopyingtheminto/usr/share/snmp/mibsandthenusingthe-moptiontotheSNMPcommandstospecifywhichMIByouwanttoloadinadditiontothedefaultones.
ShouldyourMIBscollectionbecometoobigandyouwantedtoorganizethemindifferentdirectories,thenyou’llneedtotellyourtoolswheretofindthem.Youhavetwooptions:eitherspecifyfromthecommandlinethedirectoriesyouwantyourcommandtosearchforMIBs,orputthisinformationinaconfigurationfilesothatyourcommandsalwaysknowtheMIBs’location.Theoptionsarediscussedasfollows:
Thefirstoptionisusefulifyou’rejusttryingoutanewMIBandseeingwhetherthat’stheoneyouneed.EveryNet-SNMP-basedcommandwilltakea-moptionthatyoucanusetospecifyaspecificMIBtoloadfromthemibsdirectory.Here’sacommandforexample:
$snmpwalk-m+CISCO-STUN-MIB-v3-uzabbix-aSHA-Azbxpassword-l
AuthPriv-xAES-Xprivpassword10.10.1.9
ThiscommandwilluseSNMPv3tocontacttheSNMPagentat10.10.1.9withthespecifiedcredentialsandwillloadtheCISCO-STUN-MIBthatitwillfindinthe/usr/share/snmp/mibsdirectory,inadditiontothosealreadyloadedasdefault.
Thesecondoptionismorepermanentandinvolvesediting(orcreating,ifit’snotalreadythere)the/etc/snmp/snmp.conffile.JustaddalinewiththelistofdirectoriestosearchformibsandanotherlinethatspecifieswhichMIBsthecommandsshouldactuallyload(inthiscase,we’llloadallofthem),asfollows:
mibdirs
/usr/share/snmp/mibs:/usr/share/snmp/mibs/cisco:/usr/share/snmp/mibs/ju
niper:/mnt/remote/shared_mibs/
mibs+ALL
Asyoucansee,evenifyoukeepyoursubdirectoriesin/usr/share/snmp/mibs,you’llhavetospecifyeachoneyouwantautomaticallyincluded.OnceyouhaveyourMIBsinstalledandloaded,you’llbereadytofullyexploreyourdevices’SNMPagents.ToperformacompletesnmpwalkonadevicecantakequitealotoftimeandproducealotofoutputdependingonhowmanyOIDsitexposes.Aroutercanhavethousandsofthem,soit’sadvisabletoredirectthecommand’soutputtoafilesothatyouareabletoreferenceitandexploreitatanytimeyouwantwithouthavingtoperformacompletewalkonthedeviceitself,asfollows:
$snmpwalk-v3-uzabbix-aSHA-Azbxpassword-lAuthPriv-xAES-X
www.it-ebooks.info
![Page 90: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/90.jpg)
privpassword10.10.1.9>router-R1-snmp_baseline.txt
AnotheradvantageofhavingtheMIBsyouneedisthatit’llbeeasiertocreatenewSNMPitemsinZabbixasyou’llbeabletospecifythestringversionofanOIDandnotonlyitsnumericalvalue.ZabbixreliesontheNet-SNMPlibrary,soitwillalsoreferenceanyMIBsinstalledinyoursystem’sdefaultdirectories.
Solet’sseehowyoucanusetheoutputofsnmpwalktocreatenewZabbixitems.
MappingSNMPOIDstoZabbixitemsAnSNMPvalueiscomposedofthreedifferentparts:theOID,thedatatype,andthevalueitself.WhenyouusesnmpwalkorsnmpgettogetvaluesfromanSNMPagent,theoutputlookslikethis:
SNMPv2-MIB::sysObjectID.0=OID:CISCO-PRODUCTS-MIB::cisco3640
DISMAN-EVENT-MIB::sysUpTimeInstance=Timeticks:(83414)0:13:54.14
SNMPv2-MIB::sysContact.0=STRING:
SNMPv2-MIB::sysName.0=STRING:R1
SNMPv2-MIB::sysLocation.0=STRING:Upperfloorroom13
SNMPv2-MIB::sysServices.0=INTEGER:78
SNMPv2-MIB::sysORLastChange.0=Timeticks:(0)0:00:00.00
...
IF-MIB::ifPhysAddress.24=STRING:c4:1:22:4:f2:f
IF-MIB::ifPhysAddress.26=STRING:
IF-MIB::ifPhysAddress.27=STRING:c4:1:1e:c8:0:0
IF-MIB::ifAdminStatus.1=INTEGER:up(1)
IF-MIB::ifAdminStatus.2=INTEGER:down(2)
…
Andsoon.
Thefirstpart,theonebeforethe=signis,naturally,theOID.ThiswillgointotheSNMPOIDfieldintheZabbixitemcreationpageandistheuniqueidentifierforthemetricyouareinterestedin.SomeOIDsrepresentasingleanduniquemetricforthedevice,sotheyareeasytoidentifyandaddress.Intheaboveexcerpt,onesuchOIDisDISMAN-EVENT-MIB::sysUpTimeInstance.IfyouareinterestedinmonitoringthatOID,you’donlyhavetofillouttheitemcreationformwiththeOIDitselfandthendefineanitemname,adatatype,andaretentionpolicy,andyouarereadytostartmonitoringit.Inthecaseofanuptimevalue,time-ticksareexpressedinseconds,soyou’llchooseanumericdecimaldatatype.We’llseeinthenextsectionhowtochooseZabbixitemdatatypesandhowtostorevaluesbasedonSNMPdatatypes.You’llalsowanttostorethevalueasisandoptionallyspecifyaunitofmeasure.Thisisbecauseanuptimeisalreadyarelativevalueasitexpressesthetimeelapsedsinceadevice’slatestboot.Therewouldbenopointincalculatingafurtherdeltawhengettingthismeasurement.Finally,you’lldefineapollingintervalandchoosearetentionpolicy.Inthefollowingexample,thepollingintervalisshowntobe5minutes(300seconds),thehistoryretentionpolicyas3days,andthetrendstorageperiodasoneyear.Theseshouldbesensiblevaluesasyoudon’tnormallyneedtostorethedetailedhistoryofavaluethateitherresetstozero,or,bydefinition,growslinearlybyonetickeverysecond.
Thefollowingscreenshotencapsulateswhathasbeendiscussedinthisparagraph:
www.it-ebooks.info
![Page 91: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/91.jpg)
Rememberthattheitem’skeyvaluestillhastobeuniqueatthehost/templatelevelasitwillbereferencedtobyallotherZabbixcomponents,fromcalculateditemstotriggers,maps,screens,andsoon.Don’tforgettoputtherightcredentialsforSNMPv3ifyouareusingthisversionoftheprotocol.
ManyofthemoreinterestingOIDs,though,areabitmorecomplex:multipleOIDscanberelatedtooneanotherbymeansofthesameindex.Let’slookatanothersnmpwalkoutputexcerpt:
IF-MIB::ifNumber.0=INTEGER:26
IF-MIB::ifIndex.1=INTEGER:1
IF-MIB::ifIndex.2=INTEGER:2
IF-MIB::ifIndex.3=INTEGER:3
…
IF-MIB::ifDescr.1=STRING:FastEthernet0/0
www.it-ebooks.info
![Page 92: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/92.jpg)
IF-MIB::ifDescr.2=STRING:Serial0/0
IF-MIB::ifDescr.3=STRING:FastEthernet0/1
…
IF-MIB::ifType.1=INTEGER:ethernetCsmacd(6)
IF-MIB::ifType.2=INTEGER:propPointToPointSerial(22)
IF-MIB::ifType.3=INTEGER:ethernetCsmacd(6)
…
IF-MIB::ifMtu.1=INTEGER:1500
IF-MIB::ifMtu.2=INTEGER:1500
IF-MIB::ifMtu.3=INTEGER:1500
…
IF-MIB::ifSpeed.1=Gauge32:10000000
IF-MIB::ifSpeed.2=Gauge32:1544000
IF-MIB::ifSpeed.3=Gauge32:10000000
…
IF-MIB::ifPhysAddress.1=STRING:c4:1:1e:c8:0:0
IF-MIB::ifPhysAddress.2=STRING:
IF-MIB::ifPhysAddress.3=STRING:c4:1:1e:c8:0:1
…
IF-MIB::ifAdminStatus.1=INTEGER:up(1)
IF-MIB::ifAdminStatus.2=INTEGER:down(2)
IF-MIB::ifAdminStatus.3=INTEGER:down(2)
…
IF-MIB::ifOperStatus.1=INTEGER:up(1)
IF-MIB::ifOperStatus.2=INTEGER:down(2)
IF-MIB::ifOperStatus.3=INTEGER:down(2)
…
IF-MIB::ifLastChange.1=Timeticks:(1738)0:00:17.38
IF-MIB::ifLastChange.2=Timeticks:(1696)0:00:16.96
IF-MIB::ifLastChange.3=Timeticks:(1559)0:00:15.59
…
IF-MIB::ifInOctets.1=Counter32:305255
IF-MIB::ifInOctets.2=Counter32:0
IF-MIB::ifInOctets.3=Counter32:0
…
IF-MIB::ifInDiscards.1=Counter32:0
IF-MIB::ifInDiscards.2=Counter32:0
IF-MIB::ifInDiscards.3=Counter32:0
…
IF-MIB::ifInErrors.1=Counter32:0
IF-MIB::ifInErrors.2=Counter32:0
IF-MIB::ifInErrors.3=Counter32:0
…
IF-MIB::ifOutOctets.1=Counter32:347968
IF-MIB::ifOutOctets.2=Counter32:0
IF-MIB::ifOutOctets.3=Counter32:0
Asyoucansee,foreverynetworkinterface,thereareseveralOIDs,eachonedetailingaspecificaspectoftheinterface:itsname,itstype,whetherit’supordown,theamountoftrafficcominginorgoingout,andsoon.ThedifferentOIDsarerelatedthroughtheirlastnumber,theactualindexoftheOID.Lookingattheprecedingexcerpt,weknowthatthedevicehas26interfaces,ofwhichweareshowingsomevaluesforjustthefirstthree.Bycorrelatingtheindexnumbers,wealsoknowthatinterface1iscalledFastEthernet0/0,itsMACaddressisc4:1:1e:c8:0:0,theinterfaceisupandhasbeenupforjust17
www.it-ebooks.info
![Page 93: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/93.jpg)
seconds,andsometrafficalreadywentthroughit.
Now,onewaytomonitorseveralofthesemetricsforthesameinterfaceistomanuallycorrelatethesevalueswhencreatingtheitems,puttingthecompleteOIDintheSNMPOIDfield,andmakingsurethatboththeitemkeyanditsnamereflecttherightinterface.Thisprocessisnotonlypronetoerrorsduringthesetupphase,butitcouldalsointroducesomeinconsistenciesdowntheroad.Thereisnoguarantee,infact,thattheindexwillremainconsistentacrosshardwareorsoftwareupgradesorevenacrossconfigurationswhenitcomestomorevolatilestateslikethenumberofVLANsorroutingtablesinsteadofnetworkinterfaces.FortunatelyZabbixprovidesafeature,calleddynamicindexes,thatallowsyoutoactuallycorrelatedifferentOIDsinthesameSNMPOIDfieldsothatyoucandefineanindexbasedontheindexexposedbyanotherOID.
ThismeansthatifyouwanttoknowtheadminstatusofFastEthernet0/0,youdon’tneedtofindtheindexassociatedwithFastEthernet0/0(inthiscaseitwouldbe1)andthenaddthatindextoIF-MIB::ifAdminStatusofthebaseOID,hopingthatitwon’teverchangeinthefuture.Youcaninsteadusethefollowingcode:
IF-MIB::ifAdminStatus["index","IF-MIB::ifDescr","FastEthernet0/0"]
UponusingtheprecedingcodeintheSNMPOIDfieldofyouritem,theitemwilldynamicallyfindtheindexoftheIF-MIB::ifDescrOIDwherethevalueisFastEthernet0/0andappendittoIF-MIB::ifAdminStatusinordertogettherightstatusfortherightinterface.
Ifyouorganizeyouritemsthisway,you’llalwaysbesurethatrelateditemsactuallyshowtherightrelatedvaluesforthecomponentyouareinterestedinandnotthoseofanotheronebecausethingschangedonthedevice’ssidewithoutyourknowledge.Moreover,we’llbuildonthistechniquetodeveloplow-leveldiscoveryofadeviceaswe’llseeinChapter4,DiscoveringYourNetwork.
Youcanusethesametechniquetogetotherinterestinginformationoutofadevice.Consider,forexample,thefollowingexcerpt:
ENTITY-MIB::entPhysicalVendorType.1=OID:CISCO-ENTITY-VENDORTYPE-OID-
MIB::cevChassis3640
ENTITY-MIB::entPhysicalVendorType.2=OID:CISCO-ENTITY-VENDORTYPE-OID-
MIB::cevContainerSlot
ENTITY-MIB::entPhysicalVendorType.3=OID:CISCO-ENTITY-VENDORTYPE-OID-
MIB::cevCpu37452fe
ENTITY-MIB::entPhysicalClass.1=INTEGER:chassis(3)
ENTITY-MIB::entPhysicalClass.2=INTEGER:container(5)
ENTITY-MIB::entPhysicalClass.3=INTEGER:module(9)
ENTITY-MIB::entPhysicalName.1=STRING:3745chassis
ENTITY-MIB::entPhysicalName.2=STRING:3640ChassisSlot0
ENTITY-MIB::entPhysicalName.3=STRING:c3745MotherboardwithFast
EthernetonSlot0
ENTITY-MIB::entPhysicalHardwareRev.1=STRING:2.0
ENTITY-MIB::entPhysicalHardwareRev.2=STRING:
www.it-ebooks.info
![Page 94: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/94.jpg)
ENTITY-MIB::entPhysicalHardwareRev.3=STRING:2.0
ENTITY-MIB::entPhysicalSerialNum.1=STRING:FTX0945W0MY
ENTITY-MIB::entPhysicalSerialNum.2=STRING:
ENTITY-MIB::entPhysicalSerialNum.3=STRING:XXXXXXXXXXX
Itshouldbeimmediatelycleartoyouthatyoucanfindthechassis’sserialnumberbycreatinganitemwith:
ENTITY-MIB::entPhysicalSerialNum["index","ENTITY-MIB::entPhysicalName",
"3745chassis"]
Thenyoucanspecify,inthesameitem,thatitshouldpopulatetheSerialNumberfieldofthehost’sinventory.Thisishowyoucanhaveamoreautomatic,dynamicpopulationofinventoryfields.
Thepossibilitiesareendlessaswe’veonlyjustscratchedthesurfaceofwhatanygivendevicecanexposeasSNMPmetrics.BeforeyougoandfindyourfavoriteOIDstomonitorthough,let’shaveacloserlookattheprecedingexamples,andlet’sdiscussdatatypes.
GettingdatatypesrightWehavealreadyseenhowanOID’svaluehasaspecificdatatypethatisusuallyclearlystatedwiththedefaultsnmpwalkcommand.Intheprecedingexamples,youcanclearlyseethedatatypejustafterthe=sign,beforetheactualvalue.ThereareanumberofSNMPdatatypes—somestillcurrentandsomedeprecated.YoucanfindtheofficiallistanddocumentationinRFC2578(http://tools.ietf.org/html/rfc2578),butlet’shavealookatthemostimportantonesfromtheperspectiveofaZabbixuser:
SNMPtype Description SuggestedZabbixitemtypeandoptions
INTEGERThiscanhavenegativevaluesandisusuallyusedforenumerations
Numericunsigned,decimalStorevalueasisShowwithvaluemappings
STRING Thisisaregularcharacterstringandcancontainnewlines TextStorevalueasis
OID ThisisanSNMPobjectidentifier CharacterStorevalueasis
IpAddress IPv4onlyCharacterStorevalueasis
Counter32 Thisincludesonlynon-negativeandnondecreasingvaluesNumericunsigned,decimalStorevalueasdelta(speedpersecond)
Gauge32 Thisincludesonlynon-negativevalues,whichcandecrease Numericunsigned,decimalStorevalueasis
www.it-ebooks.info
![Page 95: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/95.jpg)
Counter64 Thisincludesnon-negativeandnondecreasing64-bitvalues Numericunsigned,decimalStorevalueasdelta(speedpersecond)
TimeTicks Thisincludesnon-negative,nondecreasingvalues Numericunsigned,decimalStorevalueasis
Firstofall,rememberthattheabovesuggestionsarejustthat—suggestions.Youshouldalwaysevaluatehowtostoreyourdataonacase-by-casebasis,butyou’llprobablyfindthatinmanycasesthoseareindeedthemostusefulsettings.
Movingontotheactualdatatypes,rememberthatthecommandlineSNMPtoolsbydefaultparsethevaluesandshowsomealreadyinterpretedinformation.ThisisespeciallytrueforTimeticksvaluesandforINTEGERvalueswhentheseareusedasenumerations.Inotherwords,youseethefollowingfromthecommandline:
VRRP-MIB::vrrpNotificationCntl.0=INTEGER:disabled(2)
However,whatisactuallypassedasarequestisthebareOID:
1.3.6.1.2.1.68.1.2.0
TheSNMPagentwillrespondwithjustthevalue,which,inthiscase,isthevalue2.
Thismeansthatinthecaseofenumerations,Zabbixwilljustreceiveandstoreanumberandnotthestringdisabled(2)asseenfromthecommandline.Ifyouwanttodisplaymonitoringvaluesthatareabitclearer,youcanapplyvaluemappingstoyournumericitems.Valuemapscontainthemappingbetweennumericvaluesandarbitrarystringrepresentationsforahuman-friendlyrepresentation.Youcanspecifywhichoneyouneedintheitemconfigurationform,asfollows:
www.it-ebooks.info
![Page 96: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/96.jpg)
Zabbixcomeswithafewpredefinedvaluemappings.Youcancreateyourownmappingsbyfollowingtheshowvaluemappingslinkand,providedyouhaveadminrolesonZabbix,you’llbetakentoapagewhereyoucanconfigureallvaluemappingsthatwillbeusedbyZabbix.Fromthere,clickonCreatevaluemapintheupper-rightcornerofthepage,andyou’llbeabletocreateanewmapping.NotallINTEGERvaluesareenumerations,butthosethatareusedassuchwillbeclearlyrecognizablefromyourcommand-linetoolsastheywillbedefinedasINTEGERvaluesbutwillshowastringlabelalongwiththeactualvalue,justasintheprecedingexample.
Ontheotherhand,whentheyarenotusedasenumerations,theycanrepresentdifferentthingsdependingonthecontext.Asseeninthepreviousparagraph,theycanrepresentthenumberofindexesavailableforagivenOID.Theycanalsorepresentapplicationorprotocol-specificvalues,suchasdefaultMTU,defaultTTL,routemetrics,andsoon.
Themaindifferencebetweengauges,counters,andintegersisthatintegerscanassumenegativevalues,whilegaugesandcounterscannot.Inadditiontothat,counterscanonlyincreaseorwraparoundandstartagainfromthebottomoftheirvaluerangeoncetheyreachtheupperlimitsofit.FromtheperspectiveofZabbix,thismarksthedifferenceinhowyou’llwanttostoretheirvalues.
Gaugesareusuallyemployedwhenavaluecanvarywithinagivenrange,suchasthespeedofaninterface,theamountoffreememory,oranylimitsandtimeoutsyoumightfindfornotifications,thenumberofinstances,andsoon.Inallofthesecases,thevaluecanincreaseordecreaseintime,soyou’llwanttostorethemastheyarebecauseonceputonagraph,they’lldrawameaningfulcurve.
Counters,ontheotherhand,canonlyincreasebydefinition.Theyaretypicallyusedtoshowhowmanypacketswereprocessedbyaninterface,howmanyweredropped,howmanyerrorswereencountered,andsoon.Ifyoustorecountervaluesastheyare,you’llfindinyourgraphssomeever-ascendingcurvesthatwon’ttellyouverymuchforyourmonitoringorcapacityplanningpurposes.Thisiswhyyou’llusuallywanttotrackacounter’samountofchangeintime,morethanitsactualvalue.Todothat,Zabbixofferstwodifferentwaystostoredeltasordifferencesbetweensuccessivevalues.
Thedelta(simplechange)storagemethoddoesexactlywhatitsays:itsimplycomputesthedifferencebetweenthecurrentlyreceivedvalueandthepreviouslyreceivedone,andstorestheresult.Itdoesn’ttakeintoconsiderationtheelapsedtimebetweenthetwomeasurements,northefactthattheresultcanevenhaveanegativevalueifthecounteroverflows.Thefactisthatmostofthetime,you’llbeveryinterestedinevaluatinghowmuchtimehaspassedbetweentwodifferentmeasurementsandintreatingcorrectlyanynegativevaluesthatcanappearasaresult.
Thedelta(speedpersecond)willdividethedifferencebetweenthecurrentlyreceivedvalueandthepreviouslyreceivedonebythedifferencebetweenthecurrenttimestampandthepreviousone,asfollows:
(value–prev_value)/(time-prev_time)
www.it-ebooks.info
![Page 97: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/97.jpg)
Thiswillensurethatthescaleofthechangewillalwaysbeconstant,asopposedtothescaleofthesimplechangedelta,whichwillvaryeverytimeyoumodifytheupdateintervaloftheitem,givingyouinconsistentresults.Moreover,thespeed-per-seconddeltawillignoreanynegativevaluesandjustwaitforthenextmeasurement,soyouwon’tfindanyfalsedipsinyourgraphduetooverflowing.
Finally,whileSNMPusesspecificdatatypesforIPaddressesandSNMPOIDs,therearenosuchtypesinZabbix,soyou’llneedtomapthemtosomekindofstringitem.Thesuggestedtypehereischaracterasbothvalueswon’tbebiggerthan255charactersandwon’tcontainanynewlines.
Stringvalues,ontheotherhand,canbequitelongastheSNMPspecificationallowsfor65,535-character-longtexts;however,textthatlongwouldbeoflittlepracticalvalue.Eveniftheyareusuallymuchshorter,stringvaluescanoftencontainnewlinesandbelongerthan255characters.
Consider,forexample,thefollowingSysDescrOIDforthisdevice:
NMPv2-MIB::sysDescr.0=STRING:CiscoIOSSoftware,3700Software(C3745-
ADVENTERPRISEK9_SNA-M),Version12.4(15)T14,RELEASESOFTWARE(fc2)^M
TechnicalSupport:http://www.cisco.com/techsupport^M
Copyright(c)1986-2010byCiscoSystems,Inc.^M
CompiledTue17-Aug-1012:56byprod_rel_tea
Asyoucansee,thestringspansmultiplelines,andit’sdefinitelylongerthan255characters.Thisiswhythesuggestedtypeforstringvaluesistextasitallowstextofarbitrarylengthandstructure.Ontheotherhand,ifyou’resurethataspecificOIDvaluewillalwaysbemuchshorterandsimpler,youcancertainlyusethecharacterdatatypeforyourcorrespondingZabbixitem.
Now,youaretrulyreadytogetthemostoutofyourdevices’SNMPagentsasyouarenowabletofindtheOIDyouwanttomonitorandmapthemperfectlytoZabbixitems,downtohowtostorethevalues,theirdatatypes,withwhatfrequency,andwithanyvaluemappingthatmightbenecessary.
It’snowtimetoexploretheotheraspectofSNMP:traps.
www.it-ebooks.info
![Page 98: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/98.jpg)
SNMPtrapsSNMPtrapsareabitofanoddballwhencomparedtoalltheotherZabbixitemtypes.Unlikeotheritems,SNMPtrapsdonotreportasimplemeasurement,butaneventofsometype.Inotherwords,theyaretheresultofsomekindofcheckorcomputationmadebytheSNMPagentandsentovertothemonitoringserverasastatusreport.AnSNMPtrapcanbeissuedeverytimeahostisrebooted,aninterfaceisdown,adiskisdamaged,oraUPShaslostpowerandiskeepingserversupusingitsbattery.
ThiskindofinformationcontrastswithZabbix’sbasicassumptionthatanitemisasimplemetricnotdirectlyrelatedtoaspecificevent.Ontheotherhand,there’snootherwaytobeawareofcertainsituationsifnotthroughanSNMPtrapeitherbecausetherearenorelatedmetrics(consider,forexample,theeventtheserverisbeingshutdown)orbecausetheappliance’sonlywaytoconveyitsstatusisthroughabunchofSNMPobjectsandtraps.
SotrapsareofrelativelylimitedusetoZabbixasyoucan’tdomuchmorethanbuildasimpletriggeroutofeverytrapandthennotifyabouttheevent(notmuchpointingraphingatraporbuildingcalculateditemsonit).Nevertheless,theymightproveessentialforacompletemonitoringsolution.
TomanageSNMPtrapseffectively,Zabbixneedsacoupleofhelpertools:thesnmptrapddaemontoactuallyhandleconnectionsfromtheSNMPagentsandsomekindofscripttocorrectlyformateverytrapandpassittotheZabbixserverforfurtherprocessing.
SnmptrapdIfyouhavecompiledSNMPsupportintotheZabbixserver,youshouldalreadyhavethecompleteSNMPsuiteinstalled,whichcontainstheSNMPdaemonandtheSNMPtrapdaemonalongwiththeutilitieswehaveusedintheprevioussection.
JustastheZabbixserverhasabunchofdaemonprocessesthatlistenonTCPport10051forincomingconnections(fromagents,proxies,andnodes),snmptrapdisthedaemonprocessthatlistensonUDPport162forincomingtrapscomingfromremoteSNMPagents.
Onceinstalled,snmptrapdreadsitsconfigurationoptionsfromansnmptrapd.conffilethatcanbeusuallyfoundinthe/etc/snmp/directory.ThebareminimumconfigurationforsnmptrapdrequiresthedefinitionofauserandaprivacylevelforSNMPv3,asfollows:
createUserzbxuserSHAauthAESpriv
authUserlog,execute,netzbxuser
TipTheaboveconfigurationwillenablesnmptrapdtoreceiveSNMPv3INFORMpackets.ThesearejustlikeregularSNMPtraps,withtwodifferences:thefirstoneisthatwhileanagentwon’texpectaresponseaftersendingatrap,INFORMpacketsareacknowledged,sosnmptrapdwillsendaresponseforeverytrapreceived.Butthemostimportantdifference
www.it-ebooks.info
![Page 99: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/99.jpg)
isthatwithINFORMpackets,theauthoritativeEngineIDwillbethatofthereceivingpartyandnotthesendingpartyaswithregulartraps.Thismeansthatyou’llhavetospecifyyourserver’sEngineIDtoeverydevicethatwillsendSNMPv3INFORMpackets.Sinceyou’llhavetoconfigurethemtosendpacketstotheserveranyway,thiswon’tmeantoomuchwork.Manyagentsautomaticallydiscoverapeer’sEngineIDbeforesendinganINFORM,butifyouneedtosetityourself,youcandiscoveryourserver’sEngineIDusingsnmpgetandaskingforthesnmpEngineID.0OID.
IfyouwanttouseregularSNMPtraps,you’llhavetoinsertanewcreateUserlineforeveryagentthatwillsendtrapstotheserver,witheachonespecifyingthecorrectEngineIDoftheagentsendingtraps.
Withthisminimalconfiguration,snmptrapdwilllimititselftologthetraptosyslog.WhileitcouldbepossibletoextractthisinformationandsendittoZabbix,it’seasiertotellsnmptrapdhowitshouldhandletraps.Whilethedaemonhasnoprocessingcapabilitiesofitsown,itcanexecuteanycommandorapplicationeitherusingthetrapHandledirective,orleveragingitsembeddedPerlfunctionality.Thelatterismoreefficientasthedaemonwon’thavetoforkanewprocessandwaitforitsexecutiontofinish,soit’stherecommendedoneifyouplantoreceiveasignificantnumberoftraps.Justaddthefollowinglinetosnmptrapd.conf:
perldo"/usr/local/bin/zabbix_trap_receiver.pl";
TipYoucangetthezabbix_trap_receiverscriptfromtheZabbixsources.It’slocatedinmisc/snmptrap/zabbix_trap_receiver.pl.
BesuretocheckthatyoualsohavetheNet-SNMPPerlmoduleinstalled.Ifyouneedit,asimpleyuminstallnet-snmp-perlcommandshouldtakecareofeverything.
Oncerestarted,thesnmptrapddaemonwillexecutethePerlscriptyouspecifiedtoprocesseverytrapreceived,translatingitintoaformatthatcanbeeasilyparsedbytheZabbixserver.Inthefollowingsection,we’llseehowanSNMPtrapistranslatedandusedbyZabbix.
TransformingatrapintoaZabbixitemThePerlscriptincludedintheZabbixdistributionworksasatranslatorfromanSNMPtrapformattoaZabbixitemmeasurement.Foreverytrapreceived,itwillformatitaccordingtotherulesdefinedinthescriptandwilloutputtheresultinalogfile.Bydefault,thelogfileiscalled/tmp/zabbix_traps.tmp.YouneedtomakesurethatthesamefileisreadbyZabbixbysettingthefollowingparametersin/etc/zabbix/zabbix_server.conf:
###Option:StartSNMPTrapper
#If1,SNMPtrapperprocessisstarted.
#
#Mandatory:no
#Range:0-1
#Default:
www.it-ebooks.info
![Page 100: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/100.jpg)
StartSNMPTrapper=1
###Option:SNMPTrapperFile
#TemporaryfileusedforpassingdatafromSNMPtrapdaemontothe
server.
#Mustbethesameasinzabbix_trap_receiver.plorSNMPTT
configurationfile.
SNMPTrapperFile=/tmp/zabbix_traps.tmp
Thelogfilewillhaveaformatsimilartothefollowingexample:
03:47:102014/12/09ZBXTRAP127.0.0.1
PDUINFO:
notificationtypeTRAP
version0
receivedfromUDP:[127.0.0.1]:34373->[127.0.0.1]
errorstatus0
messageid0
communitypublic
transactionid3
errorindex0
requestid0
VARBINDS:
DISMAN-EVENT-MIB::sysUpTimeInstancetype=67value=Timeticks:(55)
0:00:00.55
SNMPv2-MIB::snmpTrapOID.0type=6value=OID:IF-MIB::linkDown.0.33
IF-MIB::linkDowntype=4value=Hex-STRING:E2809C5445
53544D454E4F57E2809D
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0type=4value=STRING:"public"
SNMPv2-MIB::snmpTrapEnterprise.0type=6value=OID:IF-MIB::linkDown
TheZBXTRAPfollowedbytheIPaddresswillmarkthestartofanewlogstanza.Therestofthelogwillcontainalldetailsaboutthetrap,soyou’llbeabletoactonanyofthose.
TheZabbixserverwillinturnmonitortheaforesaidlogfileandprocesseverynewlineasanSNMPtrapitem,basicallymatchingthecontentofthelogtoanytrapitemdefinedfortherelevanthost.
Asyou’vealreadyseen,thefirstpartoftheloglineisusedbytheZabbixtrapreceivertomatchatrapwithitscorrespondinghost.Therestismatchedtotheaforesaidhost’sSNMPtrapitem’sregexpdefinitionsanditscontentaddedtoeverymatchingitem’shistoryofvalues.ThismeansthatifyouwishtohavealinkDowntrapitemforagivenhost,you’llneedtoconfigureanSNMPtrapitemwithansnmptrap["linkDown"]key,asfollows:
www.it-ebooks.info
![Page 101: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/101.jpg)
Youmightneedtomakesurethatthelogtimeformatyouspecifyintheitem’sconfigurationwillmatchtheoneusedbythePerlscript.You’llalsohavetocheckthatthehost’sinterfacewillmatchtheoneloggedbysnmptrapdbecauseit’stheonepieceofdataZabbixwillusetomatchtrapstohosts.
Fromnowon,you’llbeabletoseethecontentsofthetrapintheitem’sdatahistory.
MovingonfromSNMP,therearestillotherdatasourcesthatyoucanrelyontogetmonitoringdataintoZabbix;forthepurposesofthisbook,themostinterestingonesarelogfiles.ComparedtoSNMP,theycanbetrickytoworkwith,buttheydohavetheiruses,solet’sexplorethemforawhile.
GettingnetflowfromthedevicestothemonitoringserverNetflowisaprotocoloriginallydevelopedbyCiscotocollectandmonitorstatisticsofnetworktrafficonadevice.Aftertheinitialrelease,manyvendorsstartedprovidingtheirownimplementationoftheprotocol.In2008IETFstandardizednetflowandpublishedInternetProtocolFlowInformationeXport(IPFIX)basedonnetflowv9withsomeextensions.However,netflowsomehowremainstheexistingnameoftheprotocolinfactbutnotnecessarilybylegalright,sothat’stheonewe’llusehere.
Anetflowrecordcontainsinformationaboutasinglenetworkflow.Aflowisasequenceofpacketsthatsharesomecommonproperties:
IPprotocolSourceIPaddressSourceport(forTCPandUDP)DestinationIPaddressDestinationport(forTCPandUDP)InputinterfaceTypeofservice
Foreachflow,arecordexposesmanydifferentvalues,whichchangewithnetflow
www.it-ebooks.info
![Page 102: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/102.jpg)
versionsandimplementations.Herearethemostcommonones:
InputinterfaceofthedeviceOutputinterfaceofthedeviceFlowstarttimeFlowendtimeNumberofbytesintheflowNumberofpacketsintheflowSourceIPaddressSourceIPportSourceIPmaskDestinationIPaddressDestinationIPportDestinationIPmaskICMPtypeandcodeTCPflagsIPaddressoftheimmediatenext-hop
Itshouldbeimmediatelycleartoyouthatthistypeofinformationcanbeextremelyusefultoanetworkadministratorasitallowsyoutobuildapictureofallthetraffictraversingyournetwork.ItcanalsobeusedtoidentifyanomaloustrafficandtraffictoandfromIPaddressesorportsthatshouldnotbethere,orasforensicevidenceafteranincident.Moreover,itcanbeusedasasourceforcapacity-planninganalysistoidentifybottlenecksinyournetwork,periodsofpeakuse,andtoptalkersamongyourserversanddevices.
Finally,aswewereexplainingpreviously,it’sagoodcandidateforaZabbixlogitemasflowdataisusefulevenifitisnotdirectlyrelatedtothehostthatgeneratedit(evenifit’sstillusefultotrackthatpieceofinformationwheneverpossible).
So,let’sseehowtogetnetflowdataintoZabbix.
Firstofall,you’llhavetoconfigureyourdevicetosendflowdatatoaserver.InthecaseofaCiscodevice,herearetheconfigurationcommandsthatyouneedtoissue(remembertosubstituteallreferencestotheexampleZabbixserverwiththerealonesthatapplytoyourenvironment):
R1(config)#ipflow-exportdestination192.168.234.1319995
R1(config)#ipflow-exportversion9
R1(config)#interfacef0/0
R1(config-if)#ipflowingress
R1(config-if)#ipflowegress
R1(config-if)#exit
Inthefirstline,wespecifytheIPaddressofourZabbixserverandtheUDPportthedeviceshouldsendnetflowinformationto.
Thesecondlinesetsthenetflowversion.
Inthethirdline,wegointointerfacef0/0mode.Pleasenotethatyou’llhavetoexplicitlyenablenetflowforeveryinterfaceyouareinterestedin.Thisisusuallynotaproblem
www.it-ebooks.info
![Page 103: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/103.jpg)
becauseifyouconfigurenetflowontherightinterfacesofyourrouters,you’llseemost,ifnotallofyourtrafficanyway;youwon’tneedtoenablenetflowoneveryinterfaceofeverynetworkdeviceyouhave.
Thefourthlineenablesnetflowmonitoringforincomingtrafficoninterfacef0/0,whilethefifthlineenablesnetflowmonitoringforoutgoingtrafficonthesameinterface.Ifyouwanttoenablenetflowonotherinterfaces,you’llneedtorepeatlines3to5foreveryinterfaceyouareinterestedin.
Repeatthewholeprocessforalltheroutersyouwanttogetflowinformationfrom,andonceyouaredone,youarereadytoturntoyourZabbixserver.
ReceivingnetflowdataonyourserverToactuallyreceiveandprocessnetflowpacketsonaserver,youneedadaemonthatwilllistenonaspecifiedUDPport,andthatwillunderstandthenetflowprotocol.OnLinux,suchdaemonsandassociatedtoolsarecontainedinthenfdumppackage.
Nfdumpisacollectionoftoolsthatwillenableyoutocapturenetflowdata,storeitondisk,filterit,andanalyzeit.Themostimportantcomponentsare:
nfcapd:Thisisthedaemoncomponentthatlistensforincomingnetflowdataandstoresitondiskinbinaryformatnfdump:Thisissimilartotcpdump;itreadsandfiltersnfcapdfiles,andoutputsreadabledata
Sothebasicdataflowwillbesimilartothisone:
1. Aroutersendsnetflowdatatotheserver.2. Ontheserver,nfcapdcapturesthedataandstoresitinbinaryfiles.3. Aschedulednfdumpprocesswillreadthebinaryfilesandpopulateahumanreadable
logwithnetflowinformation.4. AZabbixagentwillreadthelogandsenddatatotheZabbixserveraccordingtothe
item’sconfiguration.
Wehavealreadytakencareofpoint1,solet’sseehowtoinstallandconfigurethenfdumppackage,beforelookingintotheZabbixside.
Unfortunately,therearenoreadymaderpmpacketsfornfdump,sowe’llneedtofindthesourcecode,compileit,andinstallit.Thisisusuallyastraightforwardprocess.Firstofall,let’sinstallsomerequireddependenciesfornfdump:
#yuminstallrrdtoolrrdtool-develrrdtool-docperl-rrdtool
Then,we’llneedtodownloadthelatestsources.Atthemomentofwritingthis,thelatestavailableversionis1.6.12.Youcandownloadthepackagefromhttp://sourceforge.net/projects/nfdump/andthentransferittoyourserver.Onceyouhavetar.gzready,unpackit:
$tarxvzfnfdump-1.6.12.tar.gz
www.it-ebooks.info
![Page 104: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/104.jpg)
Thenmoveintothenfdump-1.6.12directoryandruntheusualconfigure,make,andmakeinstallsequence.Ifyouwanttoinstallnfdumpinthemaindirectoriesinsteadofthe/usr/localtree,justpassthe–prefixoptiontotheconfigurescript.Inthefollowingexample,that’swhatwe’lluse:
$cdnfdump-1.6.12
$./configure–prefix=/usr--sysconfdir=/etc
$make
$suroot
#makeinstall
Onceinstalled,youcanaddadedicateduserfornfcapdsothatitdoesn’thavetorunasrootandsetaworkingdirectoryforit:
#useradd-s/sbin/nologinnetflow
#mkdir-p/var/nfdump/nfcapd
#mkdir-p/var/nfdump/logs
#chown-Rnetflow/var/nfdump
Whenyourunnfcapd,itwillcreateitsbinaryfilesunder/var/nfdump/nfcapd.Nfcapdfilesarerotated,bydefault,onceeveryfiveminutesandcanbeseparatedintoonedumpcollection(currentandrotatedfiles)persendinghostorasinglecollectionforallsendinghosts.Theycanalsobeexpiredafterasetamountoftime.Youarenowreadytowaitfornetflowdataandtransformitintoalogfile.Todothat,you’llneedtopasstherightoptiontonfcapd.Sincetherearequiteafewoptionstopass,let’sbuildthecommandlinelittlebylittle.Pleasedon’truntheintermediatecommands,butonlythefinalone;nfcapdwillcomplainaboutmissingoptionsandrefusetorun.
Firstofall,we’llpasssomeoptionsthatwillinstructnfcapdtogointodaemonmode(-D),tocompressoutput(-z),torunasusernetflow(-u),andtolistenonport9995(-p):
#nfcapd-D-z-unetflow-p9995
Then,we’llneedtoaddsomeoptionsaboutdatasources.Theacceptedcurrentmethodistousethe-nswitch.We’llalsoinstructnfcapdtocreateadditionalsubdirectoriestostorethecapfilestobetterorganizethem(-S):
#nfcapd-D-z-unetflow-p9995-nR1,192.168.11.9,/var/nfdump/nfcapd-n
R2,10.10.1.254,/var/nfdump/nfcapd-S2
Asyoucansee,you’llhavetospecifyadifferent-noptionforeverysourceyouconfigure.Ifyouhavemanynetflowsources,itmightbebettertorundifferentinstancesofnfcapdondifferentUDPportssoastosharetheloadbetweendifferentprocesses.Inthatcase,justremembertoconfigureyourdevicesaccordinglysothattheysendtheirtraffictothecorrectUDPport.The-S2optionwillcreateadditionalyear/month/day/hourdirectoriesunder/var/nfdump/nfcapdtostorecurrentandrotatedfiles.
Nfcapdfilesarerotatedeveryfiveminutes,andifyournetworkhasalotoftraffic,yournfcapddirectorycanbecomehuge.Youcouldscheduleaseparatejobtocleanthemup,butwiththe-eoption,nfcapdwillbeabletoalsotakecareofthat.Justsettheexpirationparameterwithnfexpireandnfcapdwillpickthemup:
www.it-ebooks.info
![Page 105: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/105.jpg)
#nfexpire-u/var/nfdump/nfcapd-s15G-t90d
#nfcapd-D-z-unetflow-p9995-nR1,192.168.11.9,/var/nfdump/nfcapd-n
R2,10.10.1.254,/var/nfdump/nfcapd-S2-e
Intheaboveexample,wesetthesizelimitofthedirectoryto15gigabytes,andthecap(maximum)fileageto90days.Fileswillbedeletedbynfcapdwheneveroneoftheselimitsisreached.Thelastlineintheprecedingcommandnowcontainsalltheparametersweneedforbasicnetflowdumping.Ifyourunit(don’tforgetthenfexpirecommandtoo)orputitintoastartupscript,nfcapdwilllistenonthespecifiednetworkportforincomingnetflowdataandwriteittothedirectoriesyouspecified.
Onceyouhavesomedatain,youcanreaditwithnfdumpandoutputahuman-readablesetofrecords:
$nfdump-r/var/nfdump/nfcapd/2014/10/29/02/nfcapd.201410290250-o
extended
DateflowstartDurationProtoSrcIPAddr:PortDstIP
Addr:PortFlagsTosPacketsBytesppsbpsBppFlows
2014-10-2902:51:53.16063.545TCP10.13.27.151:80->
123.43.98.124:6523.AP.SF01288412055056
1
2014-10-2902:53:13.37023.135TCP64.76.73.121:25->
10.138.41.151:7643.AP.SF0512450055156
1
...
Timewindow:Oct29201402:50:00-Oct29201402:54:56
Thisisgettingclosertoourobjective.Ifyourunnfdumpandredirectitsoutputtoafileinsteadofthescreen,thereyouhavethelogfilewe’vebeentalkingaboutinthelastseveralpages.Todothat,youareprobablythinkingofsettingupacronjobthatwillfindthelatestnfcapdfilesthatweren’talreadyparsedbynfdump,makenfdumpreadthemwhilespecifyingatimewindowsothatyourlogfilewon’tcontainduplicateddata,andaddtheaforesaidoutputtoalogfilethatwillbemonitoredbyZabbix.Thiscanbeanontrivialexercisewhenyouconsiderthatnfcapdwillcontinuallyproducenewfilesandwillputtheminnewdirectoriesallthetime.Moreover,you’llneedtokeepsomekindofexecutionstatewiththetimestampofthelasttimenfdumpwasruninordertoavoidtheaforesaidduplicates.
Itturnsoutthatyou’llbeabletoavoidallthiswork,thankstoaniceoptionfornfcapd,the-xoption.Solet’srewritethenfcapdcommandonelasttime:
#nfcapd-D-z-unetflow-p9995-nR1,192.168.11.9,/var/nfdump/nfcapd-n
R2,10.10.1.254,/var/nfdump/nfcapd-S2-e-x'nfdump-q-oextended-r%d/%f
>>/var/nfdump/logs/zabbix_netflow.log'
The-xcommandexecutesanarbitrarycommandeverytimeadumpfileisrotated.Youcanreferencethedumpfileandthebasedirectorywiththe%d/%fmacros.Thismeansthatnfdumpwillalwaysbeexecutedonnewdataandonlyonceperdumpfile.Suddenly,youwon’tneedtoscheduleanycomplicatedcronjobtogeneratethefinal,human-readablenetflowlogfile.Wealsoaddeda-qoptiontosuppresstheheaderandstatisticsprintingtokeepthelogfileclean.
www.it-ebooks.info
![Page 106: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/106.jpg)
NoteYoumightstillwanttoconfiguresomelogrotationforthe/var/nfdump/logs/zabbix_netflow.logfile.Ifyouletitgrowunchecked,itwillfillupyourdiskspaceinduetime!
It’sfinallytimetomakeZabbixawareofthenetflowlogfile.
MonitoringalogfilewithZabbixAsalreadyexplained,logfilemonitoringneedsaZabbixagent.Forillustrationpurposes,wewillassumethatyouhaveinstallednfdumponthesameboxastheZabbixserver,andthatthelogfileisthuslocallyavailable.Itgoeswithoutsayingthatyoucouldalsoinstallnfdump,alongwithaZabbixagent,onaseparated,possiblydedicatedmachine.Itwon’tmakeanydifferencefromZabbix’sperspective.
Basicitemcreationisfairlystraightforward,justpointtheitemkeytothecorrectfilepathandyou’regoodtogo.Pleasenote,inthefollowingexample,thetimestampparsingfield:
Thisisallyouneedforbasiclogfilemonitoring.Forfurtherexplorations,thelogkeyacceptsdifferentoptions,amongwhichthemostinterestingarethoserelatedtoregularexpressionfilteringandoutputsothatyoucanalsocreateadditionalitemsthatwillonlyextracttheexactinformationyouneed(forinstance,bytespersecondofaflow)anduseitasrawdata,justasyouwoulduseanyotherZabbixitem.Zabbix’sownofficialdocumentationisexcellentinthisrespect,soyouareencouragedtofindoutmoreathttps://www.zabbix.com/documentation/2.4/manual/config/items/itemtypes/log_items.
www.it-ebooks.info
![Page 107: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/107.jpg)
Onthenfdumpside,therearemanymoreoptionsandfeaturesavailabletonfdump,we’vereallyonlyscratchedthesurfacetokeepthingssimple.Wedon’thavethespacetofullyexploreithere,butifyou’rewillingtospendsometimeexploringthetool,you’llfindthatnfdumpisnotonlycapableofpowerfultrafficfiltering,justastcpdumpis,butitcanalsocreatestatisticsandaggregateddataonvirtuallyeveryaspectofaflow,fromnetworkportstopacketsizes,andsoon.CombinethiswithZabbix’spowerfulexternalscriptitems,andyoucaneasilyseethatyoucansliceanddiceyourdata;however,ifyouwant,bringitintoZabbixforfurtherprocessing,graphing,andalarming.Really,theskyisthelimitwhenyoulearntocombinethesetoolstogether.
www.it-ebooks.info
![Page 109: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/109.jpg)
SummaryInthischapter,youhavelearnedthedifferentpossibilitiesZabbixofferstotheenterprisingnetworkadministrator.
Youshouldnowbeabletochoose,design,andimplementallthemonitoringitemsyouneed,basedonthemethodsillustratedintheprecedingparagraphs:simplechecksthataremoreusefulandpowerfulthanthenameimplies;theall-powerfulSNMPprotocol,bothasgetvaluesandastraps;logfilesingeneral;andtheinfinitelyusefulnetflowprotocol
ThenextchapterwillbuildontheinformationexposedinthischapterandwillfocusmoreonservermonitoringandhowtoextractinformationfromDNSservers,webservers,proxies,andotherappliances.Theseareimportant,ifoftenoverlooked,componentsofanetworkevenfromtheperspectiveofanetworkadministrator,andyou’llfindmanyusefultipsonhowtomonitorthem.
www.it-ebooks.info
![Page 111: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/111.jpg)
Chapter3.MonitoringYourNetworkServicesIneveryenvironment,especiallyinalargeone,therearemanynetworkcriticalservicesthataredirectlytiedonthenetworkinfrastructure.Manyofthemcanbemonitoredbythesystemadministrators,butthecorecriticalservicesforthewholenetworkarebetteriftheyaremonitoreddirectlybythenetworkadministrator.
Betweenthosecriticalservices,wecanfindthefollowing:
DNSDHCPNTPApacheproxy/reverseproxiesProxycacheSquid
Asitiseasytounderstand,evenifthoseservicesareprovidedfromsomededicatedserverandnotnetworkdevices,themetricsthatyouareacquiringfromthemarefundamental.Thosemetrics,indeed,playacriticalrolewhenyouwouldliketosetupaproactivealarm.
AnexampleofaservicethatcancausealotofconfusioninyournetworkcanbetheDNS,theDHCP,oreventheNTP.Inanidealenvironment,allthoseservicesneedtoberesponsive,andeventheresponsetimeiscrucial;ifeachoneofthosecomponentsbecomesunresponsive,theywillactastheweakestlinkofyourinfrastructure,causingalotofproblemsthatwillbequicklypropagatedtothewholenetwork.AsimpleNTPservercanintroduceconfusioninthelogsofyoursystemsorevencauseanissueinyourconnections.Workingonapracticalexample,trytoimaginethatyouhaveallyouraccountsstoredinanLDAP.Well,iftheLDAPtakestoomuchtimetoresolvetheUID/GIDofyouraccount,youcanhaveissuespropagatedtoallyoursystems.AnunresponsiveLDAPcancausefilesystemissuesandevenNASissues,andifallyouraccountsarestoredthere,evenanlscanliterallytakeages,withabigimpactonthewholeinfrastructure.Here,wearenotconsideringtheDNS,whereadysfunctioncanbeevenworse.
Also,thoseservicesneedtobetakenundersurveillanceas,iftheybecomeunresponsive,quitesoontheywillaccumulaterequeststoserve,andiftheenvironmentisnotready,theywillbefloodedbytheirownqueriesinaqueue,withaglobalimpactonourinfrastructure.
Inthischapter,wewillgothroughallthemainservicesthatanetworkadminshouldmonitortoavoidthesekindsofissues.Then,thereaderwilllearnandunderstandtheimportanceofaneffectiveproactivealarmtoavoidaquickescalationofissuesacrossthenetwork.
www.it-ebooks.info
![Page 112: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/112.jpg)
MonitoringtheDNSThefirstnetworkcomponentwewillanalyzeandseehowtomonitoristheDNS.
ThemostpopularDNSserverisBIND,whichisalsooneoftheoldestpackagesproduced.Here,inthenextexample,weassumeyouhaveBIND9.6orlater.
Startingwithversion9.6,thereisabrandnewfeaturethatisnotevenmentionedinthemainpage(ofRedHatLinuxatleast).Thisfeatureisabuilt-inwebserverthatprovidesstatisticsaboutBINDinaverysimplewaythoughtHTTP.Toenablethisfeature,itisenoughtoaddthoselinestoyourBIND9configurationfile,/etc/named.conf:
statistics-channels{
inet127.0.0.1port8053allow{127.0.0.1;};
};
Thelinewehavejustaddedisagoodexampleasthestatistics’accessiscontrolledandrestrictedtothelocalhost.
TipBIND,bydefault,willusethestandard80HTTPportifyoudon’tspecifytheport.Alsopleasetakecaretolimittheaccesstothestatisticchannel;todoso,youcanusethisclause:
allow{address_match_list}
Ifyoudon’tspecifytheallowclause,BINDwillacceptconnectionsfromanyaddress.Thisneedstobeavoided.
Oncethisisdone,allyouhavetodoisrestartyourservicewith:
$servicenamedrestart
Stoppingnamed:[OK]
Startingnamed:[OK]
Now,youcanevenusecurltocallyourwebserverandhavedeliveredtoyouallthestatistics:
#curlhttp://127.0.0.1:8053
<?xmlversion="1.0"encoding="UTF-8"?>
<?xml-stylesheettype="text/xsl"href="/bind9.xsl"?>
<iscversion="1.0">
<bind>
<statisticsversion="2.2">
<views>
<view>
<name>_default</name>
<zones>
….
<summary>
<TotalUse>5965501</TotalUse>
<InUse>1502936</InUse>
<BlockSize>4718592</BlockSize>
www.it-ebooks.info
![Page 113: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/113.jpg)
<ContextSize>3595936</ContextSize>
<Lost>0</Lost>
</summary>
</memory>
</statistics>
</bind>
</isc>
Now,wehavetwowaystoretrievethestatistics:
ConfigureBINDtowritethestatisticsinthestatfile(oldmethod)ConfigureBINDtousethebuilt-inHTTPwebservice
Thefirstandoldmethodcanbeusedforserversthatarenotunderaheavyload;thenewmethodusingthestatistics-channelsisontheotherhandlightweightandveryeasytomanage.Nowadaysthisoneisthepreferredmethodtouse.
NoteStartingfromBIND9.10,thestatisticscanbedeliveredineithertheXMLortheJSONformat.ThepreviousversionofBINDofferedonlystatisticsonXMLv2orV3.StartingwithBIND9.10,theXMLstatisticsareavailableonlyinV3format.Anyway,theJSONformatissignificantlyfasterthanXMLandevenlightweighttoprovide.
Now,tofiltertheoutputobtainedbycurl,thereisaninterestingutilitythatunfortunatelyisnotastandardRPMdistributedbyRedHat.Thetoolwearegoingtouseonthoseexamplesisxml2.
Thisxml2isanXMLprocessingtoolthatcanbeusedtoparseandreadtheXMLenvelopesandrewritethemasaflatformat.Theflatformatisreallyusefultobemanipulatedwithshellscripts.Then,firstofall,youneedtodownloadthisutility(thesourcecodeisavailableathttp://download.ofb.net/gale/xml2-0.5.tar.gz).Here’stheoutputsummary:
#wgethttp://download.ofb.net/gale/xml2-0.5.tar.gz
--2014-11-0110:43:44--http://download.ofb.net/gale/xml2-0.5.tar.gz
Resolvingdownload.ofb.net…64.13.131.34
Connectingtodownload.ofb.net|64.13.131.34|:80…connected.
HTTPrequestsent,awaitingresponse…200OK
Length:86318(84K)[application/x-gzip]
Savingto:"xml2-0.5.tar.gz"
100%[===================================>]86,318155K/sin0.5s
2014-11-0110:43:45(155KB/s)-"xml2-0.5.tar.gz"saved[86318/86318]
Performthefollowingstepstoobtaintheresultssetoutintheprecedingparagraph:
1. Explodethepackage,asfollows:
#tar-zxvfxml2-0.5.tar.gz
xml2-0.5/
xml2-0.5/configure.ac
xml2-0.5/aclocal.m4
…
www.it-ebooks.info
![Page 114: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/114.jpg)
xml2-0.5/csv2.c
xml2-0.5/xml2.c
2. Stepintothedirectory,asfollows:
#cdxml2-0.5
3. Runtheusual./configurefollowedbymakeandmakeinstall,asfollows:
#./configure&&make
Then,asroot,youcannowrunthefollowingcommand:
#makeinstall
Onceallthishasbeencompleted,youarereadytoruntheutility.
Tomakeyoubetterunderstandwhatthistoolexactlydoes,youcanrunthefollowingcommand:
#curlhttp://localhost:8053/2>/dev/null|xml2|grep-A1queries
/isc/bind/statistics/server/queries-in/rdtype/name=A
/isc/bind/statistics/server/queries-in/rdtype/counter=11230
/isc/bind/statistics/server/queries-in/rdtype
/isc/bind/statistics/server/queries-in/rdtype/name=AAAA
/isc/bind/statistics/server/queries-in/rdtype/counter=1112
Now,theoutputisfinallyveryeasytomanipulatewithastandardutilitylikesedorawk.
4. Then,thenextsteptoenquirefromthelocallyinstalledagentistoaddthesetwolines:
UserParameter=bind.queries.in[*],curlhttp://localhost:8053/
2>/dev/null|/usr/local/bin/xml2|grep-A1
"/isc/bind/statistics/server/queries-in/rdtype/name=$1$"|tail-1|
cut-d=-f2
UserParameter=bind.queries.out[*],curlhttp://localhost:8053/
2>/dev/null|/usr/local/bin/xml2|grep-A1
"/isc/bind/statistics/views/view/rdtype/name=$1$"|tail-1|cut-d=-
f2
Usingtheprecedingcommandasanexample,youcanrunthestandardqueries,suchasA,AAAA,CNAME,ANY,MX,NS,PTR,SOA,andTXTrecordsin/out.
Now,ontheZabbixserverside,youneedtoconfigureallyouritemsjustastheoneshowninthescreenshotfollowingtheupcominglist,takingcaretocreatethesamekindofitemforAaswell:
AAAA
CNAME
ANY
MX
NS
PTR
www.it-ebooks.info
![Page 115: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/115.jpg)
SOA
TXT
Onceyou’veaddedallyouritemsinagraph,thefinalresultwillbejustliketheoneshowninthenextscreenshot.Now,you’reacquiringallthequeriesdoneforthemostimportantDNSfields.
www.it-ebooks.info
![Page 117: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/117.jpg)
DNS–responsetimeNow,wearemonitoringallqueriesdoneagainstallthemainDNSrecords,butactuallyweneedtocheckhowourDNSisworkingandthenhowmuchtimeisrequiredtohavetheresponseback.
OntheZabbixhow-to,thereisanexampletodowhat’savailablehere:https://www.zabbix.com/wiki/doku.php?id=howto/monitor/services/monitor_dns_and_ntp_services_on_your_network.
Theproblemwiththisexampleisthatthescriptandcodeproposedsimplyreturnsa0or1dependingontheDNSresponseorDNStimeout.
Well,thatexampleisnotgoodenoughforus;wearelookingfornumberslikeresponsetime,andoverthosenumberswecanimplementatrigger.ThetriggerneedstogoonfirewhenthetimeneededbyDNStogiveusbackaresponseishigherthanavaluethatwecanconsideracceptable.Inacomplexnetwork,youcanhaveaDNSquerywhereyoucantolerateaslowresponse(theentiredevelopmentnetworksegment,forinstance,isnotascriticalastheproductionsegment).Then,thesolutionsweproposeheregiveustheresponsetime.Wecanbuildourtriggerovertheresponsetimeunliketheotherway,whichisalotlessflexible.
Wecanseethescriptstepbystep;firstofall,weneedtoacquiretheresponsetime.Thiscanbedoneusingdig,asfollows:
#digmydomain.com
NoteNOTE
digispartofthebind-utilspackage.Ifyoudon’thaveitinstalledinyoursystem,youneedtorunasrootthefollowingcommand:
yuminstallbind-utils
Anyway,digusesthelocalresolver,andthenifyourunthesamequeryagain,you’llseethatthetimespenttoacquiretheDNSrecordis0minutes.Thisisclearlyafalsevalue!Toavoidanycachedresponseandtomeasuretherealtime,weneedtousethe+traceoption.Whentracingisenabled,digmakesiterativequeriestoresolvethename;practically,digwillfollowreferralsfromtherootservers,showingtheanswerfromeachserverthatwasusedtoresolvethelookup.
Here,weneedtohavethetotaltimespentforthequeryandnotthetimeconsumedbyeveryserver.Todothat,wecanusethefollowingsyntax:
$([email protected]+trace)
real0m1.376s
user0m0.010s
sys0m0.012s
Nowthatwehaveunderstoodthelogic,hereisthefullscriptwewilluse:
www.it-ebooks.info
![Page 118: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/118.jpg)
#cattest_dns.sh
#!/bin/sh
iftest-z"$1";then
echo"YouneedtosupplyaDNSentrytocheck.Quitting"
exit01;
fi
DOMAIN=$1
MYTIME=$((timedig$DOMAIN+trace)2>&1|grepreal|awk-F'[m,s]''{print
$2}')
if[$?-eq0];then
echo$MYTIME
else
echo0
fi
Thisscriptrequiresa$1parameter,whichisthedomaintocheck.Now,weneedtoenablethisscriptontheagent’ssidewithUserParameterontheagentconfigurationfile,thusadding:
UserParameter=dns.responsetime[*],test_dns.sh$1
Thescriptwejustcreatedneedstoplacedinavalidruntimeagent’spath,orweneedtousethefullyqualifiedpathinUserParameter,asfollows:
UserParameter=dns.responsetime[*],/full/path/of/test_dns.sh$1
NoteThismethodisreallyusefulasyoucandeploythescriptondifferentnetworksegments,likeforinstance,theapplicationserverzone,andhavearealvalueofthetimeneededtoresolveaDNShostfromthatnetworksegment.
Asthelaststep,createtherelativeitemontheZabbixserverside,whereyouwillpasstheDNSnametocheck,asshowninthefollowingscreenshot:
Pleasebearinmindthatthisscript,ifexecutedcontinuously,canhammeryourDNSexactlybecauseitavoidsusingthecacheofthelocalresolverandevenoneoftheintermediatesegments.
Then,aswehaveexplained,weneedtoscheduleourscriptwithareasonableperiodthatcanbeforaninstanceof1minute.Pleaseconsideryournetworksegmentsfromwhichyou’rerunningthischeck,forboththequantityofscriptsthatarerunningandfrequency.
www.it-ebooks.info
![Page 119: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/119.jpg)
NoteHere,youcancreateatriggerbasedonthezone,bearinginmindthatyou’remonitoringtheDNSresponsetimedirectlyfromthehoststhatrequirethoseDNSentriesresolved.Here,itisimportanttotuneyourtriggerbasedontheresponsetimeyouconsideracceptablefromthepointofviewofthezone.
Whenyou’recreatingyourtrigger,itisimportanttoconsiderthatthispluginprovidesyouwiththerealDNSresponsetime,whichistheworst-casescenario.Here,weavoidusinganycachingsystems,whichisnottherealcasebutapessimisticone.Thatsaid,ifyounoticesomespikesofhighresponsetime,thosecanbeignoredasthosespikescan’timpactyoursystem.Consideringthat,thetriggerneedstobetunedtospottheresponsetimethatisstilltherefortwoorthreeitemcycles(orevenmore—thisdependsonthefrequencyatwhichyourunthecheck)andavoidconsideringsinglespikes.
www.it-ebooks.info
![Page 120: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/120.jpg)
DNSSEC–monitoringthezonerolloverHere,wedon’thaveenoughpagestoexplainallthefeaturesaddedbyDNSSECoracompletesetupguideofit.Anyway,itisimportanttoknowthatthebestwaytoavoidissueslikeaDNScachepoisoningattackistouseDNSSEC.DNSSECdoesadeepusageofcryptographickeysanddigitalsignaturestoensurethatlookupdataiscorrectandconnectionsarelegitimate.Then,inasecureenvironment,you’resupposedtousemainlyDNSSEC,andthenitisimportanttomonitorthecriticalDNSSECparameters;thoseitemscanberesumed,asfollows:
Thezonefile’svalidityThezones’rolloverstatusTheDNSresponsetime
Currently,therearetwopluginsavailabletoimplementchecksagainsttheDNSSECzonerollover:
RollstateZonestate
Thefirstonechecksthezonemanagedbythedaemonrollerd;thesecondonechecksthevalidityofDNSzones.
NoteThefullcodeisavailableathttps://github.com/hardaker/dnssec-tools/tree/master/dnssec-tools/apps/zabbix,andthepackageisavailableathttp://www.dnssec-tools.org/download/dnssec-tools-2.1.tar.gz.
OneoftherequirementstoproperlysetupthispluginisthatyouneedtobeawareofthefrequencyofyourrolloveractionstotunetheZabbixitem;pleasebeawarethatalittlelatencyisnormalhere.Anyway,aslongasyoudon’trolloverzoneseveryfewminutes(TTLissettoafewminutes),thislagwillnotbeanissue.
Now,beforeyoucanruntheplugin,youneedtohaveinstalledafewrequiredPerlmodules:
#perl-MCPAN-eshell
cpan>installNet::DNS
cpan>installNet::DNS::SEC
Wearesupposingthatyoualreadyhavecpaninstalled;ifyoudon’thaveitinstalledinyoursystem,pleaseinstallitwiththefollowinglineofcode:
#yuminstallcpan
Now,onceyouhaveinstalledtherequiredmodule,youneedtoinstalltheopenssl-develpackagewiththefollowingcommand:
#yuminstallopenssl-devel.x86_64
Now,youcanfinallyuncompressthesoftwarewiththefollowingcode:
www.it-ebooks.info
![Page 121: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/121.jpg)
#tar-zxvf./dnssec-tools-2.1.tar.gz
#cd./dnssec-tools-2.1
#./configure&&make&&makeinstall
Nowin/dnssec-tools-2.1/apps/zabbix/,wehavealltheneededsoftware.Herearethepiecesofsoftwareavailablein/dnssec-tools-2.1/apps/zabbix/:
#ls-l
total40
-rwxrwxr-x.112741274768Jan22013backup-zabbix
-rw-rw-r--.1127412741706Jan22013item.fields
-rw-rw-r--.1127412742878Jan22013README
-rwxrwxr-x.1127412746763Feb152013rollstate
-rwxrwxr-x.1127412747720Feb152013uemstats
-rw-rw-r--.1127412741329Oct192011zabbix_agentd.conf
-rwxrwxr-x.1127412746314Feb152013zonestate
Finally,wecantryournewplugins,asfollows:
#./rollstatemydomain.com
ZSKphase3
#./zonestatemydomain.com
zonefilevalid
Now,it’stimetoenableournewplugins;todothis,weneedtodefineacoupleofnewentriesofUserParameterontheagentside’s/etc/zabbix/zabbix_agentd.conf:
UserParameter=dnssec-tools.rollover.status[*],rollstate$1
UserParameter=dnssec-tools.rollover.statusnum[*],rollstate–numeric$1
Evenhere,youneedtoplacetherollstateplugininadirectorycontainedinthepathorusethefullyqualifiedpathforourplugin.Also,onceyouhaveaddedUserParameter,youneedtorestarttheagentwith:
#servicezabbix-agentrestart
ShuttingdownZabbixagent:[OK]
StartingZabbixagent:[OK]
Therollstatepluginprovidestwodifferentoutputswiththe–numericoptionspecified.ItprovidespositivenumbersfortheZSKphasesandnegativenumbersfortheKSKphases.ThisenablesustoproduceagraphthatrepresentsallthephasesofDNSSEC.
OnceyouhavecreatedtheZabbixagentitemonyourtemplateandyourscriptisrunning,theoutputwillbelikethenextscreenshot.
Intheexampleandtherelativegraph,wehaveahighlyfrequentrollover.Inareal-lifescenario,thetimerequiredtogothroughallthedifferentstatuseswillbelonger.
www.it-ebooks.info
![Page 122: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/122.jpg)
ThedetailsoftheDNSSECrolloverintextmode,usefultokeeptrackofallthestatuschanges,willbecontainedinatextitem.Anexampleofthelatestdataisshowninthenextscreenshot:
Asyoucansee,youwillhaveahistoricalstatusofallthestepscrossedduringtherollover,andyouwillhaveacleartrackofthestepsperformed.
NoteThisitemwillbepreciousifyourprocessgetsstuckonastep,especiallyifthishappensperiodically.
Inthenextscreenshot,youcanseethezonestatuspluginatwork:
www.it-ebooks.info
![Page 123: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/123.jpg)
Now,theonlythingyoustillhavetodoiscreateatriggerbasedontheinformationwe’reacquiring.Here,itisimportanttobearinmindthatalittlelagisnormalduringthezonetransferprocess;thislagneedstobeconsideredwhenyousetupthetrigger.
www.it-ebooks.info
![Page 125: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/125.jpg)
ApachemonitoringMostofthereverseproxiesarenowadaysimplementedusingApache.Apache,otherthanbeingawebserver,isquiteusefulasareverseproxyasitincludessomepowerfulmodules:
mod_proxy
mod_proxy_http
mod_proxy_ftp
Otherthanasareverseproxy,itcanbeusedasaloadbalancerthanksto:
mod_proxy_balancer
Now,unfortunately,thereisn’tavalidmethodtoacquirethemetricsstrictlyrelatedtothemoduleused,butanyway,wecanacquirequiteafewmetricsfromApacheitself.
Thefirstthingyouhavetodobeforeyoucanacquirethestatisticsisenablethem.Todothis,youneedtoputthefollowinglinesinyourApacheconfigurationfile:
<Location/server-status>
SetHandlerserver-status
Allowfrom127.0.0.1
Orderdeny,allow
Denyfromall
</Location>
Also,youcanoptionallyaddthefollowinglinetoyourglobalApacheconfigurationfile:
ExtendedStatusOn
Here,weareconfiguringthemodulewiththeExtendedStatusOnoption.Withthissetting,Apachekeepstrackofextendedstatusinformationforeachrequest.Thiscollectioncanslowdowntheserver,andifyounoticeperformanceissues,itcanbedisabledwiththeExtendedStatusOffkeyword.
TipPleasekeeprestricted,asmuchasyoucan,theaccesstothe/server-statuslocation.Inourcase,itisallowedonlyfrom127.0.0.1.ThismeansthatyouneedtocollectthestatisticsfromtheagentinstalledlocallyonyourApachehost.Itisimportanttoknowthatifmod_statusiscompiledintotheserver,thenitshandlerisavailableinallconfigurationfiles,includingper-directoryfiles,likehtaccess.Thiscanhavesecurity-relatedramificationsforyoursite.
Now,allyouhavetodoisrestartyourApacheandcheckwhetheryoucanretrievethestatisticsrunningthefollowingcommand:
[root@localhost~]#curlhttp://127.0.0.1/server-status
<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML3.2Final//EN">
<html><head>
<title>ApacheStatus</title>
</head><body>
www.it-ebooks.info
![Page 126: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/126.jpg)
<h1>ApacheServerStatusfor127.0.0.1</h1>
<dl><dt>ServerVersion:Apache/2.2.15(Unix)DAV/2PHP/5.3.3</dt>
<dt>ServerBuilt:Jul23201414:17:29
</dt></dl><hr/><dl>
<dt>CurrentTime:Monday,03-Nov-201419:48:11PST</dt>
<dt>RestartTime:Monday,03-Nov-201419:48:00PST</dt>
<dt>ParentServerGeneration:0</dt>
<dt>Serveruptime:11seconds</dt>
<dt>Totalaccesses:9-TotalTraffic:0kB</dt>
ThisApachemodule’soutputisreallyfullofusefulinformation;lookingattheoutputindetail,youcanseethatitprovidestheinformationshowninthefollowingscreenshot:
Here,youhaveaviewthatissplitintofourmainsections,whichareasfollows:
TheApacheversiondata,modulestarted,andserverbuilddetailsTheApacheserverstatusthatprovidesyoutheuptime,CPU,numberofaccess,numberofrequest/sec,andsomemoreinformationaboutitsstatusTheApachescoreboardAsectionwithallthedetailsoftheconnectionserved
Here,retrievingthestatisticsisnotaseasyasyouwouldimagine.Thefirstandsecondsectionsarequiteverbose,anditiseasytoextracttherequiredinformationfromthemonceyou’veobtainedthewebpage.ThethirdsectionisalittlemorecomplexasitistheApachescoreboard.ThescoreboardisarepresentationofApache’sworkersandtheirrelativestatus.TheworkersareApache’srequest-handlerstatus.Thekeysusedonthescoreboardarethefollowing:
www.it-ebooks.info
![Page 127: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/127.jpg)
ScoreboardKey:"_"WaitingforConnection,"S"Startingup,"R"Reading
Request,"W"SendingReply,"K"Keepalive(read),"D"DNSLookup,"C"Closing
connection,"L"Logging,"G"Gracefullyfinishing,"I"Idlecleanupof
worker,"."Openslotwithnocurrentprocess
Then,toretrieveandanalyzethestatus,weneedtouseaslightlydifferentURL:http://localhost/server-status?auto.
WecantrytheoutputproducedbythisURLusingcurl,asfollows:
#curlhttp://127.0.0.1/server-status?auto
TotalAccesses:1334
TotalkBytes:2163
CPULoad:5.20713
Uptime:2776
ReqPerSec:.480548
BytesPerSec:797.879
BytesPerReq:1660.35
BusyWorkers:1
IdleWorkers:10
Scoreboard:
_______W___…...............................................................
...........................................................................
...........................................................................
.............................
Now,it’seasytoretrievetheCPULoadvalue,forinstance:
#curl-shttp://127.0.0.1/server-status?auto|awk'/^CPULoad:/{print
$2}'
5.15882
Withthesamemethod,wecanacquireallthemetrics,forexample,thenumberofIdleWorkerswillbe:
#curl-shttp://127.0.0.1/server-status?auto|awk'/^IdleWorkers:/
{print$2}'
10
Parsingthescoreboardisalittledifferentasweneedtocountthenumberof_ifwearelookingatalltheworkersthatarewaitingforaconnectioninsteadofcountingalltheoccurrencesofWtocheckalltheworkersthataresendingreplies.Toaddressthisrequirement,youcanusethefollowingcommand:
#curl-shttp://127.0.0.1/server-status?auto|awk'/^Scoreboard:/
{print$2}'|awk'BEGIN{FS="_"};{printNF-1}'
10
ThefirstawkcommandidentifiestheScoreboard:section,thesecondawkcommandcountsalltheoccurrencesof_intheline,definingafieldseparator,andthencountingallthematchedfields.
Currently,therearethreeprebuiltpluginstodothis:
zapache:ThisisashellscriptcalledviaUserParameterZabbixApacheUpdater:ThisisaPythonsoftwarethatneedstobescheduledon
www.it-ebooks.info
![Page 128: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/128.jpg)
crontabquery_apachestats.py:ThisisaPythonsoftwaretriggeredbyUserParameter
Inthissection,wewillanalyzezapacheasitusesthesamemethoddescribedtoacquiremetricsfrommod_statusofApache.Thescriptisavailablefordownloadathttps://github.com/lorf/zapache.
Allyouhavetodoisdownloadzapachefromthatlocation,copyzapacheunder/home/zabbix/bin/withtherelativetemplate,andthenconfigureUserParameterintheagentconfigurationfile/etc/zabbix/zabbix_agentd.conf,asshownhere:
UserParameter=zapache[*],/home/zabbix/bin/zapache$1
Now,ontheGUI,youhavetocreateyourtemplateorimporttheonedistributedwithzapache.Then,navigatetoConfiguration|Template|Importandselectthezapache-template.xmltemplateifyouwanttheitemasZabbixagentorthezapache-template-active.xmltemplateifyouprefertheitemsmanagedasZabbixagent(active).
Ifyoutakealookatthezapachesourcecode,youwillnoticethatitcanrunasZabbixagent’smodeorasanexternalscript,whichmeansthatyoucanuseittoacquiretheApachestatisticslocallyonthesameserverorremotely.
Hereisthecodesectionthatmanagesthiskindofbehavior:
if[[$#==1]];then
#AgentMode
STATUS_URL="http://127.0.0.1/server-status?auto"
CASE_VALUE="$1"
elif[[$#==2]];then
#ExternalScriptMode
STATUS_URL="$1"
case"$STATUS_URL"in
http://*|https://*);;
*)STATUS_URL="http://$STATUS_URL/server-status?auto";;
esac
CASE_VALUE="$2"
Asyoucansee,youcanrunthescriptwithonlyoneparameter,whichrepresentsthemetricyouwouldliketoacquire,ortwoparameters,specifyingeventheremoteIPaddressofyourApachereverseproxyorwebserver.Here,inordertokeepthingseasy,weavoidmod_statusfrombeingaccessedexternallyusingaUserParameter.Anyway,itisbettertobeawarethatyoucanevencentralizestatisticacquisitionthankstothiscodesection.
ThefinalresultofoursetupandApache’smetricacquisitionisshowninthenextscreenshot:
www.it-ebooks.info
![Page 129: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/129.jpg)
Now,itistimetodiscusstriggersrelatedtothisApachemonitoring.Firstofall,youneedtocreateatriggerbasedonthelastvalueofzapacheping,asfollows:
{TemplateAppApacheWebServerzapache:zapache[ping].last(0)}=0
Ofcourse,ifthezapachepingfails,returning0,youhaveanissue.Someotherparametersthatarecriticalforserverstatusandonwhichyoucancreatetriggersare:
WaitingForConnection:ThisindicatesthatthenumberofprocessesarewaitingforaconnectionReqPerSec:ThisindicatesthenumberofrequestspersecondCPULoad:ThisindicatestheamountofCPUconsumedbyApache
Thosevaluesarestrictlydependentontheserveryou’reusing,thenumberofclientsyouareserving,andmostimportantly,whatexactlyandhowyouareservingtherequest.Aboutwhatandhowyouareservingtherequest,youcanhavesomeverycomplexrewritingandreverserulesthatcanmakeagroupofURLsmorecomplextomanage.Here,thebestthingtodoistrytofindoutyourApache’slimitusingsometoolsthatareabletoproducealotofconcurrentconnectionsandthenworkload,forinstance,youcantrySiege.
NoteMoreinformationaboutSiegeisavailablehere:http://www.joedog.org/siege-home/.
Onceyou’vetestedandfoundthemaximumnumberofclientsyoucanserveperURLandyou’veseenthewebserverlimits,youcancreateandtuneyourcustomtriggers.
www.it-ebooks.info
![Page 131: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/131.jpg)
NTPmonitoringThesystemclockissomethingyoushouldkeepmonitoringbecauseif,forsomereason,yoursystemsuffersasystemclockdrift,thiscanbecomeabigissue.
Performingapracticalexampleofheavydriftonthesystemclockwillcauseissues.TheDNSSECzonereplication,yourFTPservice,theIMAPservice,andmanyotherserviceswillbeaffected,makingyourserverunstableandunusable.
TokeepyoursystemclockinsyncwiththeremoteNTP,youcanuseandinstalltheNTPdaemonthatwilltakecareofthesystemclock.
ToinstallNTP,youcanuseyumasusual:
#yuminstallntp
...outputremovedhere…
Installed:
ntp.x86_640:4.2.6p5-1.el6
Complete!
Onceyou’veinstalledtheNTP,youneedtofindtheserverthatisclosertoyouusingthewebsitehttp://www.pool.ntp.org/en/.
Fromthiswebsite,youneedtochoosetheserverthatisbetterforyouandthenchangethe/etc/ntp.confconfigurationfile.
Also,itisagoodpracticetoaddthelogfiledirectiveattheendofthentp.confconfigurationfile,asfollows:
#echo"logfile/var/log/ntp.log">>/etc/ntp.conf
Thenstartorrestarttheservice,asfollows:
#servicentpdstop
Shuttingdownntpd:[OK]
#servicentpdstart
Startingntpd:[OK]
Now,youneedtoconsiderthatyoucanhaveonecentralserverusedasaprimaryntpdserverforyournetworkandpropagatethesystemtimefromthere;inthiscase,youneedtochangethe/etc/ntp.confconfigurationfileabit:
#Hostsonlocalnetworkarelessrestricted.
restrict192.168.1.0mask255.255.255.0nomodifynotrap
Nowfinally,youcanattachallthehostsofyournetworktothisntpdserverandthenmonitorthisNTPandtheclient’stime.
TipIfyouareprotectingaserverwithafirewall,youneedtoenabletheUDPonport123onbothdirections.Ifyou’reusingiptablestoenabletheclientandtheservercommunication,youneedtoaddthefollowingrulestotheOUTPUTandINPUTchains:
www.it-ebooks.info
![Page 132: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/132.jpg)
iptables-AINPUT-pudp--dport123-jACCEPT
iptables-AOUTPUT-pudp--sport123-jACCEPT
Now,toretrievemetrics,weneedtoqueryntpd.Forthisoperation,wecanusentpq,whichwillshowallthestatistics.Fromamonitoringperspective,we’relookingfortheoffset,jitter,anddelay.
Inthenextexample,weseethecompleteoutputofntpq,asfollows:
#ntpq-pn127.0.0.1
Remoterefidsttwhenpollreachdelayoffsetjitter
==================================================================
+91.247.253.152191.241.139.1373u964135.27629.4929.791
+217.147.208.1194.242.34.1492u864119.61730.91211.497
*192.33.214.47129.194.21.1952u764125.58132.15711.007
+195.141.190.190212.161.179.1382u664120.73931.14310.983
Pleasenotethatthisserverissufferingabigdriftandthetriggerisalreadyonfire.
Toacquirethemetricthen,wecanuseacommandlikethisone:
#ntpq-pn127.0.0.1|/usr/bin/awk'BEGIN{offset=0}$1~/\*/{
offset=$9}END{printoffset}'
32.157
ThiscommandretrievestheoffsetbetweenthesystemclockandtheNTPserver.
NoteWeareusingthe–pand–noptionstogether;withthe–noption,weareavoidingthenameresolution,andthentheDNSquery.Thisisdoneinordertokeeptheitemaslightweightaswecan.
Now,wecanquicklysetupNTPmonitoringusingUserParameterontheagentsidewith:
UserParameter=ntp.jitter,ntpq-pn127.0.0.1|/usr/bin/awk'BEGIN{
offset=0}$1~/\*/{offset=$9}END{printoffset}'
ThiswillsetUserParametertoretrievethejittervalue;anyway,wecanevendosomethingalittlemorecomplexandthenproduceascriptlikethefollowing:
#!/bin/bash
VERSION="1.0"
functionusage()
{
echo"ntpcheckversion:$VERSION"
echo"usage:"
echo"$0jitter-Checkntpjitterdelay"
echo"$0offset-Checkntpoffset"
echo"$0delay-Checkntpdelay"
}
########
#Main#
########
if[[$#!=1]];then
#NoParameter
usage
www.it-ebooks.info
![Page 133: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/133.jpg)
exit0
fi
case"$1"in
'jitter')
value="'ntpq-pn127.0.0.1|/usr/bin/awk'BEGIN{jitter=0}$1
~/\*/{jitter=$10}END{printjitter}''"
rval=$?;;
'offset')
value="'ntpq-pn127.0.0.1|/usr/bin/awk'BEGIN{offset=0}$1
~/\*/{offset=$9}END{printoffset}''"
rval=$?;;
'delay')
value="'ntpq-pn127.0.0.1|/usr/bin/awk'BEGIN{delay=0}$1
~/\*/{delay=$8}END{printdelay}''"
rval=$?;;
*)
usage
exit1;;
esac
if["$rval"-eq0-a-z"$value"];then
rval=1
fi
if["$rval"-ne0];then
echo"ZBX_NOTSUPPORTED"
fi
echo$value
Then,ontheagentside,wecandeploythisscriptcalledntpcheck.shinthe/home/zabbix/bindirectory:
#ls-la/home/zabbix/bin/ntpcheck.sh
-rwxr-xr-x1zabbixzabbix781Nov903:23/home/zabbix/bin/ntpcheck.sh
Oncethisisdone,allwehavetodoiscreateUserParameter,asfollows:
UserParameter=ntp[*],/home/zabbix/bin/ntpcheck.sh$1
Then,restarttheagent:
#servicezabbix-agentrestart
ShuttingdownZabbixagent:[OK]
StartingZabbixagent:[OK]
Testournewitems:
#zabbix_get-s127.0.0.1-kntp[jitter]
2.273
#zabbix_get-s127.0.0.1-kntp[offset]
-6.696
#zabbix_get-s127.0.0.1-kntp[delay]
18.956
Andintheend,createourthreenewitemsontheZabbixGUI,asshowninthefollowingscreenshot:
www.it-ebooks.info
![Page 135: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/135.jpg)
NTP–whatarewemonitoring?Now,evenifthoseitemnamesappearassomethingeasytounderstand,itisbettertoknowwhatwearemonitoring.Firstofall,weneedtoclarifythatwe’reacquiringvaluesforthecurrenttimesource,hencewearetakingthevaluesinthelinethatbeginswitha*fromthentpqoutput.Forconvenience,thentpqoutputisreportedhere:
#ntpq-pn127.0.0.1
Remoterefidsttwhenpollreachdelayoffsetjitter
==================================================================
+91.247.253.152191.241.139.1373u964135.27629.4929.791
+217.147.208.1194.242.34.1492u864119.61730.91211.497
*192.33.214.47129.194.21.1952u764125.58132.15711.007
+195.141.190.190212.161.179.1382u664120.73931.14310.983
Asyoucansee,thelinesofthisoutputarenotordered,andtheybeginwith+and*(inthisexample).Weareinterestedintheonethatbeginswith*.Thereasonisthatthelinethatbeginswith*representsthepreferredandcurrenttimesource.
Wecanevenhaveaprefixlikethefollowing:
+:Thissignindicatesthatthepeerisagood,preferredremotepeerorserver(space),x,-,#,and.:Theseindicatethatthispeerisnotbeingusedforsynchronization
Now,wehaveclarifiedthereasonwhywearerunningthisawkcommand:
#ntpq-pn127.0.0.1|/usr/bin/awk'BEGIN{delay=0}$1~/\*/{delay=$8
}END{printdelay}'
Now,tohavesomemoredetailsaboutwhatwe’reacquiring,wecandefinethemas:
Delay:Thisisthecurrentestimateddelay.Itisthetransittimebetweenremotepeersorserversinmilliseconds.Offset:Thisisthecurrentestimatedoffset.Itisthetimedifferencebetweenremotepeersinmilliseconds.Jitter:Thisisthecurrentestimateddispersion,orbetter,thevariationindelaybetweenthesepeersinmilliseconds.
NoteIfyou’remonitoringaserverthatisrunninginavirtualenvironment,youneedtobeawarethatpracticallyallthevirtualizationsoftwaresuffersfromsystemclockdrift.Thencheckthevendor-specificbestpracticetoreducetheNTPdrift.
Nowit’stimetochangethescriptalittleaswecanchecktheNTPhealthstatusbyaddingthefollowingcasestatement:
case"$1"in
…
'health')
primary="'ntpq-pn127.0.01|grep^\*|grep-vgrep|wc-l'"
rval=$?
www.it-ebooks.info
![Page 136: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/136.jpg)
if["${primary}"-eq"1"];then
value="1"
else
value="0"
fi
;;
…
esac
Now,wecancheckwhetherwehaveatleastoneprimarypreferredsourcedefinedtogettheNTPsyncinagoodshape.Weneedtothenaddanewitemandarelatedtriggerthatwillgoonfireifthevaluereturnedis0.Otherthanthistrigger,wecanevenhaveatriggerthatwillgoonfireiftheclockdriftisbiggerthan50millisecondsforinstance,orevenless.
Inthenextscreenshot,youseetheinteractionbetweentheJitter,Offset,andDelayonaLinuxvirtualserver(thatsufferfrombigsystemclockdrifts):
www.it-ebooks.info
![Page 138: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/138.jpg)
SquidmonitoringSquidisthemostdiffusedcachingproxyfortheWeb.SquidsupportsHTTP,HTTPS,FTP,andmanymoreprotocols.Thisproxysoftwarereducesalotofthebandwidthrequiredtoserveitsclientsandimprovestheresponsetime,implementingaverygoodcachingsystem.Forallthosereasons,itisquiteevidentwhyyoushouldhaveSquidtomonitorinsideyournetwork.
TherearetwoprimarywaystoacquiredataandmetricsfromSquid:
UsingSNMPUsingsquidclient
Ifyou’recuriousabouttheSNMPsetupontheSquidserver,youcanhavealookattheofficialdocumentation,inparticularthesectionavailableathttp://wiki.squid-cache.org/Features/Snmp.
WeshouldavoidenablingSNMPonourSquidasithasbeenaffectedinthepastbymanyoverflowsandissues.Thelastsecurityissue,atthetimeofwritingthis,causedbySNMPenabledonSquid,isavailableathttp://www.squid-cache.org/Advisories/SQUID-2014_3.txt,andasyoucansee,itisareallyrecentissue.
Fortunately,theclientisreallypowerfulandthispermitsustoimplementagoodmonitoringsolutionwithoutenablingSNMP.
Typethefollowingcommand:
#squidclientmgr:info
Inresponsetotheprecedingcommand,Squidwillprintouttheentirestatisticdomainacquireduntilnow:
HTTP/1.0200OK
Server:squid/3.1.10
Mime-Version:1.0
Date:Sun,09Nov201417:23:25GMT
Content-Type:text/plain
Expires:Sun,09Nov201417:23:25GMT
Last-Modified:Sun,09Nov201417:23:25GMT
X-Cache:MISSfromlocalhost.localdomain
X-Cache-Lookup:MISSfromlocalhost.localdomain:3128
Via:1.0localhost.localdomain(squid/3.1.10)
Connection:close
...
Then,asyoucanunderstand,itwillbequiteeasytoretrievesomeimportantitemsfromthiskindofoutput.Tryingoutanexample,ifyouwouldliketoacquiretheCPUUsage,youcansimplyrun:
#squidclientmgr:info|grep'CPUUsage:'
CPUUsage:0.01%
Ofcourse,thiskindofoutputneedstobealittleshapedtobeusableforourwork,thenext
www.it-ebooks.info
![Page 139: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/139.jpg)
commandwillbeaUserParameterreadycommand:
#squidclientmgr:info|grep'CPUUsage:'|cut-d':'-f2|tr-d'%'|tr-d'
\t'
0.01
Now,wehavetwowaysofdoingthis:
WecreatealonglistofUserParameterontheagentsideWecreatejustaone-userUserParameterandcallitusingaparameter
Thesecondwayisthepreferredapproachasifyouneedtoaddanitemtoacquire,youdon’tneedtorestarttheagent.Hereduetospaceconstraints,wewillnotcommentallthescript;forthecompletescript,pleaserefertoAppendixB,CollectingSquidMetrics.
YouneedtocreateUserParameter:
UserParameter=squid[*],/home/zabbix/bin/squidcheck.sh$1
Now,youneedtorestarttheagent,andyoucancheckwhetheryou’reabletoacquirethemetricswiththefollowingcommand:
#zabbix_get-s127.0.0.1-ksquid[icp_sent]
12
Ifyoucanretrievethemetrics,theconfigurationisfine.
Now,ontheserverside,youneedtocreateyouritems,asshowninthefollowingscreenshot:
Nowthatwearefinallyacquiringallthemetrics,itisimportanttodefineatleasttwo
www.it-ebooks.info
![Page 140: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/140.jpg)
triggers:
OnetiedtothenumberofSquidprocessesrunningthatshouldneverbe0Onetiedtothenumberofavailablefiledescriptors;ifthisnumberislessthan100,weneedtohaveatriggeronfire
Thisisshowninthefollowingscreenshotandistheminimumnumberoftriggersyoushouldhave:
ToclosetheSquidmonitoring,wecantellthatyouarenowabletoacquireatleast22itemsusingthescriptavailableonGitHubathttps://github.com/smartmarmot/zabbix_network_monitoring/tree/master/Chapter3;youcannowsetmanyothertriggersdependingonyoursetup,servercapacity,numberofclientstoserve,andthemeanofthenumberofpagesrequiredbyyourclientnetwork.
Amongthemostimportantparameterstomonitor,wehave:
Thebytehitratioover5and60minutesTherequestdiskhitratioover5and60minutesRequestfailureratio
Allthehitratiosneedtobeascloseto100percentaspossible.Everyvalueofcachingunder70percentshouldmakeatriggergoonfire,andeventherequestfailureratio,ifitishigherthan30,shouldtriggeranalarmasitistellingusthatoursystemisnotrespondingproperly.
www.it-ebooks.info
![Page 142: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/142.jpg)
SummaryInthischapter,wecoveredalargenumberofcomponents.Westartedourdiscussionfromthemostusedandevenverycriticalnetworkservice:DNS.Goingaheadonthesameway,wediscussedDNSSEC;then,wemovedontoApache,themostusedandeffectivereverseproxy;walkedthroughNTP;andclosedthechapterwithSquid,themostinstalledandusedproxyservice.Forallthesystemsandservicesanalyzed,you’renowabletoacquirethemostcriticalmetrics,andyouknowhowtocreateeffectivetriggers.
Triggersherearecoveringthemostcriticalroleandhenceyourexperiencewithinyournetworkisthetrulyaddedvalue.You,withtheknowledgeacquiredfromthischapterandyourenvironmentexperience,willbethekeytocreatingeffectiveandproactivetriggers.Thischapterhascoveredallthecriticalservicesyoucanfindinanetwork,andnowyoucaneasilyprovideaheavyaddedvalue,creatingproactivechecksandinstallinganeffective,tailor-mademonitoringsolution.Inthenextchapter,youwilllearnhowtoautomatethediscoveringofyournetwork’selementsandhowtoapplyatemplatetothediscovereditem.Also,youhavetoadaptyourmonitoringsystemwithinyourenvironments,andthiskindoftaskisthetypicalboringandtime-consumingtaskthatanetworkadmindoesn’tliketodo.Thechapterwillprovideyouwithallthenecessaryinformationtousethehostdiscoveryandthelow-leveldiscoveryinaneffectiveway.Youwillbeguidedthroughthedifficultwaytoautomatetheitemdiscovery:thiswillheavilyreducethetimeneededtostartupyourmonitoringsolutionbutwillimpactandreducethetimeneededtomaintainyourgrowinganddynamicallymovingsetup.
www.it-ebooks.info
![Page 144: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/144.jpg)
Chapter4.DiscoveringYourNetworkInthepreviouschapters,we’veseenhowtogetdifferentmetricsfromquiteafewdifferentsources,usingdifferentmethods.Whatwehaven’tcoveredyet,ishowtoeasilygetallthisdataintoZabbixwhenyouhaveagreatnumberofmonitoredobjects.
Manuallycreatinghosts,items,andtriggersisanexcellentexercisetogetthehangofhowthingsworkinZabbix,butitcanquicklybecomearepetitive,boring,error-proneactivity.Inotherwords,theyarethekindsoftaskscomputersweremadeforinthefirstplace.
Whatifyourmonitoringsolutioncouldjustfindthehostsanddevicesyouwanttomonitor,addthemasZabbixhosts,applyatemplate,andstartmonitoringthem?Andwhatifitdidn’tjustlimititselftofindinghoststomonitor,butitalsofoundoutwhetheryourswitchhas24or48ports,howmanydisksyourwebserverhasattached,andwhatportsareopenonacertainhost?Aftersomeinitialconfiguration,youwouldnothavetobotherwithaddingorremovingthingstomonitor.Itwouldcertainlybegreat,buttheproblemwithautomateddiscoveryisthatitoftenhastocometotermswiththerealityofareal-worldnetwork,whichisoftenfullofexceptionsandspecialrules.Insuchcases,youcouldfindyourselfspendingalotoftimetryingtoadaptyourmonitoringsystemtoyourenvironmentinordertocatchupwithanautomateddiscoverythatmightbejustalittletooautomatic.
Luckily,Zabbixcansupportmanydifferentdiscoverystrategies,mixthemupwithregularhostanditemcreation,andgenerallyprovideagoodbalancebetweentheneedtohaveafullyautomatedsystemandtheneeddohaveamonitoringsolutionthatmatchesascloselyaspossibletheenvironmentithastomonitor,withallitsexceptionsandspecialcasesthatareimpossibletocapturewithjustadiscoverystrategy.
ThischapterwillbedividedintotwomainpartsthatmirrorthetwomainlevelsofdiscoverythatZabbixsupports:networkdiscoveryandlow-leveldiscovery.Theformerisusedtofindoutwhichhostsareinyournetwork,andthelatterisusedtofindoutwhatfacilitiesandcomponentsarefeaturedinagivenhost.
Let’sstartwithfindingouthownetworkdiscoveryworksandhowtomakethemostoutofit.
www.it-ebooks.info
![Page 145: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/145.jpg)
FindinghoststheZabbixwayZabbix’sdiscoveryfacilitiesconsistofasetofrulesthatperiodicallyscanthenetwork,lookingfornewhosts,ordisappearingones,accordingtopredeterminedconditions.
ThethreemethodsZabbixcanusetocheckfornewordisappearedhosts,givenanIPrange,are:
TheavailabilityofaZabbixagentTheavailabilityofanSNMPagentTheresponsetosimpleexternalchecks(FTP,SSH,andsoon)
Thesecheckscanalsobecombined,asillustratedinthefollowingexample:
Asyoucansee,whenenabled,thisrulewillcheckeveryhour,intheIPrange192.168.1.1-254,foranyserverthat:
ReturnsanSNMPv3valuefortheSNMPv2-MIB::sysDescr.0OIDIslisteningtoandacceptingconnectionsviaSSHHasanHTTPSserverlisteningonport8000
Beawarethatadiscoveryeventwillbegeneratedifanyoneoftheseconditionsismet.
www.it-ebooks.info
![Page 146: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/146.jpg)
So,ifadiscoveryrulehasthreechecksdefinedandahostinthenetworkrespondstoallthreechecks,threeeventswillbegenerated,oneperservice.
AsusualwithallthingsZabbix,adiscoveryrulewillnotdoanythingbyitself,exceptgenerateadiscoveryevent.ItwillthenbethejobofZabbix’sactionsfacilitytodetecttheaforesaideventanddecidewhetherandhowtoactonit.
Discoveryeventactionsareverysimilartoregulartriggereventactions,soyou’llprobablybealreadyabletomakethemostoutofthem.ThemainthingtorememberisthatwithZabbix,youcannotactdirectlyonaneventtocreateordisableahost:youneedtoeithercopytheeventdatabyhandsomewhereandthenproceedwithallthemanualoperationsneededbasedonthatdata,oryouneedtoproperlyconfiguresomeactionstodothatworkforyou.Inotherwords,withoutaproperlyconfiguredaction,adiscoveryrulewillnotaddbyitselfanydiscoveredhosttothelistofmonitoredones.
Everyactionhasaglobalscope:it’snottiedtoanyparticulartrigger,host,orhostgroupbydefault.Thismeansthatwhenyoucreateanaction,you’llneedtoprovidesomeactionconditionsinordertomakeitvalidonlyforcertaineventsandnotothers.ToaccessthediscoveryactionssectioninthewebUI,headtoConfiguration|ActionsandthenselectDiscoveryfromtheEventsourcedrop-downmenu,justundertheCreateactionbutton.
Whenyoucreateanaction,you’llstartwithgivingitanameanddefiningadefaultmessageintheactiondefinitionsection.You’llthenmovetotheactionconditionssectiontoprovidefilteringintelligence,beforefinishingwiththeactionoperationssectiontoprovidetheaction’scorefunctionality.Actiondefinitionsareprettysimpleasyou’lljustneedtoprovideauniquenamefortheactionandadefaultmessage,ifyouneedone.So,let’smovestraighttotheinterestingsectionsofactionconfiguration:conditionsandoperations.
www.it-ebooks.info
![Page 147: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/147.jpg)
DefiningactionconditionsTheactionconditionssectionletsyoudefineconditionsbasedontheevent’sreportedhostIPaddress,servicestatusandreportedvalue,discoveryrules,andafewothers:
TheReceivedvalueconditionisofparticularinterest,asitallowsyoutodothingslikedifferentiatingbetweenoperatingsystems,applicationversions,andanyotherinformationyoucouldgetfromaZabbixorSNMPagentquery.Thiswillbeinvaluablewhendefiningactionoperations,asyou’llseeinthenextparagraph.Areceivedvaluedependsonthediscoveryruleandontheoutputofthediscoveryeventthattriggerstheaction.Forexample,ifadiscoveryruleissettolookforhostsrespondingtoanSNMPGetfortheSNMPv2-MIB::sysDescr.0OID,andthatrulefindsarouterthathasC3745asthevalueofthatOID,thenthediscoveryeventwillpassC3745totheactionasthereceivedvalue.
Singleconditionscanbecombinedtogetherwithlogicaloperators.There’snotmuchflexibilityinhowyoucancombinethemthough.
YoucaneitherhaveallAND,allOR,oracombinationofthetwowhereconditionsofdifferenttypesarecombinedwithAND,whileconditionsofthesametypearecombinedwithOR.
www.it-ebooks.info
![Page 148: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/148.jpg)
ChoosingactionoperationsDiscoveryactionsaresomewhatsimplerthantriggeractionsastherearenostepsorescalationsinvolved.Thisdoesn’tmeanthatyoudon’thavequiteafewoptionstochoosefrom:
Pleasenotethatevenifyoudefinedadefaultmessage,itwon’tbesentuntilyouspecifytherecipientsinthissectionusingtheSendmessageoperation.Ontheotherhand,ifadding(orremoving)ahostisaquiteself-explanatoryaction,whenitcomestoaddingtoahostgrouporlinkingtoatemplate,itbecomesclearthatagoodsetofactionswithspecificreceivedvalueconditionsandtemplate-linkingoperationscangiveahighlevelofautomationtoyourZabbixinstallation.
NoteThishighlevelofautomationisprobablymoreusefulinrapidlychangingenvironmentsthatstilldisplayagoodlevelofpredictability,forexample,thekindofhostsyoucanfind,suchasfast-growinggridsorclusters.Inthesekindsofenvironments,youcanhavenewhostsappearingonadailybasis,andmaybeoldhostsdisappearatalmostthesamerate,butthekindofhostismoreorlessalwaysthesame.Thisistheidealpremiseforasmallsetofwell-configureddiscoveryrulesandactions,soyoudon’thavetoconstantlyandmanuallyaddorremovethesametypesofhosts.Ontheotherhand,ifyourenvironmentisquitestableoryouhaveaveryhighhosttypevariability,youmightwanttolookmorecloselyatwhich,andhowmanyhosts,youaremonitoringasanyerrorcanbemuchmorecriticalinsuchenvironments.
Also,limitingdiscoveryactionstosendingmessagesaboutdiscoveredhostscanprove
www.it-ebooks.info
![Page 149: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/149.jpg)
quiteusefulinsuchchaoticenvironmentsorwhereyoudon’tcontroldirectlyyoursystems’inventoryanddeployment.Insuchcases,gettingsimplealertsaboutnewhosts,ordisappearingones,canhelpthemonitoringteamkeepZabbixupdateddespiteanycommunicationfailurebetweenITdepartments,accidentalorotherwise.
Moreover,youarenotstuckwithe-mailsandSMSesfornotificationsorlogging.InanActionoperationform,youcanonlychooserecipientsasZabbixusersandgroups.Iftheusersdon’thaveanymediadefined,ortheydon’thavetherightmediafortheactionoperation,theywon’treceiveanymessage.AddingmediatousersisdonethroughtheAdministrationtaboftheZabbixfrontend,whereyoucanalsospecifyatimewindowforaspecificmediatobeused(sothatyouwon’tgetdiscoverymessagesasanSMSinthemiddleofthenightforexample).Speakingofusersandmediatypes,youcanalsodefinecustomones,throughtheMediatypessectionoftheAdministrationtabinZabbix’sfrontend.NewmediatypeswillbeavailablebothintheMediasectionoftheuserconfigurationandastargetsformessagesendingintheActionoperationsform.
AninterestingusefornewmediatypesistodefinecustomscriptsthatcangobeyondsimpleemailorSMSsending.
AcustommediascripthastoresideontheZabbixserver,inthedirectoryindicatedbytheAlertScriptsPathvariable,inthezabbix_server.confconfigurationfile.Whencalledupon,itwillbeexecutedwiththreeparameterspassedbytheserverandtakenfromtheactionconfigurationinthecontextoftheeventthatwasgenerated:
$1:Thisistherecipientofthemessage$2:Thisisthesubjectofthemessage$3:Thisisthemainmessagebody
Therecipient’saddresswillbetheonedefinedforthenewmediatypeinthecorrespondingmediapropertyfortheuserspecifiedintheactionoperationstep.Thesubjectandthemessagebodywillalsobepassedaccordingtotheactionoperationstep,asshownintheprecedinglist.ThisisallthatZabbixneedstoknowaboutthescript.
Thefactis,acustomscriptcanactuallydomanydifferentthingswiththemessage:loggingtoalocalorremotedirectory,creatinganXMLdocumentandinteractingwithalogmanagerwebservicesAPI,printingonacustomdisplay—justaswitheverycustomsolution,thesky’sthelimitwithcustommediatypes.
Hereisasimple,practicalexampleofsuchacustommediatype.Let’ssaythatyourITdepartmenthasimplementedaself-provisioningserviceforvirtualmachinessothatdevelopersandsystemadminscancreatetheirownVMsandusethemforalimitedamountoftimebeforetheyaredestroyedandtheresourcesrecycled.Thislaboratoryofsortshasbeenputinaseparatenetwork,butusersstillhavetogainaccesstoit,andtheyarealsoadministratorsofthoseVMs,sothere’sverylittlecontroloverwhatgetsinstalled,configured,oruninstalledonthosemachines.Inotherwords,whileyoucouldprovisiontheVMswithapreinstalledZabbixagent,youcan’treallyrelyonthefactthatyourusers,whetherinadvertentlyorforspecificreasons,wouldnotdisableit,orwouldnotinstallservicesthatshouldreallynotbethere,likeaDHCPserverforexample.So,youdecideto
www.it-ebooks.info
![Page 150: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/150.jpg)
keepaneyeonthosemachinesdirectlyfromtheZabbixserver(orasuitableproxy)andimplementasimplediscoveryrulethatwillgenerateadiscoveryeventforeveryhostthatrespondstoanICMPechorequestandnothingmore,asfollows:
Basedonthatrule,you’llwanttoconfigureanactionthat,foreveryhostinthatsubnet,willperformaportscanandreporttheresultsviamailtoyou.
Todothat,you’llfirstneedtohaveacustommediatypeandthecorrespondingscript.So,youheadtoAdministration|MediatypesandclickonCreatemediatype.Oncethere,youassignasuitablename,selectScriptasatypeandprovideZabbixwiththenameofthescripttoexecute.Here,youjustneedtodefinethescriptname,asshowninthefollowingscreenshot.You’llfindoutlaterinthechapterinwhatdirectorytheactualscriptshouldbeplaced:
Justaddingamediatypeisnotenoughthough,you’llhavetoenableitfortheuseryouintendtosendthosereportsto.JustheadtoAdministration|Usersandselecttheuseryouwanttoaddthenewmediatypeto.Quitepredictably,thetabyouwantiscalledMedia.Addthemediayoujustcreatedandremembertoalsoaddawaytotellthescript
www.it-ebooks.info
![Page 151: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/151.jpg)
whereitshouldsendtheresults.Sinceyouareinterestedinreceivingane-mailaddressafterall,that’swhatwe’lltellZabbix,asfollows:
TheSendtoparameterwillbethefirstargumentpassedtoport_scan.sh,followedbythesubjectandthebodyofthemessagetosend.So,beforeactuallydeployingthescript,let’sdefinethesubjectandthebodyofthemessage.Todothat,you’llneedtocreateanactionforthediscoveryevent,asfollows:
Forthepurposesofthescript,allyoureallyneedistheIPaddressofthehostyouaregoingtoscan,butitcertainlywouldn’thurttoaddsomemoreinformationinthefinalmessage.
www.it-ebooks.info
![Page 152: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/152.jpg)
Thenextstepistodefinesomeconditionsfortheaction.Rememberthatactionsareglobal,sothefirstconditionyouwanttosetistheIPrangeonwhichthisactionwillbeperformed,otherwiseyou’druntheriskofperformingaportscanoneverydiscoveredhostinyournetwork.
Youmightalsowanttolimittheactionasaconsequenceforthediscoveryruleyoucreated,independentofanyotherrulesyoumighthaveonthesamenetwork.
Finally,youshouldmakeadecisionaboutthediscoverystatus.Ifyouwantaperiodicupdateofwhatportsareopenonadiscoveredhost,you’llalsoneedtodefineaconditionforthehosttobeUp:inotherwords,forthehosttobereportedasliveforatleasttwoconsecutivechecks.
Foraslongasthehoststaysup,aportscanwillbeexecutedandreportedaccordingtothediscoveryintervaloftheruleyoudefinedearlier.Ifyoujustwantaportscanforanewhostorforahostthathasbeenreportedasdownforawhile,you’lljustneedtofiretheactionontheconditionthatthehostisDiscovered;thatis,itisnowbeingreportedup,whileitwasdownbefore.Whatiscertainisthatyou’llwanttoavoidanyactionifthehostisdownorunavailable.
Thefollowingscreenshotencapsulatesthediscussioninthisparagraph:
Thelaststepistodefinetheactionoperationthatissendingthemessageviatheport_scancustommediatypetotheuseryouwant,asfollows:
www.it-ebooks.info
![Page 153: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/153.jpg)
Oncedonewiththis,youarefinallyreadytocreatetheport_scan.shscript.So,headtotheAlertScriptsPathdirectoryasconfiguredinyourzabbix_server.conf(it’susuallydefinedas/usr/lib/zabbix/alertscripts)andcreatethefollowingscriptthere:
#!/bin/bash
RECIPIENT=$1
IPADDRESS=$2
MESSAGE=$3
SCAN="nmap-AT5-sT"
RESULT=$($SCAN$IPADDRESS)
(echo"ScanresultsforIP$IPADDRESS";
echo"$RESULT";
echo"";
echo"$MESSAGE")|mailx-s"Scanresultsfor$IPADDRESS"$RECIPIENT
NoteDon’tforgettosetthecorrectownershipandpermissionsforthescriptonceyouaredone:
#chownzabbixport_scan.sh
#chmod755port_scan.sh
Asyoucansee,theprogramthatwillperformtheactualportscanisNmap,somakesureyouhaveitinstalled.Incaseyoudon’thaveitinstalled,asimpleyuminstallnmapwilltakecareofthat.TheoptionspassedtoNmaparejustthebasics:-sTperformsasimpleconnect()scan.It’snotthefanciestone,butit’stheonlyoneavailabletonon-rootusers,
www.it-ebooks.info
![Page 154: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/154.jpg)
andthescriptwillbeexecutedbyZabbixasthezabbixuser.–Aturnsontraceroute,OS,andservicedetectionsothattheoutputisascompleteaspossible.Finally,-T5forcesNmaptoexecutetheportscaninaslittletimeaspossible.Oncethescripthastheresultsoftheportscan,itwilljustconstructthemessageandsendittotherecipientdefinedintheaction.
Thisis,ofcourse,averybasicscript,butitwillgetthejobdone,andyou’llsoonreceiveaportscanreportforeverynewVMcreatedinyourself-provisioninglab.Tokeepthingssimpleandclear,wedidnotincludeanyconsistencycheckingorerrorreportingincaseofproblems,sothat’scertainlyawayyoucanimproveonthisexample.Youcouldalsotrytosendtheresultstoalogfile(oralogdirectory)insteadofamailaddress,oreventoadatabase,sothatotherautomationcomponentscanpickupthereportsandmakethemavailableviaothermediasuchaswebpages.Whatyou’llprobablywanttoavoidistodirectlychangethehost’sconfiguration,orZabbix’sownone,throughthisscript.
Evenifnoonewillpreventyoufromdoingso,it’sprobablybestifyouavoidusingallthispowertoexecutecomplexscriptsthatmightchangeyournetworkconfiguration,suchasenablinginterfaces,addingrulestoafirewall,andsuchlike.Whilethisisperfectlypossibleusingacustommediascript,thisshouldbethedomainofremotecommands.Thesewilltakecenterstageinthenextparagraph.
RemotecommandsTherearequiteafewoptionsavailabletoyouwhenitcomestoexecutingremotecommandsasanactionoperation.
YoucandefinealistofIPMIcommandstoberunonthetargethostoraseriesofSSHcommandsthatconnecttoaboxandperformvariousoperationsthere.AremotecommandcouldevenbeasimplewrapperforaremotescriptdeployedonaZabbixagent,oracustomscriptthatwillberuneitheronanagentorontheZabbixserveritself.
Thetruthis,sometimes,remotecommandscanbejustalittletoopowerful.Youcanstartandstopservices,deployorprovisionsoftware,makeconfigurationchanges,openorclosefirewallports,andeverythingelseyoucanpossiblyimagine,aslongasyoucanwriteascriptforit.Whilethiscansoundfascinatingandpromising,wehavefoundovertheyearsthatthesesolutionstendtobefragileandunpredictable.OneofthereasonsisthatZabbixdoesn’twarnyouifaremotecommandfails.Moreimportantly,environmentstendtochangefasterthantheseautomationtoolssothatyoucanquicklyfindyourselfdealingwiththeunintendedconsequencesofaremotecommandrunningwhereitshouldnotrun,ornotrunningwhenitshouldrun.
Themoreoftheseyouadd,themoreitwillbehardtokeeptrackofthem,andthemoreonecanbeluredintoafalsesenseofsecurity,countingonthefactthatremotecommandsaretakingcareofthings,while,infact,theymaybecontributingtothechaosinsteadoftamingit.
Thatsaid,it’scertainlyundeniablethatremotecommandscanbeuseful.Let’sseeanexamplethatisbothhelpfulforyourZabbixconfigurationandalsofairlysafe.
www.it-ebooks.info
![Page 155: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/155.jpg)
InChapter2,ActiveMonitoringofYourDevices,we’veseenhowit’spossibletousesomeofthemeasurements,asreportedbyahost’sitems,topopulatethesamehost’sinventoryfields.Thisisagreatsolutionforthefieldsthatcanbefilledthisway,butwhatabouttheotherones?ThingslikePOCdetails,maintenancedates,installername,installedsoftware,andsuchlikecan’talwaysbeextrapolatedfrommonitoringmetricsastheymaysimplynotbeavailableonthemonitoredhostitself.
Theyusuallyareavailable,though,onassetinventorysystemsthatITdepartmentsusetokeeptrackofavailableresources.
Inthefollowingexample,you’llcreateanactionoperationthatwillexecutearemotecommandontheZabbixserver,fetchsomeinventoryinformationfromanassetdatabase,andfilluporupdatethehost’sinventorydetails.
Beforeproceedingwiththecommand,let’smakeanassumptionandsomepreparations.
Therearemanyassetinventorysystemsavailable,someproprietaryandsomeopensource.Allofthemhavedifferentdatabaseschemasanddifferentwaystoexposetheirdata.Moreover,aninventorydatabasestructuredependsasmuchontheactualenvironmentit’sputinto,andtheprocessesthatgoverntheaforesaidenvironment,asitisonitsinternalspecifications.So,wedecidedtouseadummyassetmanagementtoolthatwillreturn,givenanIPaddress,asimpleJSONobjectcontainingalltheinventorydatayouneedforthetaskathand.Theassumptionisthatyou’llbeabletoputtheexampleintoyourcontextandfigureouthowtoextractthesameinformationfromyourowninventorymanagementsystem,andthatyouwillalsoknowwhatauthenticationschemeyouwillrelyonifyouneedtomakejustonerequestormultiplerelatedrequests,andsoon.
Secondly,forpracticalreasonswearegoingtousePythonasthelanguageofthecommandscript,soyou’llwanttomakesurethatit’sinstalledandavailableonyourZabbixserver.Ifit’snotthere,youcaninstallit,andtherelatedutilities,quiteeasilyusingyum:
#yuminstallpython
#yuminstallpython-setuptools
#easy_installpip
Finally,wearegoingtointeractwithZabbix’sconfigurationnotthroughdirectqueriestoitsdatabase,butthroughitsAPI.Inordertodothat,we’lluseaveryusefulPythonlibrary,calledpyzabbix.Youcanfinditathttps://github.com/lukecyca/pyzabbix,butsinceyouinstalledpip,itwillbeextremelyeasytomakeitavailabletoyourPythoninstallation.Justrunthefollowingcommand:
#pipinstallpyzabbix
ThePythonpackagemanagerwilldownloadandinstallitforyou.
Nowwearereadytoconfigurethediscoveryactionandwritetheactualcommandscript.
Youcanchoosetoreuseanexistingdiscoveryrule,suchasthesimpleICMPruleyouusedinthepreviousparagraph,youcancreateanewonespecifictoasinglenetworktoscan,asingleTCPportthathastobeavailable,orthepresenceofaZabbixagent.Wewon’tgo
www.it-ebooks.info
![Page 156: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/156.jpg)
intoanymoredetailshere,asyou’vealreadylearnedhowtoconfigureoneearlierinthechapter.Similarly,wecansafelyskipanydetailabouttheactionconditionsastheymightalsobeentirelysimilartothoseshownearlier.Whatchangesis,ofcourse,theactionoperation.Thefollowingscreenshotwillgiveyouabetterideaofwhatwehavebeentalkingaboutinthisparagraph:
TheimportantelementsherearethefactthatthescriptshouldbeexecutedontheZabbixserver,thefactthatwespecifiedthefullpathforthescript,andthefactthatweareusingthe{DISCOVERY.IPADDRESS}macroastheargument.
Oncetheactionisconfigured,youarereadytopreparetheactualscript.Let’sseehowitwouldlook:
#!/usr/bin/python
importsys
importjson
frompyzabbiximportZabbixAPI
importdummy_inventory_api
ipaddr=sys.argv[1]
hostinfo_json=dummy_inventory_api.getinfo(ipaddr)
#hostinfo_jsonwillcontainaJSONstringsimilartothisone:
#{"hostip":"172.16.11.11",
#"hostname":"HostA",
www.it-ebooks.info
![Page 157: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/157.jpg)
#"inventory":{
#"asset_tag":"12345678",
#"install_date":"31-11-2014",
#"installer_name":"SKL"
#}
#}
hostinv=json.loads(hostinfo_json)['inventory']
zbx=ZabbixAPI(http://127.0.0.1/zabbix/)
zbx.login("admin","zabbix")
hostinfo=zbx.host.get(output=['hostid'],filter={'ip':ipaddr})
hid=hostinfo[0]['hostid]
zbx_inventory={
'date_hw_install':hostinv['install_date'],
'installer_name':hostinv['installer_name'],
'asset_tag':'12345678'
#addotherfieldsyoumaybeinterestedin…
}
zbx.host.update(hostid=hid,inventory=zbx_inventory)
sys.exit()
Asyoucansee,thescriptisfairlystraightforwardandsimplistic,butitcanbeusedasastartingpointforyourowninventory-updatingscripts.Themainthingthatyouneedtotakecareofistofigureouthowtogetyourinventorydatafromyourassetdatabase.YoumightneedtoconnecttoaRESTAPI,orgetanXMLdocumentviaawebservice,orevenperformsomequeriesviaODBC.WhatmattersisthatyouendupwithaPythondictionaryorlistcontainingallthatyouneedtoupdatetherelevanthostinZabbix.
ThesecondpartofthescriptfirstofallshowsyouhowtoconnecttotheZabbixAPIusingtheZabbixAPIconstructor.Itthenproceedswiththeloginmethod,whereyou’llneedtoprovidethecredentialsyouconfiguredearlier.
Allgetmethodsacceptafilterparameterthatyoucanusetoretrieveasingleobjectoralistofobjectsthatsatisfycertainconditions.Inthiscase,weusedittogetthehostidofthehostthatisassociatedwithaspecificIPaddress.
Payattentiontothenextlineasthevaluereturnedbyallgetmethodsisalwaysalist,evenifitcontainsonlyoneelement.That’swhyweneedtoreferencethefirstelementofhostinfo,element0,beforereferencingtheinventorydictionarykey.
Weonlyshowedthreeinventoryfieldshere,buttherearemanymoreavailableinZabbix,soitmaybeagoodideatobuildadictionarywithallZabbixinventoryfieldsaskeysandtheretrievedvaluesasvalues.
Nowthatwehavethehostidandtheinventoryinformationatourdisposal,wecanproceedwiththeactualinventoryupdate.Theupdatemethodisfairlystraightforward:youspecifythehostidofthehostyouwanttoupdateandthenewvaluesforthefieldsthatyouneedtoupdate.
Andthat’sit,withascriptlikethisconfiguredasaremotecommandforadiscoveryaction,youcankeepyourZabbixinventorydatainsyncwithwhateverassetmanagementsystemyoumayhave.
www.it-ebooks.info
![Page 158: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/158.jpg)
Asyoumighthaverealized,hostdiscoverycanbequiteacomplexmatterbecauseofthesheernumberofvariablesyouneedtotakecareof,andbecauseit’snotalwayseasy,inareal-worldnetwork,toidentifyaclearlogicforhostcreation,templateassignment,andothermonitoringparameters,basedondiscoverydata.
Low-leveldiscovery,bycontrast,ismuchmoresimple,givenitspowertodynamicallycreatespecificitemsasahost’savailableresourcesarediscovered.So,let’susetheremainingpagesofthischaptertoexploreafewaspectsofthisextremelyusefulfeature.
www.it-ebooks.info
![Page 160: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/160.jpg)
Low-leveldiscoveryAnextremelyusefulandimportantfeatureofZabbixtemplatesistheirabilitytosupportspecialkindsofitemscalledlow-leveldiscoveryrules.Onceappliedtoactualhosts,theseruleswillquerythehostforwhateverkindofresourcestheyareconfiguredtolookfor:filesystems,networkinterfaces,SNMPOIDs,andmore.Foreveryresourcefound,theserverwilldynamicallycreateitems,triggers,andgraphsaccordingtospecialentityprototypesconnectedtothediscoveryrules.
Thegreatadvantageoflow-leveldiscoveryrulesisthattheytakecareofthemorevariablepartsofamonitoredhost,suchasthetypeandnumberofnetworkinterfaces,inadynamicandgeneralway.Thismeansthat,insteadofmanuallycreatingspecificitemsandtriggersofeveryhost’snetworkinterfacesorfilesystems,orcreatinghugetemplateswithanypossiblekindofitemforaparticularoperatingsystemandkeepingmostoftheseitemsdisabled,youcanhaveareasonablenumberofgeneraltemplatesthatwilladaptthemselvestothespecificsofanygivenhostbycreatingontheflyanyentityrequired,basedondiscoveredresourcesandpreviouslyconfiguredprototypes.
Outofthebox,Zabbixsupportsfourdiscoveryrules:
NetworkinterfacesFilesystems’typesSNMPOIDsCPUsandCPUcores(asofversion2.4)
Asdiscoveryrulesareeffectivelyspecialkindsofitems,youcancreateyourownrules,providedyouunderstandtheirpeculiaritycomparedtoregularitems.
Youneedtocreateandmanagelow-leveldiscoveryrulesintheDiscoveryrulessectionofatemplateconfigurationandnotintheusualItemssection,evenifthediscoveryrulesendupcreatingsomekindofitems.Themaindifferencebetweendiscoveredandregularitemsisthat,whereasaregularitemusuallyreturnsasinglevalue,adiscoveryitemalwaysreturnsalist,expressedinJSON,ofmacrovaluepairs.Thislistrepresentsalltheresourcesfoundbythediscoveryitems,togetherwithameanstoreferencethem.
ThefollowingtableshowsZabbix’ssupporteddiscoveryitemsandtheirreturnvalues,togetherwithageneralizationthatshouldgiveyouanideaofhowtocreateyourownrules:
Discoveryitemkey Itemtype Returnvalues
vfs.fs.discovery Zabbixagent
{"data":[
{"{#FSNAME}":<path>","{#FSTYPE}":"<fstype>"},
{"{#FSNAME}":<path>","{#FSTYPE}":"<fstype>"},
{"{#FSNAME}":<path>","{#FSTYPE}":"<fstype>"},
…
]}
{"data":[
{"{#IFNAME}":"<name>"},
{"{#IFNAME}":"<name>"},
www.it-ebooks.info
![Page 161: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/161.jpg)
net.if.discovery Zabbixagent {"{#IFNAME}":"<name>"},
…
]}
snmp.discovery SNMP(v1,v2,orv3)agent
{"data":[
{"{#SNMPINDEX}":"<idx>","{#SNMPVALUE}":"<value>},
{"{#SNMPINDEX}":"<idx>","{#SNMPVALUE}":"<value>},
{"{#SNMPINDEX}":"<idx>","{#SNMPVALUE}":"<value>},
…
]}
system.cpu.discovery Zabbixagent
{"data":[
{""{#CPU.NUMBER}":"<idx>","{#CPU.STATUS}":"<value>},
{"{#CPU.NUMBER}":"<idx>","{#CPU.STATUS}":"<value>},
{"{#CPU.NUMBER}":"<idx>","{#CPU.STATUS}":"<value>},
…
]}
custom.discovery Any
{"data":[
{"{#CUSTOM1}":"<value>","{#CUSTOM2}":"<value>"},
{"{#CUSTOM1}":"<value>","{#CUSTOM2}":"<value>"},
{"{#CUSTOM1}":"<value>","{#CUSTOM2}":"<value>"},
…
]}
TipJustaswithallSNMPitems,theitemkeyisnotreallyimportantaslongasitisunique.It’stheSNMPOIDvaluethatyouaskanagentforthatmakesthedifference:youcancreatedifferentSNMPdiscoveryrulesthatlookfordifferentkindsofresourcesbychangingtheitemkeyandlookingfordifferentOIDvalues.Thecustomdiscoveryexampleisevenmoreabstractasitwilldependontheactualitemtype.
Asyoucansee,adiscoveryitemalwaysreturnsalistofvalues,buttheactualcontentsofthelistchange,dependingonwhatresourcesyouarelookingfor.Inthecaseofafilesystem,thereturnedlistwillcontainvalueslike{#FSNAME}:"/usr",{#FSTYPE}:"btrfs",andsoonforeverydiscoveredfilesystem.Ontheotherhand,anetworkdiscoveryrulewillreturnalistofthenamesofthediscoverednetworkinterfaces.ThisisthecaseforthedefaultSNMPnetworkinterfacestemplate.Let’sseeindetailhowitworks.
Thetemplatehasadiscoveryrulecallednetworkinterfaces.Itlooksjustlikearegularitemasithasaname,atype,anupdateinterval,andakey.It’sanSNMPtype,soitalsohasanSNMPOID,IF-MIB::ifDescr.Thisisadiscoveryrule,soinsteadofasinglevalue,itwillreturnalistofalltheOIDsthatarepartoftheIF-MIB::ifDescrsubtreeforthatparticulardevice.ThismeansthatitwillreturntheOIDanditsvalueforallthenetworkinterfacespresentonthedevice.Everytimethediscoveryruleisexecutedonahost(basedontheupdateinterval,justlikeanyotheritem),itwillreturnalistofallinterfacesthatareavailableatthatparticularmoment.Ifthedevicehadfournetworkinterfaces,itcouldreturnsomethingsimilartothis:
{"data":[
{"{#SNMPINDEX}":"1",
"{#SNMPVALUE}":"FastEthernet0/0"},
{"{#SNMPINDEX}":"2",
www.it-ebooks.info
![Page 162: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/162.jpg)
"{#SNMPVALUE}":"FastEthernet0/1"},
{"{#SNMPINDEX}":"3",
"{#SNMPVALUE}":"FastEthernet1/0"},
{"{#SNMPINDEX}":"4",
"{#SNMPVALUE}":"FastEthernet1/1"},
]}
Thediscoveryrulewillthenproceedtoapplythelisttotheitemandtriggerprototypesithasconfigured,asfollows:
TakingtheIncomingtrafficoninterface{#SNMPVALUE}itemprototypeasanexample,youcanseehowitallcomestogether:
The{#SNMPVALUE}macroisusedintheitem’skeyand,therefore,intheitem’snameaswell(lookatthe$1macrothatreferencesthefirstargumentoftheitem’skey).
www.it-ebooks.info
![Page 163: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/163.jpg)
Ontheotherhand,the{#SNMPINDEX}macrowillbeusedbyZabbixtoactuallygettheincomingtrafficvalueforthatspecificinterfaceasitshouldbeclearbynowifyouobservethevalueintheSNMPOIDfield.
Whenconfiguringatemplate’sdiscoveryrules,youdon’tneedtocareabouttheactualvaluesreturnedintheirlists,northelists’length.Theonlythingyouhavetoknowisthenameofthemacrosthatyoucanreferenceinyourprototypes.Thesearetobereferencedinthesecondhalfofthelow-leveldiscoverymechanism,objectprototypes.Youcreatethemasregulartemplateentities,makingsureyouusethediscoveryitemmacroswhereneeded,andZabbixwilltakecareoftherestforyou,creatingforeachitemprototypeasmanyitemsasthereareelementsinthelistreturnedbythediscoveryrule,foreachtriggerprototypeasmanytriggersasthereareelementsinthelistreturned,andsoon.
So,whenyouapplythetemplatetoahost,itwillcreateitems,triggers,andgraphsbasedontheresourcesdiscoveredbythediscoveryitemsandconfiguredaccordingtothediscoveryprototypes.
Customdiscoveryrules,fromthispointofview,workexactlyinthesamewayascustomitems,whetheryoudecidetouseagent-sidescripts(therebyusingacustomzabbix.agentitemkey),externalscripts,databasequeries,oranythingelse.Theonlythingsyouhavetomakesureofisthatyourcustomitemsreturnkeys/valuesthatfollowtheJSONsyntax,asshownintheprecedingtable,andthatyoureferenceyourcustommacrosintheentitiesprototypesthatyouwillcreate.
Let’sseeanexampleofacustomdiscoveryruleusingagainNmapanditsoutputtodynamicallycreatesomeitemsforahost,representingtheopenportithas,andthekindofservicesthatarelistening.WhywouldyouwanttouseNmapandaportscan?Thedeviceyouneedtomonitormaybedoesn’tsupporttheZabbixagent,soifyoujustaskfortheoutputofnetstat,youmightnotbeabletoinstalltheagentforadministrativereasons,oryoumighthavetomakesurethattheservicesarealsoavailablefromanothernetwork,socheckingthemfromafar,insteadofdirectlyonthehost,willenableyoutoalsoverifyyourfirewallrules,killingtwobirdswithonestone.
Eitherway,we’llcreateanexternalcheckitemperopenTCPport,configuredasacharacter-typeitem.Eachitemwillcontainthenameoftheservicethatwasfoundlistening,ifany,asreportedbyNmap’sservicediscoveryfacilities.
Startbycreatingthediscoveryruleasanexternalcheckthatwillcallaport-mappingscript,asfollows:
www.it-ebooks.info
![Page 164: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/164.jpg)
Asyoucansee,thescriptwillreceivethehost’sIPastheonlyargument,anditwillrunonceanhourforeveryhostthathasthisdiscoveryruleconfiguredandisactive.
ThescriptitselfisverysimpleandisbasedonNMAP’sXMLoutputcoupledwiththeniftyxml2toolyoualreadyusedinChapter3,MonitoringYourNetworkServices,asfollows:
#!/bin/bash
IPADDR=$1
#storeportsasarray
PORTS=($(nmap-sV-oX-${IPADDR}|xml2|grepportid|cut-d'='-f2))
#countelementsofthearrayanduseascounterforlaterprocessing
COUNTER=${#PORTS[@]}
#openJSON
echo'{"data":['
#loopthroughportsandprintkey/value
forPORTin"${PORTS[@]}";do
COUNTER=$((COUNTER-1))
if[$COUNTER-ne0];then
echo"{\"{#PORTID}\":\"${PORT}\"}",
else
#it'sthelastelement.TohavevalidJSONWedon'taddatrailingcomma
echo"{\"{#PORTID}\":\"${PORT}\"}"
fi
done
#closeJSON
echo]}
#exitwithcleanexitcode
exit0
Thelinestartingwithnmapistheheartofthescript.The–oXoptionenablesXMLoutput,whichismorestableandeasytomanagecomparedtothenormalone.Thedashafter–oXspecifiesstdoutastheoutputinsteadofaregularfile,sowecanpipetheresulttoxml2andthentakeonlythelinesthatcontainportid,thatis,theopenportnumbersforthathost.
www.it-ebooks.info
![Page 165: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/165.jpg)
Asaresult,thescriptjustoutputsasimpleJSONobject.Here’sanexampleofwhatthediscoveryrulewillget,asshownfromthecommandline:
./port_map.sh'127.0.0.1'
{"data":[
{"{#PORTID}":"22"},
{"{#PORTID}":"25"},
{"{#PORTID}":"80"},
{"{#PORTID}":"631"},
{"{#PORTID}":"3306"}
]}
It’snowtimetodefinetheitemandtriggerprototypes,basedontheopenportthatyoufound.We’llshowhereanexampleofanitemprototypethatwillreturnthenameandversionofthedaemonlisteningontheport,asreturned,onceagain,byNmap:
Theexternalcheckwillcallascriptthatisevensimplerthanthepreviousone,asfollows:
#!/bin/bash
IPADDR=$1
PORT=$2
nmap-sV-oX--p${PORT}${IPADDR}|xml2|grep'port/service/@\
(product\|version\|extrainfo\)'
ComparedtothepreviousNmapcommand,weaddeda–sVoptiontomakeNMAPrunaseriesofprobesinordertofindoutwhatserviceisrunningbehindthatopenportanda–poptiontospecifyasingleporttoscan.
Theoutputwaskeptsimpleonpurposetoshowyouanexampleofxml2’soutput.Youcan,ofcourse,sliceitanddiceittosuityourownneeds:
./port_service.sh127.0.0.180
/nmaprun/host/ports/port/service/@product=Apachehttpd
/nmaprun/host/ports/port/service/@version=2.2.15
/nmaprun/host/ports/port/service/@extrainfo=(CentOS)
NoteTheamountofinformationNmapwillbeabletogetfromanetworkservicedependsvery
www.it-ebooks.info
![Page 166: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/166.jpg)
muchonhowmuchandonwhatkindofdatatheserviceisconfiguredtoexpose.Thismightdependonbuilt-inparametersorsecurityconsiderationsonthepartoftheserviceowner.Comparedtothepreviousexample,yourmileagecanvary.
Thisiswhatwillappearasthevalueoftheitemoncethediscoveryruleisactivated.
www.it-ebooks.info
![Page 168: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/168.jpg)
SummaryInthischapter,youlearnedhowtouseZabbix’sdiscoveryfacilitiestoautomateitsconfigurationasmuchaspossible.Itshouldalsobecleartoyouwhyit’simportanttominimizethedifferencebetweenwhatisconfiguredinZabbixandwhatisactuallyoutthereonthewire.Keepingtrackofeverythingthatcanappearordisappearonabusynetworkcanbeafulltimejobandonethatisbettersuitedtoautomatedmonitoringfacilitieslikethisone.Younowhavealltheskillsneededtoactuallydoit,andyouarereadytoapplytheminyourreal-worldenvironment.
Inthenextchapter,we’llwrapthingsupbyshowingyouhowtoleverageZabbix’spresentationpowertocreateandmanagegraphs,dynamicmaps,andscreens.
www.it-ebooks.info
![Page 170: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/170.jpg)
Chapter5.VisualizingYourTopologywithMapsandGraphsAsyouprobablyalreadyknow,Zabbix’sapproachtomonitoringisbasedonseparatingdatagatheredfromtriggerlogicandeventlogging.Ontheonehand,thismeansthatyouareabletoreferenceanymeasurement,presentandpast,inyourtriggers,makingthemallthemorepowerful.Ontheotherhand,italsomeansthatyouhavedirectaccesstoallyourmeasurementhistoryforallyouritems.
Whilesortingthroughallofyourhistoricaldatatolookforaspecificvaluecancertainlybeuseful,therealadvantagehereistoleverageZabbix’sgraphingandmappingfunctionalitiestoaggregateandvisualizedatainmeaningfulways.
Inthischapter,you’llseehowtocreatecomplexgraphsfromyouritems’numericalvalues,howtoautomaticallydrawmapsthatreflectthecurrentstatusofyournetwork,andhowtobringitalltogetherusingscreensasatooltocustomizemonitoringdatapresentation.
www.it-ebooks.info
![Page 171: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/171.jpg)
CreatingcustomgraphsBasicgraphicaldatarepresentationcomesforfreeforanyitemthathasanumericdatatype.YoujustneedtogotoMonitoring|LatestData,selectthehostyouareinterestedin,findtherelevantitem,andclickonGraphinthelastcolumnontheright-handside.You’llgetalinegraphwithatimesliderthatyoucanusetochangethetimeframeofthegraphitself;widenittocoveralongeramountoftime,orshortenittofocusonaspecificpointintime.
SinceZabbix2.4,youcanalsocomparedifferentitemsontheflywithadhocgraphs.Theseareadirectextensionofsimplegraphs:fromMonitoring|LatestData,youjustneedtomarkthecheckboxontheleft-handsideofeveryitemthatyouwanttographandselectDisplaystackedgraphorDisplaygraphfromthedrop-downmenuatthebottomofthepage,asfollows:
Theresultisprettymuchtheoneyouexpect.Youalsodon’thavetoworrytoomuchaboutchoosingbetweenanormalgraphandastackedgraphasyou’llbeabletoswitchbetweenthetwofromthegraphitself,asfollows:
Thesequick,adhocgraphscanreallycovermostofyourvisualizationneeds,especiallyforvaluesthatyoudon’tconsultthatoftenorifyouneedtocompareitemsthatyou
www.it-ebooks.info
![Page 172: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/172.jpg)
normallydon’thaveto,aspartofanewanalysisortoinvestigateanewclassofproblems.
Ontheotherhand,ifyouneedtocomparethesametypesofitemsoverandover,andfordifferenthosts,you’llneedawaytosaveyourselectionssothatyouareabletoaccessyouraggregatedgraphswithouthavingtospecifyeverytimewhatitemsneedtobegraphed.Youcanachieveallthiswithcustomgraphs.
NoteIfyouliketovisualizeyourpercentiledatawithpiecharts,you’llalsoneedtocreatecustomgraphsasthey’recurrentlytheonlywaytocreatepiechartsinZabbix.
Customgraphscanbecreatedaspartofahost,orbetteryetaspartofatemplate,oralow-leveldiscoveryrule,sothatanyhostinheritingthetemplateordiscoveryrulewillautomaticallyalsoinheritthecustomgraph.
Tocreateone,youneedtogotoConfiguration|Templates,choosethetemplateyouwanttoputyourgraphinto,selectGraphs,andclickonCreategraph.Thiswillbringyoutothegraphcreationform.Forconvenience,thefollowingexamplewillshowyousomeitemsalreadyaddedtotheitemlistandsomeotheroptionsalreadyselectedinsteadofanemptyform,butyou’lleasilybeabletoaddyourownitemsbyfollowingtheaddlinkatthebottomoftheitemlist,asfollows:
Asyoucansee,thereareafewoptionsworthnoting.Firstofall,youcanselectthegraphtypebetweenNormal,Stacked,Pie,andExploded(thatis,apiechartwithallslicesseparatedinsteadofclosetogether).Next,ifyouselecttheShowtriggerscheckbox,thegraphwillincludeahorizontallineforeverytriggerthathasanyoftheitemspresentin
www.it-ebooks.info
![Page 173: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/173.jpg)
thegraph’sitemlistinitsexpression.Youdon’thavetospecifythetriggerorfindthemmanually;Zabbixwilltakecareoffindingallrelevanttriggersandshowthemonthegraph.
Youcanalsospecifytherangeofyaxisvalueseitherasfixedvaluesorcalculatedbasedonthedatayouhave.You’llnormallywanttosetthemascalculatedasthisoptionwillusuallyshowtheclearestandbest-lookinggraphs,butsometimes,youmightwanttosetthemtoafixedvaluetohaveabetterunderstandingofhowthevalueschange,especiallyiftheyfluctuatealotbetweenverybigandverysmallvalues,andtheitemexpressesapercentilerange.
Movingtotheitemlist,youcanordertheitemsbydragginganddroppingthebluearrowsontheleft-handsideoftheitem’snameandchangetheircolorbyeitherspecifyinganRGBvalueorchoosingfromacolorpalette.
Thedrawstylecanbequiteusefulifyouwantaspecificitemtostandoutfromtherest.Therearequiteafewstylesavailableforanormalgraph,whilethisoptionisnotavailableforstackedandpiecharts.
TheFunctiondrop-downmenuenablesyoutochoosehowtheitemshouldbegraphedforeverytickinthexaxis:youcanchoosebetweentheminimumvalue,themaximumone,andtheaverage.Keepinmindthatthex-axistickdensitywillchangedynamicallywiththetimescaleofthegraph(youcanselectdifferenttimeframeswhilelookingatagraph;youdon’thavetospecifytheminadvance):fortimeframesuptoanhour,itwillshoweverysamplecollected,dependingontheitems’samplefrequency;forlargertimeframes,you’llhavex-axisticksproportionaltothetimeframeselected,whichisafewminutesiftheglobaltimeframeisafewhours,todaysorweeksifyouselectmonths’oryears’worthofmonitoringdata.Foreverytick,Zabbixwillusethefunctionyouselectedheretoplottheitemvalueeitherbyselectingthemaximum,theminimum,ortheaveragevalueforthattimetick.
Finally,youcanchoosewhethertheyaxisforanitemwillbeshownontheleft-handsideortheright-handside.Oneofthereasonstoseparatedifferentitemsondifferenty-axissidesisthatmaybeyouareplottingonthesamegraphitemsthathaveabsolutevaluestogetherwithitemsthatexpressapercentilevalue.Inthiscase,itmakessensetoshowtheabsolutescaleononesideandthepercentileoneontheothersideofthegraph.
Anotherreasonmightbethatyouareplottingtogetheritemsthatwillshow,onaverage,verybigorverysmallvalues,andyoucanpredictaheadoftimetheonesthatwillgravitatetowardsthebottomofthescale,andtheonesthatwillmakethescalegoupwithbigvalues.Inthatcase,youmightwanttoseparatethetwo;otherwise,theitemswithbigvalueswillmaketheotherslookveryflatandnotveryinformativeonthechart.Thisisthecaseillustratedintheprecedinggraph:wepredictedthatthetotalnumberofquerieswouldbemuchbigger(bydefinition)comparedtoalltheothers,sowemoveditsyaxistotheright-handside.Here’stheresultofthegraphwecreated:
www.it-ebooks.info
![Page 174: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/174.jpg)
Whatwehaven’tshownhere,butyoucaneasilyimagine,isthataswithalmosteverythinginZabbix,youarenotlimitedtographingitemsfromthesamehost:youcanjustaseasilygraphthesameitemfromdifferenthosts,orevendifferentitemsfromdifferenthosts.Youmightbeinterested,forexample,intrackingnetworktrafficfromabunchofdifferentroutersandlookingathowthistrafficchangesintime,whichmachinesarethebusiestandwhen,whichonesarenotasbusyasyouexpectedcomparedtotheoveralltrafficyouhave,andsoon.Todothat,youcaneasilycreateagraphfollowingtheguidelinesabove,onlyselectingtherelevantnetworkinterfacesinboundandoutbounditemsfromthedifferentappliancesandputtingthemallonthesameitemlist.
YoucanuseZabbix’scustomgraphcreationfacilitiestoexploreyourdatainverymeaningfulwaysthatcanbehardtoachieveotherwise:don’tbefooledbythefactthatit’sallmainlytime-based(youcan’tputcustomvaluesonthexaxis).You’llsoonfindthattheabilitytocorrelatedifferentitemsfromdifferentsourcesisaverypowerfultoolforbothtroubleshootingandcapacityplanning.
AnotherpowerfultoolisZabbix’smappingfacility.We’llexploreafewinterestingaspectsofmapcreationandmaintenanceinthefollowingsection.
www.it-ebooks.info
![Page 176: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/176.jpg)
Maps–aquicksetupforalargetopologyCreatingcomplexmapsisthekindofjobthatcantakealotoftime.Whiledoingapracticalexample,ifyouwouldliketodesignamapof20-30elements,itiseasytospendupto2hoursevenifyoualreadyknowthejob.
Tomanuallyproduceamap,youneedto:
AddalltheitemsonthemapMovetheitemsarounduntilyouseeanice-lookingdisposition
Everytimeyouneedtoaddinamaponehost,youneedtorepeatmanytimesthesamestepsasaforementioned,whichwillbecomeaboringandcomplextask.Currently,therearemanyopen-featurerequeststhatcanfacilitatethiskindoftask;unfortunately,theyhavebeenopenforalongtime,evenyears.
Theissuesyoucanfaceare:
Youcan’tmovemultipleelementsatthesametime,somethingthatcanbefoundathttps://support.zabbix.com/browse/ZBXNEXT-161Youcan’taddhostsinabulkway,somethingthatcanbefoundathttps://support.zabbix.com/browse/ZBXNEXT-163Youcan’tcloneanyexistingmapelement,somethingthatcanbefoundathttps://support.zabbix.com/browse/ZBXNEXT-51Whenyouareusingicons,youcan’tselectthemautomatically,soyouneedtochecktheirsizeandseewhethertheyfitonyourmap,somethingthatcanbefoundathttps://support.zabbix.com/browse/ZBXNEXT-1608
Forallthoseissues,weneedtofindadifferentwaytoautomatethislongandslowprocess.Clearly,thisisthekindoftaskthatneedstobeautomatedasmuchaspossible.
www.it-ebooks.info
![Page 177: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/177.jpg)
Maps–automatingtheDOTcreationWhatismissinghereissomethingthatcanprocessourinformationandproduceasoutputsomethingusablebyZabbix.Toautomatethistask,thereisonelibrarythatcanhelpus—NetworkX—whichisavailableathttp://networkx.github.io/.
NetworkXisaPythonsoftwarelibrarytailor-madeforthecreation,manipulation,andstudyofdynamicnetworkstructures.
Inthisexample,weassumethatyou’reusingCiscoPrime,whichisavendor-specifictooltoexportadiscoveredtopology.
Anyway,thisconceptisstillvalidasherewearegoingtouseanexportfileobtained,whichisinCSV.ThiskindofCSVcanbeobtainedasanexportfrommanyothervendors’softwareandcanbeeasilyproducedfromanythird-partysoftware.
Thefilethatwearegoingtoparseisinthefollowingform:
IPaddress,Systemname,SysObjectID,Foundbymodules,Neighbors,Status
Asyoucansee,itcontainstheIPaddressofthedevicediscovered,thesystemname,theOIDofthesystem,themodulethatfoundthedevice,alistofalltheneighborsthatareconnectedtoit,anditendswiththestatus.
Thefollowingisanexampleofthelinethatweareexpectingtosee:
10.12.50.1,main.example.com,.1.3.6.1.4.1.9.1.896,System,"10.12.2.1,
10.12.2.2,10.12.3.1,10.12.4.1,10.12.5.1",Reachable
Wearemostlyinterestedinthefollowingfields:
IPaddressSystemnameSysObjectIDNeighbors
Then,whatwecandoiswritesomePythonlinesthatcanreadthisfile,identifyalltherequiredinformation,andwriteintheoutputaDOTfile.
Here,IamgoingtospendafewwordsabouttheDOTnotation,performinganexampleinordertoclarifyhowthisnotationisdone.
Firstofall,IwouldliketoexplainwhywearegoingtohaveaGraphvizDOTfile.
TheGraphvizDOTfileisreallyeasytoread,maintain,andupdate,andnevertheless,itcanbestoredinaCVSorSVN.
Somethingthatisreallyimportanttohaveisafilethatcanbequicklyusedtospotallthedifferencesbetweenversionsandiseasytomaintain.Also,weareconsideringusingitasitisastandardlanguageandagoodstartingpoint,onwhichwecantransformallouracquireddatafromallthedifferentversionsofexport.
Indeed,someothervendor-specificsoftwarecanexportthesamedatabutinadifferentform,soitisimportanttonormalizeallourdatainacommonlanguage.
www.it-ebooks.info
![Page 178: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/178.jpg)
ThiscommonlanguagefilewillbethefiletousetopopulateourZabbixmap.
Thissection,asyouprobablyalreadyhaveunderstood,willbealargeusageoftheGraphviz’spackages.
TheeasiestwaytoinstallandmaintainGraphvizonRedHatEnterpriseLinuxistousethededicatedyumrepository.Tosetupyum,firstofall,youneedtodownloadthegraphviz-rhel.repofileandsaveit(asroot)in/etc/yum.repos.d/,asfollows:
#cd/etc/yum.repos.d
#wgethttp://www.graphviz.org/graphviz-rhel.repo
--2014-11-2702:52:17--http://www.graphviz.org/graphviz-rhel.repo
Resolvingwww.graphviz.org…204.178.9.49
Connectingtowww.graphviz.org|204.178.9.49|:80…connected.
HTTPrequestsent,awaitingresponse…200OK
Length:1138(1.1K)[text/plain]
Savingto:"graphviz-rhel.repo"
100%[======================================>]1,138--.-K/sin0s
2014-11-2702:52:17(134MB/s)-"graphviz-rhel.repo"saved[1138/1138]
#ls-lagraphviz-rhel.repo
-rw-r--r--.1rootroot1138Feb162012graphviz-rhel.repo
Then,youcanfinallylistalltheGraphvizpackagesasroot:
yumlistavailable'graphviz*'
Installthem,asfollows:
yuminstall'graphviz*'
Nowthatwe’veclarifiedthereasonwhywe’redoingthosesteps,itisimportanttowalkthroughtheDOTlanguage.TheDOTlanguageisalanguagemadetorepresentobjectsconnectedbetweeneachother.
Whileperformingapracticalexample,ifwewanttodefinetwoconnectednodeswiththeGraphvizDOTlanguage,wecandoasfollows:
graph{
A—B
}
Thisisaveryeasy-to-understandlanguage;wearenowrepresentingtwonodesconnectedtoeachother.
Toseethegraphicalresult,wecanuseasimplePythonprogramxdot.pyavailablefordownloadhere:
https://github.com/jrfonseca/xdot.py
Allyouhavetodoisdownloadtheprogram,writeafilewiththeGraphvizDOTcontentthatweshowedpreviously,andthenruntheprogram,asfollows:
xdot.pyexample.dot
www.it-ebooks.info
![Page 179: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/179.jpg)
TheresultistheDOTexpressedtopologyvisualized,asfollows:
Usingthesamegrammar,wecandefinethreenodesconnected,asfollows:
graph{
A—B—C
}
Usingthesamexdot.pyusedpreviously,theresultisthefollowing:
Writingacoupleoflinesmore,wecanevenavoidusinglongnamesusingthefollowinggrammar:
graph{
//Wecancreatealiasestoavoidtouseverylongnamesonthedependency
definition
Andrea[hostname="andrea.dalle.vacche.example.com"]
Stefano[hostname="stefano.kewan.lee.example.com"]
router[label="Ournetworkrouter"zbximage="router"]
//nowit'stimetodefineconnectionsbetweenthenodes
//Thisnotationallowsformultipleedgesfrom"router"inonego
router—{AndreaStefano}
}
www.it-ebooks.info
![Page 180: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/180.jpg)
Andtheresultisshownhere:
Foradetaileddocumentationofthisgrammar,pleaserefertotheofficialdocumentationavailableathttp://www.graphviz.org/content/dot-language.
Untilnow,we’vecoveredallthatisneededtoknowforoursmallapplication.
Now,wecancomebacktoourCSVfileweextractedfromCiscoPrime.
HereistheCSVofaverysimplenetwork,butitcanbeappliedonverycomplexnetworktopologies,aswell:
[root@localhostgraphs]#catmy_export.csv
IPAddress,SystemName,SysObjectID,FoundByModules,Neighbors,Status
10.12.20.1,main.example.com,.1.3.6.1.4.1.9.1.896,System,"10.12.2.1,
10.12.2.2,10.12.3.1,10.12.4.1,10.12.5.1",Reachable
10.12.2.1,cluster1.example.com,.1.3.6.1.4.1.9.1.634,System,"10.12.2.2,
192.168.99.1",Reachable
10.12.1.1,london.example.com,.1.3.6.1.4.1.9.1.503,System,"",Reachable
10.12.2.2,cluster2.example.com,.1.3.6.1.4.1.9.1.634,System,"10.12.2.1,
192.168.99.1",Reachable
10.12.3.1,switch1.example.com,.1.3.6.1.4.1.9.1.503,System,"192.168.99.1",Re
achable
10.12.4.1,4.example.com,.1.3.6.1.4.1.9.1.502,System,"192.168.99.1,
10.12.4.42,10.12.4.47,10.12.4.48,10.12.4.49",Reachable
10.12.4.45,4d.example.com,.1.3.6.1.4.1.9.1.503,System,"10.12.4.1",Reachable
10.12.4.46,4e.example.com,.1.3.6.1.4.1.9.1.502,System,"10.12.4.1",Reachable
10.12.4.47,4f.example.com,.1.3.6.1.4.1.9.1.503,System,"10.12.4.1",Reachable
10.12.4.48,4g.example.com,.1.3.6.1.4.1.9.1.503,System,"10.12.4.1",Reachable
10.12.5.1,5.example.com,.1.3.6.1.4.1.9.1.502,System,"192.168.99.1,
10.12.5.45,10.12.5.43,10.12.5.44,10.12.5.46,10.12.5.47,10.12.5.48,
10.12.6.1",Reachable
10.12.5.44,5c.example.com,.1.3.6.1.4.1.9.1.503,System,"10.12.5.1",Reachable
10.12.5.45,5d.example.com,.1.3.6.1.4.1.9.1.503,System,"10.12.5.1",Reachable
10.12.5.46,5e.example.com,.1.3.6.1.4.1.9.1.502,System,"10.12.5.1",Reachable
10.12.5.47,5f.example.com,.1.3.6.1.4.1.9.1.503,System,"10.12.5.1",Reachable
10.12.5.48,5g.example.com,.1.3.6.1.4.1.9.1.503,System,"10.12.5.1",Reachable
10.12.5.155,5i.example.com,.1.3.6.1.4.1.9.1.634,System,"10.12.5.1",Reachabl
e
10.12.6.1,6.example.com,.1.3.6.1.4.1.9.1.502,System,"10.12.6.45,
10.12.6.46,10.12.6.47,,10.12.5.1",Reachable
10.12.6.45,6d.example.com,.1.3.6.1.4.1.9.1.503,System,"10.12.6.1",Reachable
10.12.6.46,6e.example.com,.1.3.6.1.4.1.9.1.502,System,"10.12.6.1",Reachable
www.it-ebooks.info
![Page 181: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/181.jpg)
10.12.6.47,6f.example.com,.1.3.6.1.4.1.9.1.503,System,"10.12.6.1",Reachable
Fromthisfile,weseethatalltherelationsbetweenneighborsarealreadycontainedintheCSV,andthatweonlyneedtoconvertthemintoDOTnotationusingthenodenotation.
Here,wecanstartcodingafewPythonlinestoproduceourdesiredoutput:
#FirstofallweneedtoimportcsvandNetworkx
importcsv
importnetworkxasnx
#Thenweneedtodefinewhoisourzabbixserverandsomeotherdetailto
properlyproducetheDOTfile
zabbix_service_ipaddr="192.168.1.100"
main_loop_ipaddr="10.12.20.1"
main_vlan_ipaddr="149.148.56.1"
#Nowwecanfinallycreateourgraph
G=nx.Graph()
#wecanopenourCSVfile
csv_reader=csv.DictReader(open('my_export.csv'),\
delimiter=",",\
fieldnames=("ipaddress","hostname","oid","dontcare","neighbors"))
#Skiptheheader
csv_reader.next()
forrowincsv_reader:
neighbor_list=row["neighbors"].split(",")
forneighborinneighbor_list:
#Removespaces
neighbor=neighbor.lstrip()
#Addneighbors,andherewe'vedecidedtoignoreisolatednodes
ifneighbor!="":
G.add_edge(row["ipaddress"],neighbor)
#Addadditionalinformationtonodesoredgeshere
G.node[row["ipaddress"]]["hostname"]=row["hostname"]
#CiscoPrimedoesn'texportallIPaddressesofadevice
#butonlythefirstforeachnetwork,Herewemergehostswith
#multipleIPaddresses
mapping={main_vlan_ipaddr:main_loop_ipaddr}
G=nx.relabel_nodes(G,mapping)
#Removeclusterconnectionnotneededinourmap
G.remove_edge("10.12.2.1","10.12.2.2")
#AddingconnectionbetweenZabbixserverandmainswitch
G.add_edge(zabbix_service_ipaddr,main_loop_ipaddr)
main_neigh_list=G.neighbors(main_loop_ipaddr)
#finallywriteoutourfile
nx.draw_graphviz(G)
nx.write_dot(G,"/tmp/total.dot")
Now,ifyourunthissmallsoftwareagainsttheCSVfilewehaveshownbeforeyouseeourDOTfilegeneratedon/tmp/total.dot.Now,itisinterestingtoseehowourDOTfile
www.it-ebooks.info
![Page 182: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/182.jpg)
isrepresentedonXDot.Here,inthenextdiagram,weseetherepresentationofourDOTfile:
Now,allthatwehavetodoisproducethemapstartingfromtheDOTfilewejustgenerated.
www.it-ebooks.info
![Page 183: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/183.jpg)
DraftingZabbixmapsfromDOTHavingarrivedatthispoint,wehaveourGraphvizDOTfilethatiswaitingtobeused.Asyoucanseefromthepreviousimage,thankstoGraphviz,wealreadyhaveaready-to-goimagetouse.Then,allweneedtodois:
1. ReadouttheDOTfile.2. GeneratethetopologyusingGraphviz.3. Acquireallthecoordinatesfromourtopologygenerated.4. UsepyzabbixtoconnecttoourZabbixserver.5. Generateourtopologyinafullyautomatedway.
It’snowtimetowritesomelinesofPython;thefollowingexampleissimilartosomethingpresentedbyVolkerFröhlich.Anyway,thecodeherehasbeenchangedandfixed(itdidnotworkwellwithZabbix2.4).
Asthefirstthing,weneedtoimporttheZabbixApiandnetworkXlibraries:
importnetworkxasnx
frompyzabbiximportZabbixAPI
Then,wecandefinetheGraphvizDOTfiletouseasasource;agoodexampleistheonewejustgenerated:
dot_file="/tmp/total.dot"
Inthenextfewlines,wedefineourusername,password,mapdimension,andrelativemapname:
username="Admin"
password="zabbix"
width=800
height=600
mapname="my_network"
Whatfollowsisastaticmaptodefinetheelementtype:
ELEMENT_TYPE_HOST=0
ELEMENT_TYPE_MAP=1
ELEMENT_TYPE_TRIGGER=2
ELEMENT_TYPE_HOSTGROUP=3
ELEMENT_TYPE_IMAGE=4
ADVANCED_LABELS=1
LABEL_TYPE_LABEL=0
Then,wecandefinetheiconstouseandtherelativecolorcode:
icons={
"router":23,
"cloud":26,
"desktop":27,
"laptop":28,
"server":29,
"sat":30,
www.it-ebooks.info
![Page 184: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/184.jpg)
"tux":31,
"default":40,
}
colors={
"purple":"FF00FF",
"green":"00FF00",
"default":"00FF00",
}
Now,wedefinesomefunctionsthatwecanreuse.Thefirstoneistomanagethelogin,andthesecondoneistodefineahostlookup,asfollows:
defapi_connect():
zapi=ZabbixAPI("http://127.0.0.1/zabbix/")
zapi.login(username,password)
returnzapi
defhost_lookup(hostname):
hostid=zapi.host.get({"filter":{"host":hostname}})
ifhostid:
returnstr(hostid[0]['hostid'])
Thenextthingtodo,isreadourDOTfileandstartconvertingitintoagraph:
G=nx.read_dot(dot_file)
Then,wecanfinallyopenourgraph,asfollows:
pos=nx.graphviz_layout(G)
NoteHere,youcanselectyourpreferredalgorithm.Graphvizsupportsmanydifferentkindsoflayout,andthenyoucanchangethelookandfeelofyourmapasyouprefer.FormoreinformationaboutGraphviz,pleasechecktheofficialdocumentationavailableathttp://www.graphviz.org/.
Then,asthegraphisalreadygenerated,thenextthingtodoisfindthemaximumcoordinatesofthelayout.Thiswillenableustoscalebetterourpredefinedmapoutputsize.
positionlist=list(pos.values())
maxpos=map(max,zip(*positionlist))
forhost,coordinatesinpos.iteritems():
pos[host]=[int(coordinates[0]*width/maxpos[0]*0.95-
coordinates[0]*0.1),int((height-
coordinates[1]*height/maxpos[1])*0.95+coordinates[1]*0.1)]
nx.set_node_attributes(G,'coordinates',pos)
NoteGraphvizandZabbixusetwodifferentdataorigins:Graphvizstartsfromthebottom-leftcorner,andZabbixworksstartingfromthetop-leftcorner.
Then,weneedtoretrievetheselementidsastheyarerequiredforlinksandevenforthenodedatacoordinates,asfollows:
www.it-ebooks.info
![Page 185: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/185.jpg)
selementids=dict(enumerate(G.nodes_iter(),start=1))
selementids=dict((v,k)fork,vinselementids.iteritems())
nx.set_node_attributes(G,'selementid',selementids)
nx.set_node_attributes(G,'selementid',selementids)
Now,wedefinethemaponZabbix,thename,andtherelativemapsize:
map_params={
"name":mapname,
"label_type":0,
"width":width,
"height":height
}
element_params=[]
link_params=[]
Finally,wecanconnecttoourZabbixserver:
zapi=api_connect()
Then,prepareallthenodeinformationandthecoordinatesandthensettheicontouse,asfollows:
fornode,datainG.nodes_iter(data=True):
#Genericpart
map_element={}
map_element.update({
"selementid":data['selementid'],
"x":data['coordinates'][0],
"y":data['coordinates'][1],
"use_iconmap":0,
})
Checkwhetherwehavethehostname,asfollows:
if"hostname"indata:
map_element.update({
"elementtype":ELEMENT_TYPE_HOST,
"elementid":host_lookup(data['hostname'].strip('"')),
"iconid_off":icons['server'],
})
else:
map_element.update({
"elementtype":ELEMENT_TYPE_IMAGE,
"elementid":0,
})
Wesetlabelsforimages,asfollows:
if"label"indata:
map_element.update({
"label":data['label'].strip('"')
})
if"zbximage"indata:
map_element.update({
"iconid_off":icons[data['zbximage'].strip('"')],
})
www.it-ebooks.info
![Page 186: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/186.jpg)
elif"hostname"notindataand"zbximage"notindata:
map_element.update({
"iconid_off":icons['default'],
})
element_params.append(map_element)
Now,weneedtoscanalltheedgestocreatetheelementlinksbasedontheelementweidentified,asfollows:
nodenum=nx.get_node_attributes(G,'selementid')
fornodea,nodeb,datainG.edges_iter(data=True):
link={}
link.update({
"selementid1":nodenum[nodea],
"selementid2":nerodenum[nodeb],
})
if"color"indata:
color=colors[data['color'].strip('"')]
link.update({
"color":color
})
else:
link.update({
"color":colors['default']
})
if"label"indata:
label=data['label'].strip('"')
link.update({
"label":label,
})
link_params.append(link)
#Jointhepreparedinformation
map_params["selements"]=element_params
map_params["links"]=link_params
Now,wehavepopulatedallmap_params,andnowweneedtocallZabbix’sAPIwiththisdata:
map=zapi.map.create(map_params)
Theprogramisnowcomplete,andwecanletitrun!Inareal-worldcase,thetimespenttodesignatopologyofmorethan2,500hostsisonly2–3seconds!
Wecantestthesoftwarehere,proposedagainsttheDOTfilewegeneratedbefore:
[root@localhost]#time./Generate_MyMap.py
real0m0.005s
user0m0.002s
sys0m0.003s
Asyoucansee,oursoftwareisreallyquick…butlet’scheckwhathasbeengenerated.In
www.it-ebooks.info
![Page 187: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/187.jpg)
thenextscreenshot,youcanseethemapthatisgeneratedautomaticallyin0.005seconds:
www.it-ebooks.info
![Page 189: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/189.jpg)
PuttingeverythingtogetherwithscreensUnlikeanyotherZabbixfeaturewedescribedinthischapter,screensdon’tactuallygiveyouneworimprovedinformationaboutyourmonitoreddata.PrettymuchanythingthatyoucandecidetoputonascreencanbefoundsomewhereelseinZabbix.
Frommapsandgraphs,totriggerstatusanditemdata,allofthisandmorecanbeeasilyfoundbyexploringtheMonitoringtabofthewebfrontend.
ButthepointofgatheringexistingdataonaZabbixscreenispreciselythatyoubringtogetherrelateddata,ordifferentviewsofthesamedatasothatyoudon’thavetolookforitaroundthefrontend,andsothatyoucanhaveagoodoverviewofthestatusofyoursystemsandseeataglancewhetherthereareanyproblemswithinyourinfrastructure.
Whenyoucreateascreen(Configuration|Screens|Createscreen),yougiveitanameandastartingnumberofrowsandcolumns.Don’tworrytoomuchabouthowmanyrowsandcolumnsyouassigntoascreenasyouwillbeabletochangethemduringscreenconfiguration.
Onceyouhavethescreencreated,youcangoaheadandconfigureitbyselectingitsnameinConfiguration|Screens.
Ascreenisbasicallyatablewithrowsandcolumnsthatidentifiescells.Everycellcancontaindifferenttypesofdata:
Celltype Description
Actionlog ThisshowsalogofthelatestactionsexecutedbyZabbix.Youcanconfigurehowmanyactionsyouwanttoseeinthecell.
Clock Thisshowsananalogclockwiththecurrenttime.
Dataoverview Thisshowsthelatestitemdataforaspecificgroupofhosts.
Graph Thisshowsanexistingcustomgraph.
Graphprototype Thisshowsacustomgraphcreatedfromalow-leveldiscoveryruleprototype.
Historyofevents
Thisshowsalogofthelatestevents(thesedon’tnecessarilyleadtoactions).Youcanconfigurehowmanyeventsyouwanttoseeinthecell.
Hostgroupissues Thisshowsthecurrentissuesforaspecifichostgroup.
Hostissues Thisshowsthecurrentissuesforaspecifichost.
Host’sinfo Thisshowsasummaryofhostavailabilityforaspecificgroup,suchastheoneyoufindinMonitoring|Overview.
Map Thisshowsanexistingmap.
www.it-ebooks.info
![Page 190: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/190.jpg)
PlaintextThisshowstheplaintexthistoryofaspecificitemtogetherwiththetimestampforeachmeasurement.Youcanconfigurehowmanyentriesyouwanttoseeinthecell.
Screen Thisshowsanexistingscreen.Yes,youcanembedascreenintoanotherscreenifyouwant.
Serverinfo ThisshowsasummaryofthemonitoringstatusfortheZabbixserver,suchasDBconnectivity,numberofhosts,itemsandtriggers,newvaluespersecond,andsoon.
Simplegraph Thisshowsthegraphforasingleitem,suchastheonesyoucanseeinLatestdatawithoutcreatingacustomgraph.
Simplegraphprototype
Thisislikeasimplegraph,butisforitemscreatedautomaticallyfromalow-leveldiscoveryruleprototype.
Systemstatus Thisshowsasummaryofthecurrentissues,dividedintohostgroupsandseverity.
Triggerinformation
Thisshowsasummaryoftriggerscurrentlyinaproblemstate,dividedbyseverity.Youhavetospecifyahostgroup.
Triggeroverview Thisshowseverytriggerstatusforeveryhostinaspecifichostgroup(andoptionally,application).
URL Thisshowsthecontentofanarbitrarywebpage,givenitsURL.
Everycellisalsoindependentfromtheothers:youcanbringtogetherdatabelongingtothesamehostaswellasbelongingtodifferenthostsandhosts’groups,dependingonhowyouwanttoorganizeyourscreen.
Finally,foreverycell,youcanspecifyhowmanyrowsandcolumnsitshouldspan,andforgraphiccelltypes(maps,graphs,andsoon),youcanalsodefinehowmuchspacetheyshouldtakebyspecifyingthewidthandheightinpixels.
Allthisflexibilityiscertainlypowerfulbutcanbeabitoverwhelming,soherearesomegeneralguidelinesthatyoucanrefertowhenyoucreateyourownscreens.
Averyusefultypeofscreenbringstogetherdatafromasinglehostsothatyoucanseeataglanceitsoverallperformance.You’lltypicallywanttoseesomegraphsinascreenlikethis,suchasnetworkandCPUperformance,diskusage,andanyapplication-specificgraphoritemsummaryyoumightneed,suchasdatabaseperformancegraphs,applicationserverstatistics,andsoon.
Inthefollowingexample,we’vekeptthingssimpleduetospaceconstraints,butyoucanseehowevenfourgraphscanproveusefulwhenputtogetherthisway:
www.it-ebooks.info
![Page 191: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/191.jpg)
Aninterestingfeatureofscreencellsisthatyoucanmakethecontentdynamicbyflaggingtheaptlynamedcheckbox.Dynamiccellswillreferthesametypeofcontenttodifferenthostsdependingonthecontext.
Thismeansthatyoucancreateascreenatthetemplatelevel,flagallcellsasdynamic,andjustlikethat,everyhostinheritingthetemplatewillalsoinheritapersonalizedscreen,withallgraphsandtablesreferencingtheaforesaidhost.Thisway,youwon’thavetomanuallycreateaspecificscreenforeveryhost.
Inanothertypeofscreen,youmightwanttofocusongrouptriggersandissues.Inthiskindofscreen,atypicalcell’scontentswillbesomemaps,withhostsandlinksthatchangecolorbasedontriggerstatus,sometriggerinformationandtriggeroverviewcells,andpossiblyalogofthelatesteventsandactions.
Finally,youmightwanttocreatespecificscreensthatbringtogetherhistoricaldatafromdifferentitems,suchasapplication-specificlogfiles,outputfromexternalcommands,suchasNmap,Windowsupdatestatusforahost,andsoon.Asusual,thesky’sthelimithere.
TipKeepinmindthattheprecedingscreentypesaremerelyexamplesthatbarelyscratchthesurfaceofwhat’spossiblewithZabbix’sscreen.Youarebynomeanslimitedtothesetypes;onthecontrary,youareencouragedtomixandmatchthedifferentcellstosuityourownneeds.Don’tletusstopyoufromcreatingawesomescreens!
Onceyouhavecreatedafewscreens,thenextlogicalstepistofindawaytobringthemtogetherinanorganizedway.Slideshowsservethispurposeinaninterestingandusefulway.YoucancreateaslideshowbygoingtoConfiguration|Slideshowsandclicking
www.it-ebooks.info
![Page 192: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/192.jpg)
onCreateslideshow.Thecreationformisprettyself-explanatory:
Muchlikeaddingitemstoacustomgraph,byclickingontheAddlinkatthebottomoftheSlideslist,youcanaddexistingscreenstotheslideshow,andyoucanreorderthembydragginganddroppingthebluearrowsnearthescreennameinthelist.Theresultwillbe,quitepredictably,aslideshowofallthescreensyouhaveputinthelist.Itwillrunoverandovercyclingthroughalltheelements.Eachslidewillhavethefocusforthenumberofsecondsequaltothedefaultdelayifyoudon’tspecifyanythingintheslide’sDelayfield.
Slideshowsareveryusefulwhenshownonabigscreeninadatacenter,butyouneedtobecarefulwhencreatingscreensthatyouknowwillendupinaslideshow.Slidesdon’tscrollvertically,soifascreenisbiggerthanthebrowserwindowusedtoshowtheslides,you’llneverbeabletoseesomeofthedata.Apossibleworkaroundistocreatescreensthatwilltakeupthewholewindowsize,butnothingmore.Thisway,you’llbesurethatallrelevantdatawillalwaysshowupontheslideshowthatyouplayonthatbigscreenyouputonthewallformonitoringpurposes.
Anotherworkaroundistomakesurethatforeachscreenbiggerthanthewindowsize,youputallimportantdataatthetopofthescreen.Thisway,someofthescreen’sdatawillshowupontheslides,whileyou’llstillbeabletoaccessallofitwhenaccessingthescreenonitsownandnotaspartoftheslideshow.
www.it-ebooks.info
![Page 194: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/194.jpg)
SummaryInthischapter,youexploredZabbix’svisualizationfeaturesandlearnedhowtousethemtogetthemostoutofyourmonitoringdata.Sometimes,thevalueofameasurementdoesn’tlieintheeventsandactionsthatitcantrigger,butinitscorrelationwithothermeasurements,bothintime(graphs)andinstantly(maps).Thisisespeciallytruewithnetworkmonitoring,wheretheabilitytopredictthefutureneedsofanetwork,andadapttothem,isjustasimportantasactingoncontingentissues.
WehavereachedtheendofourbriefjourneythroughZabbix’sconfigurationanduse.Now,youshouldbeabletocorrectlysizeaZabbixinstallationbasedonyouenvironment;findthebestandmostappropriatetoolsandprotocolstomonitoryourdata;automatedevicediscoveryandmonitoringasmuchaspossible(andwhennottoautomateit);andmovebeyondactionsandtriggersandvisualizeallyourdatainmeaningfulways.
Withalltheseskillsunderyourbelt,weareconfidentthatyou’llbeabletoadaptapowerfulandflexibletoollikeZabbixtoyourownnetworkandnotbeconfinedtodefaulttemplatesthatmay,ormaynot,reflectyouractualmonitoringneeds.
Monitoringacomputernetworkisoftenalsoadiscoveryjourney,whereyoucangainunexpectedwisdomfromapparentlydryanduninspiringdata,suchasSNMPvaluesandserverlogs.Withthisshortbook,wehopewehaveshownyouhowZabbixcanbeanexcellentmeanstogainsuchwisdomifyouarewillingtoplaywithitforawhileandputtogooduseallitspowerfulfeatures.
www.it-ebooks.info
![Page 197: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/197.jpg)
MySQLpartitioningHereareallthestoredproceduresyouneedtocreatetoproperlyhandledatabasepartitioningwithMySQL.
YouneedtocreatealloftheminyourZabbixdatabase.
Notethatalltheproceduresdescribedherearealsoavailableathttps://github.com/smartmarmot/zabbix_network_monitoring/tree/master/Chapter1.
www.it-ebooks.info
![Page 198: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/198.jpg)
Thepartition_maintenanceprocedureThisisthemostimportantprocedure,whichwillmanagealltheotherstoredproceduresinvolvedinthecreation/dropandverificationofpartitions,asfollows:
DELIMITER$$
CREATEPROCEDURE`partition_maintenance`(SCHEMA_NAMEVARCHAR(32),
TABLE_NAMEVARCHAR(32),KEEP_DATA_DAYSINT,HOURLY_INTERVALINT,
CREATE_NEXT_INTERVALSINT)
BEGIN
DECLAREOLDER_THAN_PARTITION_DATEVARCHAR(16);
DECLAREPARTITION_NAMEVARCHAR(16);
DECLARELESS_THAN_TIMESTAMPINT;
DECLARECUR_TIMEINT;
CALLpartition_verify(SCHEMA_NAME,TABLE_NAME,HOURLY_INTERVAL);
SETCUR_TIME=UNIX_TIMESTAMP(DATE_FORMAT(NOW(),'%Y-%m-%d
00:00:00'));
IFDATE(NOW())='2014-04-01'THEN
SETCUR_TIME=UNIX_TIMESTAMP(DATE_FORMAT(DATE_ADD(NOW(),
INTERVAL1DAY),'%Y-%m-%d00:00:00'));
ENDIF;
SET@__interval=1;
create_loop:LOOP
IF@__interval>CREATE_NEXT_INTERVALSTHEN
LEAVEcreate_loop;
ENDIF;
SETLESS_THAN_TIMESTAMP=CUR_TIME+(HOURLY_INTERVAL*
@__interval*3600);
SETPARTITION_NAME=FROM_UNIXTIME(CUR_TIME+
HOURLY_INTERVAL*(@__interval-1)*3600,'p%Y%m%d%H00');
CALLpartition_create(SCHEMA_NAME,TABLE_NAME,
PARTITION_NAME,LESS_THAN_TIMESTAMP);
SET@__interval=@__interval+1;
ENDLOOP;
SETOLDER_THAN_PARTITION_DATE=DATE_FORMAT(DATE_SUB(NOW(),INTERVAL
KEEP_DATA_DAYSDAY),'%Y%m%d0000');
CALLpartition_drop(SCHEMA_NAME,TABLE_NAME,
OLDER_THAN_PARTITION_DATE);
END$$
DELIMITER;
Thisstoredprocedurewillbethecoreofourhousekeeping.Itwillbecalledwiththefollowingsyntax:
CALLpartition_maintenance('<zabbix_db_name>','<table_name>',
<days_to_keep_data>,<hourly_interval>,<num_future_intervals_to_create>)
www.it-ebooks.info
![Page 199: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/199.jpg)
Thepartition_createprocedureThisprocedureisresponsibleforcreatingnewpartitionsacrossyourschema.Whatfollowshereistheprocedureitself:
DELIMITER$$
CREATEPROCEDURE`partition_create`(SCHEMANAMEVARCHAR(64),TABLENAME
VARCHAR(64),PARTITIONNAMEVARCHAR(64),CLOCKINT)
BEGIN
/*
SCHEMANAME=TheDBschemainwhichtomakechanges
TABLENAME=Thetablewithpartitionstopotentiallydelete
PARTITIONNAME=Thenameofthepartitiontocreate
*/
/*
Verifythatthepartitiondoesnotalreadyexist
*/
DECLARERETROWSINT;
SELECTCOUNT(1)INTORETROWS
FROMinformation_schema.partitions
WHEREtable_schema=SCHEMANAMEANDTABLE_NAME=TABLENAMEAND
partition_name=PARTITIONNAME;
IFRETROWS=0THEN
/*
1.Printamessageindicatingthatapartitionwas
created.
2.CreatetheSQLtocreatethepartition.
3.ExecutetheSQLfrom#2.
*/
SELECTCONCAT("partition_create(",SCHEMANAME,",",
TABLENAME,",",PARTITIONNAME,",",CLOCK,")")ASmsg;
SET@SQL=CONCAT('ALTERTABLE',SCHEMANAME,'.',
TABLENAME,'ADDPARTITION(PARTITION',PARTITIONNAME,'VALUESLESSTHAN
(',CLOCK,'));');
PREPARESTMTFROM@SQL;
EXECUTESTMT;
DEALLOCATEPREPARESTMT;
ENDIF;
END$$
DELIMITER;
www.it-ebooks.info
![Page 200: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/200.jpg)
Thepartition_verifyprocedureThispartitionisresponsibleforverifyingwhetherapartitionisalreadypresent,andifitisn’t,partition_verifywillcreatethem,asfollows:
DELIMITER$$
CREATEPROCEDURE`partition_verify`(SCHEMANAMEVARCHAR(64),TABLENAME
VARCHAR(64),HOURLYINTERVALINT(11))
BEGIN
DECLAREPARTITION_NAMEVARCHAR(16);
DECLARERETROWSINT(11);
DECLAREFUTURE_TIMESTAMPTIMESTAMP;
/*
*Checkifanypartitionsexistforthegiven
SCHEMANAME.TABLENAME.
*/
SELECTCOUNT(1)INTORETROWS
FROMinformation_schema.partitions
WHEREtable_schema=SCHEMANAMEANDTABLE_NAME=TABLENAMEAND
partition_nameISNULL;
/*
*Ifpartitionsdonotexist,goaheadandpartitionthetable
*/
IFRETROWS=1THEN
/*
*Takethecurrentdateat00:00:00andaddHOURLYINTERVAL
toit.Thisisthetimestampbelowwhichwewillstorevalues.
*Webeginpartitioningbasedonthebeginningofaday.
Thisisbecausewedon'twanttogeneratearandompartition
*thatwon'tnecessarilyfallinlinewiththedesired
partitionnaming(ie:ifthehourintervalis24hours,wecould
*endupcreatingapartitionnownamed"p201403270600"
whenallotherpartitionswillbelike"p201403280000").
*/
SETFUTURE_TIMESTAMP=TIMESTAMPADD(HOUR,HOURLYINTERVAL,
CONCAT(CURDATE(),"",'00:00:00'));
SETPARTITION_NAME=DATE_FORMAT(CURDATE(),'p%Y%m%d%H00');
—Createthepartitioningquery
SET@__PARTITION_SQL=CONCAT("ALTERTABLE",SCHEMANAME,
".",TABLENAME,"PARTITIONBYRANGE(`clock`)");
SET@__PARTITION_SQL=CONCAT(@__PARTITION_SQL,"(PARTITION
",PARTITION_NAME,"VALUESLESSTHAN(",UNIX_TIMESTAMP(FUTURE_TIMESTAMP),
"));");
—Runthepartitioningquery
PREPARESTMTFROM@__PARTITION_SQL;
EXECUTESTMT;
DEALLOCATEPREPARESTMT;
ENDIF;
END$$
DELIMITER;
www.it-ebooks.info
![Page 201: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/201.jpg)
Thepartition_dropprocedureThisstoredprocedureisresponsiblefordroppingthepartitionsolderthanagivenperiod,asfollows:
DELIMITER$$
CREATEPROCEDURE`partition_drop`(SCHEMANAMEVARCHAR(64),TABLENAME
VARCHAR(64),DELETE_BELOW_PARTITION_DATEBIGINT)
BEGIN
/*
SCHEMANAME=TheDBschemainwhichtomakechanges
TABLENAME=Thetablewithpartitionstopotentiallydelete
DELETE_BELOW_PARTITION_DATE=Deleteanypartitionswithnames
thataredatesolderthanthisone(yyyy-mm-dd)
*/
DECLAREdoneINTDEFAULTFALSE;
DECLAREdrop_part_nameVARCHAR(16);
/*
Getalistofallthepartitionsthatareolderthanthedate
inDELETE_BELOW_PARTITION_DATE.Allpartitionsareprefixed
with
a"p",souseSUBSTRINGTOgetridofthatcharacter.
*/
DECLAREmyCursorCURSORFOR
SELECTpartition_name
FROMinformation_schema.partitions
WHEREtable_schema=SCHEMANAMEANDTABLE_NAME=TABLENAME
ANDCAST(SUBSTRING(partition_nameFROM2)ASUNSIGNED)<
DELETE_BELOW_PARTITION_DATE;
DECLARECONTINUEHANDLERFORNOTFOUNDSETdone=TRUE;
/*
Createthebasicsforwhenweneedtodropthepartition.Also,
create
@drop_partitionstoholdacomma-delimitedlistofall
partitionsthat
shouldbedeleted.
*/
SET@alter_header=CONCAT("ALTERTABLE",SCHEMANAME,".",
TABLENAME,"DROPPARTITION");
SET@drop_partitions="";
/*
Startloopingthroughallthepartitionsthataretooold.
*/
OPENmyCursor;
read_loop:LOOP
FETCHmyCursorINTOdrop_part_name;
IFdoneTHEN
LEAVEread_loop;
ENDIF;
SET@drop_partitions=IF(@drop_partitions="",
drop_part_name,CONCAT(@drop_partitions,",",drop_part_name));
ENDLOOP;
www.it-ebooks.info
![Page 202: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/202.jpg)
IF@drop_partitions!=""THEN
/*
1.BuildtheSQLtodropallthenecessarypartitions.
2.RuntheSQLtodropthepartitions.
3.Printoutthetablepartitionsthatweredeleted.
*/
SET@full_sql=CONCAT(@alter_header,@drop_partitions,
";");
PREPARESTMTFROM@full_sql;
EXECUTESTMT;
DEALLOCATEPREPARESTMT;
SELECTCONCAT(SCHEMANAME,".",TABLENAME)AS`table`,
@drop_partitionsAS`partitions_deleted`;
ELSE
/*
Nopartitionsarebeingdeleted,soprintout"N/A"(Not
applicable)toindicate
thatnochangesweremade.
*/
SELECTCONCAT(SCHEMANAME,".",TABLENAME)AS`table`,"N/A"
AS`partitions_deleted`;
ENDIF;
END$$
DELIMITER;
www.it-ebooks.info
![Page 203: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/203.jpg)
Thepartition_maintenance_allprocedureThisprocedurecallsthepartition_maintenanceprocedureforeachhistory/trendtable.Pleasenotethatforallthehistorytables,weareapplyingthesameintervals,whichare730daysoftrenddataand28daysofhistorydata.Here’showthisprocedureworks:
DELIMITER$$
CREATEPROCEDURE`partition_maintenance_all`(SCHEMA_NAMEVARCHAR(32))
BEGIN
CALLpartition_maintenance(SCHEMA_NAME,'history',28,24,
14);
CALLpartition_maintenance(SCHEMA_NAME,'history_log',28,
24,14);
CALLpartition_maintenance(SCHEMA_NAME,'history_str',28,
24,14);
CALLpartition_maintenance(SCHEMA_NAME,'history_text',28,
24,14);
CALLpartition_maintenance(SCHEMA_NAME,'history_uint',28,
24,14);
CALLpartition_maintenance(SCHEMA_NAME,'trends',730,24,
14);
CALLpartition_maintenance(SCHEMA_NAME,'trends_uint',730,
24,14);
END$$
DELIMITER;
www.it-ebooks.info
![Page 205: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/205.jpg)
HousekeepingconfigurationAsperourexample,thehousekeepingneedstobeconfigured,asshowninthefollowingscreenshot,withahistorydatastorageperiodof730daysandatrenddatastorageperiodof28days.Here,youcanchangethosevaluesbearinginmindthatyoualsoneedtochangetheparameterpassedtothestoredprocedures.
Tochangethehousekeepingsettinginthewebinterface,yousimplyneedtogotoAdministration|General|Housekeeping(fromthedrop-downlist),andhereistheconfiguration:
www.it-ebooks.info
![Page 208: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/208.jpg)
SquidmetricscriptHere,youcanfindthescriptwediscussedinChapter3,MonitoringYourNetworkServices,andcreatethescriptintheusuallocation,thatis,at/home/zabbix/bin/squidcheck.sh.
Createthescriptwiththefollowingcontent:
catsquidcheck.sh
#!/bin/bash
VERSION="1.0"
functionusage()
{
echo"squidcheckversion:$VERSION"
echo"usage:"
echo"$0http_requests-NumberofHTTPrequestsreceived"
echo"$0clients-Numberofclientsaccessing
cache"
echo"$0icp_received-NumberofICPmessagesreceived"
echo"$0icp_sent-NumberofICPmessagessent"
echo"$0icp_queued-NumberofqueuedICPreplies"
echo"$0htcp_received-NumberofHTCPmessagesreceived"
echo"$0htcp_sent-NumberofHTCPmessagessent"
echo"$0req_fail_ratio-Requestfailureratio"
echo"$0avg_http_req_per_min-AverageHTTPrequestsperminute
sincestart"
echo"$0avg_icp_msg_per_min-AverageICPmessagesperminute
sincestart"
echo"$0request_hit_ratio-RequestHitRatios"
echo"$0byte_hit_ratio_5-ByteHitRatio5mins"
echo"$0byte_hit_ratio_60-ByteHitRatio60mins"
echo"$0request_mem_hit_ratio_5-RequestMemoryHitRatios5mins"
echo"$0request_mem_hit_ratio_60-RequestMemoryHitRatios60
mins"
echo"$0request_disk_hit_ratio_5-RequestDiskHitRatios5mins"
echo"$0request_disk_hit_ratio_60-RequestDiskHitRatios60mins"
echo"$0servicetime_httpreq-HTTPRequests(All)"
echo"$0process_mem-ProcessDataSegmentSizevia
sbrk"
echo"$0cpu_usage-CPUUsage"
echo"$0cache_size_disk-StorageSwapsize"
echo"$0cache_size_mem-StorageMemsize"
echo"$0mean_obj_size-MeanObjectSize"
echo"$0filedescr_max-Maximumnumberoffile
descriptors"
echo"$0filedescr_avail-Availablenumberoffile
descriptors"
}
########
#Main#
########
www.it-ebooks.info
![Page 209: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/209.jpg)
if[[$#!=1]];then
#NoParameter
usage
exit0
fi
case$1in
"http_requests")
value="`squidclientmgr:info|grep'NumberofHTTPrequests
received:'|cut-d':'-f2|tr-d'\t'`"
rval=$?;;
"clients")
value="`squidclientmgr:info|grep'Numberofclientsaccessing
cache:'|cut-d':'-f2|tr-d'\t'`"
rval=$?;;
"icp_received")
value="`squidclientmgr:info|grep'NumberofICPmessages
received:'|cut-d':'-f2|tr-d'\t'`"
rval=$?;;
"icp_sent")
value="`squidclientmgr:info|grep'NumberofICPmessages
sent:'|cut-d':'-f2|tr-d'\t'`"
rval=$?;;
"icp_queued")
value="`squidclientmgr:info|grep'NumberofqueuedICP
replies:'|cut-d':'-f2|tr-d'\t'`"
rval=$?;;
"htcp_received")
value="`squidclientmgr:info|grep'NumberofHTCPmessages
received:'|cut-d':'-f2|tr-d'\t'`"
rval=$?;;
"htcp_sent")
value="`squidclientmgr:info|grep'NumberofHTCPmessages
sent:'|cut-d':'-f2|tr-d'\t'`"
rval=$?;;
"req_fail_ratio")
value="`squidclientmgr:info|grep'Requestfailureratio:'|cut-
d':'-f2|tr-d'\t'`"
rval=$?;;
"avg_http_req_per_min")
value="`squidclientmgr:info|grep'AverageHTTPrequestsperminute
sincestart:'|cut-d':'-f2|tr-d'\t'`"
rval=$?;;
"avg_icp_msg_per_min")
value="`squidclientmgr:info|grep'AverageICPmessagesperminute
sincestart:'|cut-d':'-f2|tr-d'\t'`"
rval=$?;;
"request_hit_ratio")
value="`squidclientmgr:info|grep'RequestHitRatios:'|cut-d':'-
f3|cut-d','-f1|tr-d'%'`"
rval=$?;;
"byte_hit_ratio_5")
value="`squidclientmgr:info|grep'Hitsas%ofbytessent:'|awk
-F'[:,%]''{print$10}'|tr-d'\t'`"
rval=$?;;
"byte_hit_ratio_60")
value="`squidclientmgr:info|grep'Hitsas%ofbytessent:'|awk
www.it-ebooks.info
![Page 210: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/210.jpg)
-F'[:,%]''{print$15}'|tr-d'\t'`"
rval=$?;;
"request_mem_hit_ratio_5")
value="`squidclientmgr:info|grep'Hitsas%ofallrequests:'|
awk-F'[:,%]''{print$10}'|tr-d'\t'`"
rval=$?;;
"request_mem_hit_ratio_60")
value="`squidclientmgr:info|grep'Hitsas%ofallrequests:'|
awk-F'[:,%]''{print$15}'|tr-d'\t'`"
rval=$?;;
"request_disk_hit_ratio_5")
value="`squidclientmgr:info|grep'Diskhitsas%ofhit
requests:'|awk-F'[:,%]''{print$11}'|tr-d'\t'`"
rval=$?;;
"request_disk_hit_ratio_60")
value="`squidclientmgr:info|grep'Diskhitsas%ofhit
requests:'|awk-F'[:,%]''{print$16}'|tr-d'\t'`"
rval=$?;;
"servicetime_httpreq")
value="`squidclientmgr:info|grep'HTTPRequests(All):'|cut-d':'
-f2|tr-s''|awk'{print$1}'`"
rval=$?;;
"process_mem")
value="`squidclientmgr:info|grep'ProcessDataSegmentSizevia
sbrk'|cut-d':'-f2|awk'{print$1}'`"
rval=$?;;
"cpu_usage")
value="`squidclientmgr:info|grep'CPUUsage:'|cut-d':'-f2|tr-d
'%'|tr-d'\t'`"
rval=$?;;
"cache_size_disk")
value="`squidclientmgr:info|grep'StorageSwapsize:'|cut-d':'-
f2|awk'{print$1}'`"
rval=$?;;
"cache_size_mem")
value="`squidclientmgr:info|grep'StorageMemsize:'|cut-d':'-
f2|awk'{print$1}'`"
rval=$?;;
"mean_obj_size")
value="`squidclientmgr:info|grep'MeanObjectSize:'|cut-d':'-
f2|awk'{print$1}'`"
rval=$?;;
"filedescr_max")
value="`squidclientmgr:info|grep'Maximumnumberoffile
descriptors:'|cut-d':'-f2|awk'{print$1}'`"
rval=$?;;
"filedescr_avail")
value="`squidclientmgr:info|grep'Availablenumberoffile
descriptors:'|cut-d':'-f2|awk'{print$1}'`"
rval=$?;;
*)
usage
exit1;;
esac
if["$rval"-eq0-a-z"$value"];then
www.it-ebooks.info
![Page 211: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/211.jpg)
rval=1
fi
if["$rval"-ne0];then
echo"ZBX_NOTSUPPORTED"
fi
echo$value
www.it-ebooks.info
![Page 212: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/212.jpg)
IndexA
actionconditionssection/FindinghoststheZabbixwayactiondefinitionsection/Definingactionconditionsactionoperationssection/FindinghoststheZabbixwayApache
modules/ApachemonitoringApachemonitoring
about/Apachemonitoringperforming/Apachemonitoring
architectures,Zabbixabout/Zabbixarchitectures
www.it-ebooks.info
![Page 213: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/213.jpg)
Ccomplexmaps
issues/Maps–aquicksetupforalargetopologyCPULoadparameter/Apachemonitoringcustomgraphs
creating/Creatingcustomgraphs
www.it-ebooks.info
![Page 214: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/214.jpg)
Ddatabase
installing/Installingadatabasesize,considering/Consideringthedatabasesizeitems/Consideringthedatabasesizerefreshrate/Consideringthedatabasesizespace/ConsideringthedatabasesizeMySQLpartitioning/MySQLpartitioning
dataflow,Zabbixabout/UnderstandingZabbixdataflow
datatypes,SNMPabout/GettingdatatypesrightURL/GettingdatatypesrightINTEGER/GettingdatatypesrightSTRING/GettingdatatypesrightOID/GettingdatatypesrightIpAddress/GettingdatatypesrightCounter32/GettingdatatypesrightGauge32/GettingdatatypesrightCounter64/GettingdatatypesrightTimeTicks/Gettingdatatypesright
digabout/DNS–responsetime
discoveryitemsabout/Low-leveldiscovery
discoveryrulesabout/Low-leveldiscovery
DNSmonitoringabout/MonitoringtheDNSperforming/MonitoringtheDNSresponsetime,monitoring/DNS–responsetimeDNSSECzonerollover,monitoring/DNSSEC–monitoringthezonerollover
DNSSECparametersabout/DNSSEC–monitoringthezonerollover
www.it-ebooks.info
![Page 215: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/215.jpg)
Ggraph
putting,onscreen/Puttingeverythingtogetherwithscreens
www.it-ebooks.info
![Page 216: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/216.jpg)
Hhostgroups
about/Hostsandhostgroupsroutersgroup/Hostsandhostgroupsswitchesgroup/Hostsandhostgroupssubnetgroup/Hostsandhostgroups
hostsabout/UnderstandingZabbixhostsinterfaces/Hostinterfacesinventory/Hostinventory
housekeepingconfigurationabout/Housekeepingconfiguration
www.it-ebooks.info
![Page 217: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/217.jpg)
IICMPechochecks
about/Simplechecksinterfaces/HostinterfacesInternetProtocolFlowInformationeXport(IPFIX)/Gettingnetflowfromthedevicestothemonitoringserver
www.it-ebooks.info
![Page 218: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/218.jpg)
Llow-leveldiscovery
about/Low-leveldiscoveryadvantage/Low-leveldiscoveryrules,creating/Low-leveldiscoveryrules,managing/Low-leveldiscovery
www.it-ebooks.info
![Page 219: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/219.jpg)
Mmaps
complexmaps/Maps–aquicksetupforalargetopologyDOTcreation,automating/Maps–automatingtheDOTcreationdrafting,fromDOT/DraftingZabbixmapsfromDOTputting,onscreen/Puttingeverythingtogetherwithscreens
MIBsabout/FindingtherightOIDstomonitor
MySQLpartitioningabout/MySQLpartitioningbenefits/MySQLpartitioningstoredprocedures/MySQLpartitioningpartition_maintenanceprocedure/Thepartition_maintenanceprocedurepartition_createprocedure/Thepartition_createprocedurepartition_verifyprocedure/Thepartition_verifyprocedurepartition_dropprocedure/Thepartition_dropprocedurepartition_maintenance_allprocedure/Thepartition_maintenance_allprocedure
www.it-ebooks.info
![Page 220: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/220.jpg)
Nnetflow
about/Gettingnetflowfromthedevicestothemonitoringserverdata,gettingintoZabbix/Gettingnetflowfromthedevicestothemonitoringserverdata,receivingonserver/Receivingnetflowdataonyourserver
networkdiscoveryhosts,finding/FindinghoststheZabbixwayactionconditions,defining/Definingactionconditionsactionoperations,selecting/Choosingactionoperationsremotecommands,executing/Remotecommands
networkinterfacesabout/Low-leveldiscovery
networkservicesDNS,monitoring/MonitoringtheDNSApache,monitoring/ApachemonitoringNTP,monitoring/NTPmonitoringSquid,monitoring/Squidmonitoring
NetworkXURL/Maps–automatingtheDOTcreationabout/Maps–automatingtheDOTcreation
Nfdumpabout/Receivingnetflowdataonyourservernfcapd/Receivingnetflowdataonyourservernfdump/ReceivingnetflowdataonyourserverURL,fornfdumppackage/Receivingnetflowdataonyourserver
Nmap/ChoosingactionoperationsNTPmonitoring
about/NTPmonitoringperforming/NTPmonitoring,NTP–whatarewemonitoring?Delay/NTP–whatarewemonitoring?Offset/NTP–whatarewemonitoring?Jitter/NTP–whatarewemonitoring?
www.it-ebooks.info
![Page 221: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/221.jpg)
OOIDs
finding,formonitoring/FindingtherightOIDstomonitorabout/FindingtherightOIDstomonitormapping,toZabbixitems/MappingSNMPOIDstoZabbixitems
www.it-ebooks.info
![Page 222: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/222.jpg)
Ppartition_createprocedure
about/Thepartition_createprocedurepartition_dropprocedure
about/Thepartition_dropprocedurepartition_maintenanceprocedure
about/Thepartition_maintenanceprocedurepartition_maintenance_allprocedure
about/Thepartition_maintenance_allprocedurepartition_verifyprocedure
about/Thepartition_verifyprocedurePerlmodules
about/DNSSEC–monitoringthezonerolloverproxiesdataflow,Zabbix
about/UnderstandingtheZabbixproxies’dataflowProxyConfigFrequency=parameter
about/UnderstandingtheZabbixproxies’dataflowProxyDataFrequency=parameter
about/UnderstandingtheZabbixproxies’dataflowpyzabbix
about/RemotecommandsURL/Remotecommands
www.it-ebooks.info
![Page 224: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/224.jpg)
RReadingRequestparameter/ApachemonitoringReqPerSecparameter/Apachemonitoringrollstateplugin
about/DNSSEC–monitoringthezonerollover
www.it-ebooks.info
![Page 225: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/225.jpg)
Sscreen
about/Puttingeverythingtogetherwithscreenscreating/Puttingeverythingtogetherwithscreensmaps,puttingon/Puttingeverythingtogetherwithscreensgraph,puttingon/Puttingeverythingtogetherwithscreens
SiegeURL/Apachemonitoring
simplechecksabout/SimplechecksIcmpping/SimplechecksIcmppingloss/SimplechecksIcmppingsec/SimplechecksNet.tcp.service/SimplechecksNet.tcp.service.perf/Simplechecksconfiguring/Simplechecks
slideshowcreating/Puttingeverythingtogetherwithscreens
SNMPabout/KeepingSNMPsimpledata,gettingintoZabbix/GettingSNMPdataintoZabbixOIDs,findingformonitoring/FindingtherightOIDstomonitorOIDs,mappingtoZabbixitems/MappingSNMPOIDstoZabbixitemsdatatypes/Gettingdatatypesrightnetflowdata,receivingonserver/Receivingnetflowdataonyourserverlogfile,monitoringwithZabbix/MonitoringalogfilewithZabbix
SNMPgetsabout/KeepingSNMPsimple
snmptrapdabout/Snmptrapd
SNMPtrapsabout/KeepingSNMPsimple,SNMPtrapssnmptrapd/Snmptrapdtransforming,intoZabbixitem/TransformingatrapintoaZabbixitemnetflow,gettingfromdevices/Gettingnetflowfromthedevicestothemonitoringserver
Squidabout/SquidmonitoringURL/Squidmonitoring
Squidmetricscriptabout/Squidmetricscript
Squidmonitoringperforming/Squidmonitoring
www.it-ebooks.info
![Page 226: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/226.jpg)
StartProxyPollers=parameterabout/UnderstandingtheZabbixproxies’dataflow
www.it-ebooks.info
![Page 227: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/227.jpg)
TTCP/IPconnectionchecks
about/Simplecheckstriggerinformationcell/Puttingeverythingtogetherwithscreenstriggeroverviewcell/Puttingeverythingtogetherwithscreens
www.it-ebooks.info
![Page 229: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/229.jpg)
WWaitingForConnectionparameter/ApachemonitoringWebGUIinterface
installing/InstallingtheWebGUIinterface
www.it-ebooks.info
![Page 230: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/230.jpg)
Xxdot.py
URL/Maps–automatingtheDOTcreationxml2
about/MonitoringtheDNS
www.it-ebooks.info
![Page 231: Zabbix Network Monitoring Essentials - omid-online.com · Table of Contents Zabbix Network Monitoring Essentials Credits About the Authors About the Reviewers Support files, eBooks,](https://reader031.vdocuments.site/reader031/viewer/2022021510/5b1423577f8b9a2a7c8b7906/html5/thumbnails/231.jpg)
ZZabbix
architectures/Zabbixarchitecturesdataflow/UnderstandingZabbixdataflowproxiesdataflow/UnderstandingtheZabbixproxies’dataflowinstalling/InstallingZabbixdatabase,installing/Installingadatabasehosts/UnderstandingZabbixhostshostgroups/Hostsandhostgroups
Zabbixagentpackage,forLinuxOSURL/CreatingaZabbixagentpackagewithCheckInstall
Zabbixagentsabout/GoingbeyondZabbixagentssimplechecks/SimplechecksSNMP/KeepingSNMPsimpleSNMPtraps/SNMPtraps
ZabbixApacheUpdaterplugin/ApachemonitoringZabbixinstallation
about/InstallingZabbixinstalling,frompackages/InstallingfrompackagesZabbixagent,settingup/SettingupaZabbixagentZabbixagentpackage,creatingwithCheckInstall/CreatingaZabbixagentpackagewithCheckInstallserverconfiguration/Serverconfiguration
Zabbixproxyinstalling/InstallingaZabbixproxy
zapacheplugin/ApachemonitoringURL/Apachemonitoring
zonestatepluginabout/DNSSEC–monitoringthezonerollover
www.it-ebooks.info