Zabbix-agent

From SME Server
Revision as of 15:20, 13 September 2023 by Gieres (talk | contribs) (→‎Configuration)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search




zabbix-agent
NeedImage.svg
zabbix-agent logo
Maintainermaintainer
Urlhttps://wiki.contribs.org
Category

Category you want

Tags Filethiswithalistoftags


Maintainer

[1]Daniel B. from Firewall Services

Version

Contrib 10:
smeserver-zabbix-agent
The latest version of smeserver-zabbix-agent is available in the SME repository, click on the version number(s) for more information.


Contrib 10:
zabbix-agent-addons
The latest version of zabbix-agent-addons is available in the SME repository, click on the version number(s) for more information.



Description

Zabbix agent is a very small daemon which will gather information about the host being monitored, and report it to one or several server(s) (or proxy(s)). Agents can run in active or passive mode (or both):

  • In active mode, the agent will make outgoing connection to the server (port 10051 by default).
  • In passive mode, the server will connect to the agent (on port 10050 by default).

Please read Chap. 2.3.4.ZABBIX Agent page 39 and Chap. 3.3.ZABBIX Agent (UNIX, standalone daemon) of the manual for more information on Zabbix agent.


Installation

Important.png Note:
enabling epel repo will force you zabbix50 using /etc/zabbix_agent.conf config ignoring your SME config


yum install smeserver-extrarepositories-epel smeserver-extrarepositories-zabbix
db yum_repositories setprop zabbix42 status enabled

then you need to enable the one you want zabbix42, zabbix44, zabbix45, zabbix50, zabbix51, zabbix52, zabbix53. You need to have an agent at most equal to the server version. If your zabbix server is on an SME it should equal or lesser than zabbix42 as per 2021/03. You can upgrade the agent later.

yum install smeserver-zabbix-agent --enablerepo=zabbix42

first enable the needed repo: Firewall service and EPEL

yum install smeserver-extrarepositories-epel smeserver-extrarepositories-fws
signal-event yum-modify

to install Zabbix agent, just use yum:

yum --enablerepo=smecontribs,fws,epel install smeserver-zabbix-agent

This package will download at least the following dependencies:

  • zabbix (very small package with just common directories used by all zabbix components)
  • zabbix-agent (the agent)
  • smeserver-remoteuseraccess: this contrib is needed because it provides needed templates metadata for /etc/sudoers.
  • perl-crypt-openssl-x509

Configuration

Here's the list of available DB parameters for zabbix-agent service on SME:

  • RemoteCommands: (enabled|disabled). If you want to enable remote commands on zabbix agent (you should read the zabbix documentation). Please, be aware that there're security implications if you enable it. The default is disabled
  • ServerPort: port to contact the server when running in active mode. Default to 10051
  • Servers: List of servers (or proxy), separated by commas, to which send informations. The first one may be used for active checks, the others are only for passive mode
  • TCPPort: TCP port on which the agent will listen if passive mode is enabled
  • access: (public|private) If you want to open the agent on the public interface (only useful if passive is enabled). If you set this to 'public' you should use the AllowHosts key to limit the access
  • active: (enabled|disabled) Do you want to enabled the active mode
  • passive: (enabled|disabled) Do you want to enable the passive mode
  • status: (enabled|disabled) Should the service be automatically started


Once you have everything configured like you want, just issue

signal-event zabbix-agent-update

to expand the templates and restart the needed services.

Remote client with encryption

on the client do:

openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk
chown :zabbix /etc/zabbix/zabbix_agentd.psk
chmod 640 /etc/zabbix/zabbix_agentd.psk
signal-event zabbix-agent-update
cat /etc/zabbix/zabbix_agentd.psk

you might also need a public access there:

config setprop zabbix-agent  Servers IP1,IP2 access public  active disabled passive enabled AllowHosts IP1,IP2
signal-event zabbix-agent-update

On the Zabbix server interface for this client select :

  1. Connections to host: psk
  2. Connections from host: psk
  3. PSK identity: domain.name-agent
  4. psk: [paste here the output of cat /etc/zabbix/zabbix_agentd.psk]
agent on the local zabbix server
 config setprop zabbix-agent  access localhost  Servers localhost  active disabled  passive enabled
 signal-event zabbix-agent-update
Additional checks

Even if Zabbix agent is great and support natively a lot of checks, some were missing for my use, so I've added some UserParameters entries in the configuration file. For each of this check, you should add a new item with the name of the check as the key. Configuring the corresponding checks on the server can be quite long. You can have a look at the templates I use to monitor SME Servers. This archive contains some templates/items/graphs/triggers in XML format (exported from Zabbix). You can use the Import/Export functionality of Zabbix (Manual Chap. 8.XML IMPORT AND EXPORT page 154) to import it on your server.

You can also have a look at the configuration file /etc/zabbix/zabbix_agentd.conf to see the commands used to return the corresponding values. You'll also find for each UserParameter information on how to create the corresponding item on the server.

Please, read chapter 4.11.User Parameters page 119 of the manual to have more information on how UserParameters work.

  • External IP:
    • ip.external: Return the real external IP address.
  • Incoming mails statistics:


Important.png Note:
Since version 0.1-28 of smeserver-zabbix-agent, the keys to retrieve emails statistics has changed. The value retrieved here are for the last 10 Minutes (the statistics are updated with a cronjob every 10 minutes), so you should configured these items to be refreshed every 600 seconds


    • mail.in[dnsbl]: number of emails rejected by DNSBL
    • mail.in[rhsbl]: number of emails rejected by RHSBL
    • mail.in[clamav]: number of emails rejected by CLAMAV
    • mail.in[check_earlytalker]: number of emails rejected by EARLYTALKER
    • mail.in[check_basicheaders]: number of emails rejected by BASICHEADERS
    • mail.in[check_goodrcptto]: number of emails rejected by GOODRCPTTO
    • mail.in[check_spamhelo]: number of emails rejected by SPAMHELO
    • mail.in[total_denied]: sum of rejected emails (sum of the above checks)
    • mail.in[spam_denied]: number of emails rejected by SPAMASSASSIN
    • mail.in[other_denied]: number of emails rejected by others checks
    • mail.in[spam_queued]: number of emails queued but marked as spam by SPAMASSASSIN
    • mail.in[queued]: number of emails queued (HAM)
    • mail.in[total]: number of emails received (accept + denied)
  • Outgoing mails statistics:
    • mail.out[total]: sum of outgoing emails
    • mail.out[success]: number of successful transmitted emails
    • mail.out[deferral]: number of deferred emails
    • mail.out[failure]: number of failures
  • Memory/Swap usage:
    • vm.memory.size.used: Actually used memory in bytes
    • vm.memory.size.pused: Actually used memory in %
    • system.swap.size.used: Actually used swap space in bytes
  • MySQL Information:
    • mysql.uptime: uptime of mysql server in seconds
    • mysql.threads: number of threads
    • mysql.questions: number of queries since mysql has been started
    • mysql.slowqueries: number of slow queries
    • mysql.qps: average queries per seconds
    • mysql.size: total space used by mysql databases
  • Network usage. These checks are useful if you want to monitor several SME Servers using one template (so same checks), but those servers use different interfaces configuration (eth0, eth1, br0, bond0, ppp0 etc...)
    • net.if.in.internal: Equivalent to net.if.in[ethX,bytes], but is independent of your internal interface name (eth0, bond0, br0 etc...)
    • net.if.out.internal: Equivalent to net.if.out[ethX,bytes]
    • net.if.in.external: Equivalent to net.if.in[ethX,bytes], but is independent of your external interface name (eth0, eth1, ppp0 etc...)
    • net.if.out.external: Equivalent to net.if.out[ethX,bytes]


Important.png Note:
Since version 0.1-38 of smeserver-zabbix-agent, the keys to retrieve UPS informations has changed. You now have to select the name of your UPS on the server side. The default name for an UPS in SME is UPS


  • UPS status:
    • ups.load[UPS]: Current load (in %) of your UPS
    • ups.battery.charge[UPS]: Current charge (in %) of the battery
    • ups.status[UPS]: Current status of the UPS (OL, OB, OL CHRG etc...)
    • ups.model[UPS]: Model of the UPS
  • Raid Array Monitoring:
    • raid.sw.status: Current status of your software Raid (all array)
    • raid.mega.status: Current status of your mega raid based raid array (for example, the perc5/6(i) are megaraid based). Requires additional MegaCLI package available from here: [2]

Uninstall

yum remove smeserver-zabbix-agent  zabbix-agent-addons

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-zabbix-agent component or use this link


Below is an overview of the current issues for this contrib:

IDProductVersionStatusSummary
12313SME Contribs10.0CONFIRMEDremove active and passive property and document better Servers vs ServerActive


Please raise bugs under the SME-Contribs section in bugzilla and select the zabbix-agent-addons component or use this link


Below is an overview of the current issues for this contrib:

No open bugs found.

Changelog

Only released version in smecontrib are listed here.

smeserver-zabbix-agent Changelog: SME 10 (smecontribs)

2021/04/01 Jean-Philippe Pialasse 0.4.8-2.sme
- initial SME10 import [SME: 11515]

 drop in for systemd service file
update event created for automatic install
remove ownership of /var/lib/zabbix/bin

2020/05/29 Daniel Berteaud 0.4.8-1
- Adapt regex to match queued emails when spam filtering is disabled

(daniel@firewall-services.com)

2020/02/27 Daniel Berteaud 0.4.7-1
- Rewrite util_send_status_mail to go through the SMTP server (daniel@firewall-

 services.com)
- Remove useless var in spec file (daniel@firewall-services.com)

2019/11/27 Daniel Berteaud 0.4.6-1
- Remove the git CHANGELOG as it's not generated anymore (daniel@firewall-

services.com)

2019/11/27 Daniel Berteaud 0.4.5-1
- Adapt spec file for tito (daniel@firewall-services.com)
- Detect if running >= 4.4, and remove vfs.dev.discovery UserParameter in this

case (daniel@firewall-services.com)