Zabbix
Maintainer
Daniel B. from Firewall Services
Description
Zabbix offers advanced monitoring, alerting and visualisation features today which are missing in other monitoring systems, even some of the best commercial ones:
Features
Here are some of the features provided by Zabbix:
- Distributed monitoring
- Centralized configuration
- Centralized access to all data
- Up-to 1000 of nodes
- Unlimited number of proxies
- Scalability
- Tested with 10,000 monitored devices and servers
- Tested with 100,000 availability and performance checks
- Processing of thousands of availability and performance checks per second
- Real-time monitoring
- Performance monitoring
- Availability monitoring
- Integrity monitoring
- Flexible notification conditions
- Alerting users (Email, SMS, Jabber)
- Logging
- Visualisation
- User-defined views and slide shows
- Mapping
- Graphing (including pie charts)
- Zooming
- Fast Problem Resolution
- Send alerts via email, cell phone, SMS or audio alerts
- Execute remote commands
- Assuring SLA
- Hierarchical IT Services
- Real-time SLA reporting
- Reporting and trending
- Easy integration of 3rd party tools
- Analysis of yearly/monthly/daily statistics
- SLA reports
- XML data import/export
- Easy sharing of templates
- Auto discovery
- Discovery by IP range, services and SNMP
- Automatic monitoring of discovered devices
- WEB monitoring
- WEB performance and availability monitoring
- Flexible scenarios
- Support of POST and GET methods
- Flexibility
- Support of IPv4 and IPv6
- Easily extendable native agents
- Any notifications methods
- Runs on any platform
- Pro-active monitoring
- Automatic execution of remote commands
- Automatic IPMI commands
- Aggregate monitoring
- Monitoring of a group of hosts as a single host
- Agentless monitoring
- Monitoring of remote services (FTP, SSH, HTTP, other)
- Support of SNMP v1,2,3
- Support of IPMI
- SNMP traps
- High performance agents
- All platforms supported (UNIX, Windows, Novell)
- Memory utilisation
- Network utilisation
- Disk I/O
- Disk space availability
- File checksums
- Monitoring of log files
- And more...
- Security
- Flexible user permissions
- Authentication by IP address
- Protection against brute force attacks
- Escalations and notifications
- Repeated notifications
- Unlimited escalations
- Recovery messages
- Be notified while problem is not resolved
- Management functions
- Ping, traceroute to a host
- Any other functions
- Dashboard
- Personalized dashboard
- Favourite resources
- High level view
- Agent-based monitoring
- Native agent for any platform
- Immune to connection problems
- Open Source Solution
- No license driven limitations
- Access to source code
- Open to code audit
- Easy Administration
- Very fast learning curve
- All data is stored in a database (Oracle, MySQL, PostgreSQL, SQLite)
- Centralised configuration and storage of information
- and more...
Full documentation
This wiki page is not a complete guide for Zabbix, but just a starting point to run it on your SME Server using this contrib. For a complete documentation, please refer to the project documentation: http://www.zabbix.com/documentation.php
Versions
Here are informations about the latest release of each component:
Requirements
- SME Server 7.X
- php-bcmath (smeserver-zabbix-server only): if you have the standard php4 packages, it should be ok. If you have upgraded to php5 from centosplus repo, you should manually install php-bcmath package
Components
Zabbix is composed of four major components:
- The server (the main part). The server will store and analyse the different data, send alerts, etc...
- The web interface (which is automatically installed with the server with this contrib)
- The agent, which gathers informations on the different hosts you monitor
- The proxy, which is an optional part, can be used to collect performance and availability data locally, and send it to the server
Server
The server is the core component of Zabbix software. It uses one database (MySQL in this contrib) to store configuration, performance and integrity informations. The server can check network services with simple check (ICMP, TCP etc...) for agent-less monitoring, it can monitor network devices using SNMP and is also the central component to which agent report informations (agent can work in active, passive, or both mode). The server will also analyse all the informations and send alerts depending on very flexible triggers.
Installation
to install Zabbix server, just use yum:
yum --enablerepo=smecontribs install smeserver-zabbix-server
DB Parameters
Here's the list of available DB parameters for zabbix-server service on SME:
- DbName: The name of the database where everything is stored. Default is 'zabbixdb'
- DbPassword: The password of the database. A random password is generated during the installation
- DbUser: The user name to access the database. Default is zabbixuser
- JabberAccount: Account used to send jabber notification
- JabberServer: Jabber server to use to send notifications
- JabberPassword: Password for the account (for "JabberAccount")
- JabberTLS: (enabled|disabled) Does your Jabber server requires TLS security
- NodeID: The node ID of your server. If you don't use distributed monitoring (just one central Zabbix server), you should let this to 0
- TCPPort: Port used for agent<->server (and proxy<->server) communication. The default is 10051
- TimeZone: It's very important for zabbix to know your time zone (PHP TimeZone setting). Unfortunately, SME do not set it. You can specify your time zone. This setting will only affect Zabbix
- WebAccess: (local|public|disabled) From where you'll be able to access the web interface. You can set it to disabled if you want to disable the web interface (for example, if your server is a node of a distributed environment)
- access: (public|local) From where zabbix port will be available (controlled by TCPPort). You should restrict the access to a list of host with the AllowHosts key if you set public here.
- status: Should the service be started automatically ?
Once you have everything configured like you want, just issue
signal-event zabbix-server-update
to expand the templates and restart the needed services.
Web Interface
The main web interface is available (if not disabled with teh key WebAccess) on https://server.domain.tld/zabbix. The default user is admin, with password zabbix (you should change this password ASAP)
Here are some screenshots of what you can get with zabbix
For more screenshots, you can have a look at the project website here
Agent
Zabbix agent is a very small daemon which will gather informations about the host being monitored, and report it to one or several server(s) (or proxy(s)). Agents can run in active or passive mode (or both):
- In active mode, the agent will make outgoing connection to the server (port 10051 by default).
- In passive mode, the server will connect to the agent (on port 10050 by default).
Please read Chap. 2.3.4.ZABBIX Agent page 39 and Chap. 3.3.ZABBIX Agent (UNIX, standalone daemon) of the manual for more informations on Zabbix agent.
Installation
to install Zabbix agent, just use yum:
yum --enablerepo=smecontribs install smeserver-zabbix-agent
DB parameters
Here's the list of available DB parameters for zabbix-agent service on SME:
- RemoteCommands: (enabled|disabled). If you want to enable remote commands on zabbix agent (you should read the zabbix documentation). Please, be aware that there're security implications if you enable it. The default is disabled
- ServerPort: port to contact the server when running in active mode. Default to 10051
- Servers: List of servers (or proxy), separated by commas, to which send informations. The first one may be used for active checks, the others are only for passive mode
- TCPPort: TCP port on which the agent will listen if passive mode is enabled
- access: (public|private) If you want to open the agent on the public interface (only useful if passive is enabled). If you set this to 'public' you should use the AllowHosts key to limit the access
- active: (enabled|disabled) Do you want to enabled the active mode
- passvie: (enabled|disabled) Do you want to enable the passive mode
- status: (enabled|disabled) Should the service be automatically started
Additional checks
Even if Zabbix agent is great and support natively a lot of checks, some were missing for my use, so I've added some UserParameters entries in the configuration file. For each of this check, you should add a new item with the name of the check as the key. Configuring the corresponding checks on the server can be quite long. You can have a look at the templates I use to monitor SME Servers. This archive contains some templates/items/graphs/triggers in XML format (exported from Zabbix). You can use the Import/Export functionality of Zabbix (Manual Chap. 8.XML IMPORT AND EXPORT page 154) to import it on your server.
You can also have a look at the configuration file /etc/zabbix/zabbix_agentd.conf to see the commands used to return the corresponding values. You'll also find for each UserParameter informations on how to create the corresponding item on the server.
Please, read chapter 4.11.User Parameters page 119 of the manual to have more informations on how UserParameters works.
- External IP:
- ip.external: Return the real external IP address.
- Incoming mails statistics:
- mail.in.denied.dnsbl: number of emails rejected by DNSBL since the last run
- mail.in.denied.rhsbl: number of emails rejected by RHSBL since the last run
- mail.in.denied.clamav: number of emails rejected by CLAMAV since the last run
- mail.in.denied.earlytalker: number of emails rejected by EARLYTALKER since the last run
- mail.in.denied.basicheaders: number of emails rejected by BASICHEADERS since the last run
- mail.in.denied.goodrcptto: number of emails rejected by GOODRCPTTO since the last run
- mail.in.denied.spamhelo: number of emails rejected by SPAMHELO since the last run
- mail.in.denied.total: sum of rejected emails (sum of the above checks) since the last run
- mail.in.denied.spam: number of emails rejected by SPAMASSASSIN since the last run
- mail.in.denied.other: number of emails rejected by others checks since the last run
- mail.in.queued.spam: number of emails queued but marked as spam by SPAMASSASSIN since the last run
- mail.in.queued: number of emails queued (HAM) since the last run
- mail.in.total: number of emails received since the last run (accept + denied)
- Outgoing mails statistics
- mail.out.total: sum of outgoing emails since the last run
- mail.out.success: number of successful transmitted emails since the last run
- mail.out.deferral: number of deferred emails since the last run
- mail.out.failure: number of failures since the last run
- Memory/Swap usage
- vm.memory.size.used: Actually used memory in bytes
- vm.memory.size.pused: Actually used memory in %
- system.swap.size.used: Actually used swap space in bytes
- MySQL Informations
- mysql.uptime: uptime of mysql server in seconds
- mysql.threads: number of threads
- mysql.questions: number of queries since mysql has been started
- mysql.slowqueries: number of slow queries
- mysql.qps: average queries per seconds
- mysql.size: total space used by mysql databases
- Network usage. These checks are useful if you want to monitor several SME Servers using one template (so same checks), but those servers use different interfaces configuration (eth0, eth1, br0, bond0, ppp0 etc...)
- net.if.in.internal: Equivalent to net.if.in[ethX,bytes], but is independent of your internal interface name (eth0, bond0, br0 etc...)
- net.if.out.internal: Equivalent to net.if.out[ethX,bytes]
- net.if.in.external: Equivalent to net.if.in[ethX,bytes], but is independent of your external interface name (eth0, eth1, ppp0 etc...)
- net.if.out.external: Equivalent to net.if.out[ethX,bytes]
- UPS status
- ups.load: Current load (in %) of your UPS
- ups.battery.charge: Current charge (in %) of the battery
- ups.status: Current status of the UPS (OL, OB, OL CHRG etc...)
- ups.model: Model of the UPS
- Raid Array Monitoring
- raid.sw.status: Current status of your software Raid (all array)
- raid.mega.status: Current status of your mega raid based raid array (for example, the perc5/6(i) are megaraid based). Requires additional MegaCLI package available from here: [1]
Proxy
Zabbix proxy is a lightweight daemon. It will act as a server for agents, will cache locally (in a mysql database) the informations, and send it to the server it belongs to. This is useful to monitor networks elements behind a firewall.
Installation
to install Zabbix proxy, just use yum:
yum --enablerepo=smecontribs install smeserver-zabbix-proxy
DB Parameters
- DbName: the name of the database used by the proxy. The default is zabbixproxydb
- DbPassword: the password to access the database
- DbUser: the user to access the database
- Servers: List of servers (separated by commas) to which send the informations
- TCPPort: TCP port on which the proxy listen. Clients will connect on the proxy as if it's a Zabbix server. The default is 10051
- access: (private|public) If you want to open zabbix-proxy on the external interface. If you set this to public, you should use the AllowHosts key to limit the access
- status: (enabled|disabled) Should the service be started automatically
Monitoring SME servers
If you want to monitor SME Servers with zabbix, you'll first need to install the agent as explained earlier, then configure the agent to accept connection from your server. For example, to monitor you local server (the one running zabbix-server):
db configuration setprop zabbix-agent Servers localhost active disabled passive enabled signal-event zabbix-agent-update
Then, just add a host in Zabbix, pointing to localhost. Remember, if you use the active mode (agent send informations to the server), so you'll have to name the host <hostname>.<domain.tld>, then enter 127.0.0.1 in the IP address field.
Now you can start adding items (type agent (active or passive depending on the mode you use on the agent)) to this new host.
If you want to monitor SME Servers on the Internet and use passive mode, the server will initiate connections to the agent. You'll need to port-forward the port if you run in serveronly mode (the default is port 10050 TCP), or to open this port in the firewall if runing in server&gateway mode:
db configuration setprop zabbix-agent Servers w.x.y.z active disabled passive enabled access public AllowHosts w.x.y.z signal-event zabbix-agent-update
You can download here an archive with some XML exports of the templates I use to monitor my servers. Just extract the archive, and import the templates you want in Zabbix (using the Import/Export menu of zabbix configuration)
Each XML file represent a template in Zabbix
- Template_SME is the main template. It'll add a lot of items for global system monitoring, triggers if load is too high, lack of free memory, httpd is down, passwd has changed etc... and also some graphs like CPU usage, memory, disk space, network usage etc... This templates requires the Template_icmp and Template_app_MySQL template
- Template_SME_coovaChilli will add tun0 statistics (useful if you use CoovaChilli contrib). It'll also create a graph for tun0 stats
- Template_SME_softRaid will add items and triggers for software raid monitoring. If you link a SME Server with this template, you'll be warned if one of the raid array is degraded or rebuilding
- Template_SME_megaRaid will do the same but for MegaRaid based cards. It also requires the MegaCli utility from LSI website
- Template_SME_nutUPS: Will add items and triggers to be warned if your UPS is on battery, or overloaded.
- Template_icmp: will configure two items to check if the server is alive, and measure the latency. It also provides latency graphs and some triggers (if latency is too high, if host is down since more than 5min and if hosts is down for more than 1 hour)
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-zabbix component or use on of this link: