Summary

  Subject:

Zabbix Monitoring on Rocky: Client Agent Setup

   Updated:

2023-12-18

   Author:

Tim Hammond ([email protected])

Derek Pasnick ([email protected])

Leland Petitjean ([email protected])

   Operating Systems:

Rocky 8

   Background:

This guide was written to setup a Zabbix server to monitor network devices and servers for interuptions of service. Zabbix will be configured to also send alerts through the local mail relay. It is assumed a local mail relay is already setup and configured.

Due to the length of the content, I opted to break the article into the following sections:

  1. Rocky Zabbix: Install
  2. Rocky Zabbix: Configure
  3. Rocky Zabbix: Setting up Discoveries
  4. Rocky Zabbix: Client Agent Setup
  5. Rocky Zabbix: SNMPv3: Setup and Configure
  6. Rocky Zabbix: SNMPv3: Adding Devices
  7. Rocky Zabbix: References
  

Table of Contents

Active vs Passive Zabbix Agent mode

ACTIVE MODE IS RECOMMENDED.

When using a Zabbix agent in active mode, it will connect to the Zabbix server via port 10051 to retrieve configuration and send data. This is a great feature that allows an active Zabbix agent to work behind the firewall and to offload the Zabbix server in large environments.

On the other hand, if you use a Zabbix agent in passive mode Zabbix server will initiate a connection via port 10050 and retrieve data from the agent. The Zabbix server will do this for every metric (item) every few minutes which is very inefficient!

An additional advantage of the Zabbix agent in active mode is that it can read logs from the device and that is not possible if the Zabbix agent is used in passive mode.

You can tell if a host is in active or passive mode by looking at the host in Zabbix, Monitoring > Hosts. If the host is working in passive mode (polling), the ZBX icon will be red or green. If the host is working in active mode (trapping), the ZBX icon will be grey.

In order for the Zabbix client to appear green in the inventory, you must modify the template. See the guide below. The agent.ping must be changed from active to passive.

Agent Install

CentOS/Rocky

Download and add Zabbix repo.

wget https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm sudo rpm -Uvh zabbix-release-*.noarch.rpm sudo dnf clean all

Install Zabbix.

sudo dnf -y install zabbix-agent

Configure Services.

sudo systemctl enable zabbix-agent sudo systemctl restart zabbix-agent sudo systemctl status zabbix-agent

Add firewall rule.

If you are going to use SNMP instead of the Zabbix agent, add the following rule to the firewall.

  • sudo firewall-cmd --permanent --add-port=161/udp
  • sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.30.108/32" port protocol="tcp" port="10050" accept'
  • sudo firewall-cmd --permanent --add-port=10050/tcp
sudo firewall-cmd --permanent --add-port=10050/tcp sudo firewall-cmd --reload sudo firewall-cmd --list-all

Make the following SELinux change:

sudo setsebool -P httpd_can_connect_zabbix on

Ubuntu

Download and add Zabbix repo.

wget https://repo.zabbix.com/zabbix/5.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_5.0-1+focal_all.deb sudo dpkg -i zabbix-release_*.deb sudo apt update sudo apt -y upgrade

Install Zabbix.

sudo apt -y install zabbix-agent

Configure Services.

sudo systemctl enable zabbix-agent sudo systemctl restart zabbix-agent sudo systemctl status zabbix-agent

Add firewall rule.

If you are going to use SNMP instead of the Zabbix agent, add the following rule to the firewall.

  • sudo ufw allow 161/udp comment SNMP_client
  • sudo ufw allow from 192.168.30.108 proto tcp to any port 10050 comment Zabbix_Agent
sudo ufw allow 10050/tcp comment Zabbix_Agent sudo ufw reload sudo ufw status numbered

Windows (VERSION AGENT 1)

  1. Go to: https://www.zabbix.com/download_agents and download agent based on these settings:
    • Windows
    • Any
    • AMD64
    • 5.0 LTS
    • No encryption
    • Archive
    • Zabbix Agent
  2. Extract downloaded zip file.
  3. Create the following directories:
    • C:\Program Files\Zabbix Agent\
    • C:\Program Files\Zabbix Agent\Logs\
    • C:\Program Files\Zabbix Agent\Plugins\
  4. Copy the following Files from the extract zip file:
Source: zabbix_agent-5.*-windows-amd64\bin\zabbix_agentd.exe
Destination: C:\Program Files\Zabbix Agent\zabbix_agentd.exe Source: zabbix_agent-5.*-windows-amd64\bin\zabbix_get.exe
Destination: C:\Program Files\Zabbix Agent\zabbix_get.exe Source: zabbix_agent-5.*-windows-amd64\bin\zabbix_sender.exe
Destination: C:\Program Files\Zabbix Agent\zabbix_sender.exe Source: zabbix_agent-5.*-windows-amd64\conf\zabbix_agentd.conf
Destination: C:\Program Files\Zabbix Agent\zabbix_agentd.conf
  1. SpookOz has greated a absolutely wonderful Powershell script to help with Windows machine inventory. His GitHub page is: https://github.com/SpookOz. The specific file we need can be downloaded from: https://github.com/SpookOz/zabbix-wininventory/blob/master/get-inventory-2020.ps1.
  2. Copy the get-inventory-2020.ps1 to:
Source: get-inventory-2020.ps1
Destination: C:\Program Files\Zabbix Agent\Plugins\get-inventory-2020.ps1
  1. Add the firewall rules to Windows. Open a Powershell prompt as Administrator.
netsh advfirewall firewall add rule name="Zabbix - ICMP Allow" dir=in action=allow protocol="icmpv4:8,any" netsh advfirewall firewall add rule name="Zabbix - Port 10050" dir=in action=allow protocol=TCP localport=10050
  1. We have more installation components, but we will use a Active Directory Group Policy to accomplish this.

Agent Configure

All Linux Distros

Make a backup of the config.

sudo cp /etc/zabbix/zabbix_agentd.conf /etc/zabbix/zabbix_agentd.conf.bak

Configure the Agent settings:

sudo sed -i 's/Server=127.0.0.1/Server=zab01.domain.local/g' /etc/zabbix/zabbix_agentd.conf sudo sed -i 's/ServerActive=127.0.0.1/ServerActive=zab01.domain.local/g' /etc/zabbix/zabbix_agentd.conf sudo sed -i 's/Hostname=Zabbix server/# Hostname=Zabbix server/g' /etc/zabbix/zabbix_agentd.conf sudo sed -i 's/# HostnameItem=system.hostname/HostnameItem=system.hostname/g' /etc/zabbix/zabbix_agentd.conf sudo sed -i 's/# HostMetadataItem=/HostMetadataItem=system.uname/g' /etc/zabbix/zabbix_agentd.conf sudo sed -i 's/# HostInterfaceItem=/HostInterfaceItem=system.hostname/g' /etc/zabbix/zabbix_agentd.conf

Verify the changes.

sudo cat /etc/zabbix/zabbix_agentd.conf | grep -i LogFile= sudo cat /etc/zabbix/zabbix_agentd.conf | grep -i LogFileSize= sudo cat /etc/zabbix/zabbix_agentd.conf | grep -i DebugLevel= sudo cat /etc/zabbix/zabbix_agentd.conf | grep -i Server= sudo cat /etc/zabbix/zabbix_agentd.conf | grep -i ServerActive= sudo cat /etc/zabbix/zabbix_agentd.conf | grep -i Hostname= sudo cat /etc/zabbix/zabbix_agentd.conf | grep -i HostnameItem= sudo cat /etc/zabbix/zabbix_agentd.conf | grep -i HostMetadataItem= sudo cat /etc/zabbix/zabbix_agentd.conf | grep -i HostInterfaceItem=

Windows (VERSION AGENT 1)

There are a few methods to make the hostname appear in the Zabbix console as a case sensative version. The default is: HostnameItem=system.hostname

Method 01:

This is the Zabbix recommended way: HostnameItem=system.hostname[host]

Method 02:

The following provide the same intention but was sourced from forums and uses Powershell commands.

  • HostnameItem=system.run["powershell -NonInteractive [System.Net.Dns]::GetHostByName($env:computerName).HostName"

Method 03:

This is simlar to the Linux sed -i command. These cmds are used in the wininventory.xml script.

  • $shortName = hostname; $fullName = "$shortName.domain.local"; $path = "C:\Program Files\Zabbix Agent\zabbix_agentd.conf"; (Get-Content $path) -replace "Hostname=Windows host","Hostname=$fullName" | Set-Content $path
  1. Open the 'C:\Program Files\Zabbix Agent\zabbix_agentd.conf' file and make the following changes:
    • LogFile=C:\Program Files\Zabbix Agent\Logs\zabbix_agentd.log
    • Server=zab01.domain.local
    • ServerActive=zab01.domain.local
    • Uncomment 'HostMetadataItem' and use the following setting: HostMetadataItem=system.uname
    • Append the following to the bottom of the file:
## Option: wininventory # Source: https://github.com/SpookOz/zabbix-wininventory # AllowKey=system.run[*]
  1. We created our Powershell script to check for updated versions of the 'zabbix_agentd.conf' from a network share.
Source: versionCheck.ps1
Destination: C:\Program Files\Zabbix Agent\versionCheck.ps1
Filenmae: versionCheck.ps1
########################################################### # Summary ########################################################### # # Updated: # 2021-10-19 # # Authors: # Tim Hammond [email protected] # # Supported Operating Systems: # Windows 10, Windows 2019 # # Description: # This Powershell script will check to see if the local # Zabbix template config "zabbix_agentd.conf has any # updates. If it has been changed, the file will be updated # and then update the active config the correct FQDN. # # ########################################################### # References ########################################################### # # https://github.com/SpookOz/zabbix-wininventory # # ########################################################### # Set the defaults ########################################################### $confNetwork = "\\fs01\chooseLife\apps\zabbix\zabbix_agentd.conf" $confLocalActive = "C:\Program Files\Zabbix Agent\zabbix_agentd.conf" $confLocalTemp = "$confLocalActive.tmp" $hostNameShort = hostname $hostNameFQDN = "$hostNameShort.domain.local" ########################################################### # Let's Do this ########################################################### Write-Output "`n------------------------------------------------------------" Write-Output " Checking to see if the local template exists..." Write-Output "------------------------------------------------------------`n" if (Test-Path $confLocalTemp) { Write-Output "The local template exists." } else { Write-Output "The local template does not exist." Write-Output "Copying now..." Copy-Item -Path $confNetwork -Destination $confLocalTemp } Write-Output "`n------------------------------------------------------------" Write-Output " Checking to see if the local config exists..." Write-Output "------------------------------------------------------------`n" if (Test-Path $confLocalActive) { Write-Output "The local config exists." } else { Write-Output "The local config does not exist." Write-Output "Copying now..." Copy-Item -Path $confLocalTemp -Destination $confLocalActive } Write-Output "`n" Write-Output "------------------------------------------------------------" Write-Output " Computeing MD5 checksums..." Write-Output "------------------------------------------------------------`n" $confNetworkMD5 = (Get-FileHash -Algorithm MD5 $confNetwork).Hash $confLocalMD5 = (Get-FileHash -Algorithm MD5 $confLocalTemp).Hash Write-Output "The network template MD5 is: $confNetworkMD5" Write-Output "The local template MD5 is: $confLocalMD5" Write-Output "`n" Write-Output "------------------------------------------------------------" Write-Output " Checking template versions..." Write-Output "------------------------------------------------------------`n" if ($confNetworkMD5 -eq $confLocalMD5) { Write-Output "The template on the network has not changed." } else { Write-Output "Yippie, there is a new version!" Write-Output "Copying now..." Copy-Item -Path $confNetwork -Destination $confLocalTemp Copy-Item -Path $confLocalTemp -Destination $confLocalActive } Write-Output "`n" Write-Output "------------------------------------------------------------" Write-Output " Checking config file versions ..." Write-Output "------------------------------------------------------------`n" $confTest = Select-String -Path $confLocalActive -Pattern $hostNameFQDN if ($confTest -ne $null) { Write-Output "Everything is configured correctly." Write-Output "`nHappy computing Mr. Gopher!`n`n" } else { Write-Output "Joy! There is a new version or you need an update." Write-Output "Copying now...`n" Write-Output "Stopping the Zabbix Agent." net stop "Zabbix Agent" Start-Sleep -Seconds 5 Write-Output "Taking a wee nap." Write-Output "`nReplaceing the default Hostname value with the FQDN." Write-Output "Replaceing the default HostInterface value with the FQDN.`n" (Get-Content $confLocalTemp) | Foreach-Object { $_ -replace "Hostname=Windows host","Hostname=$hostNameFQDN" ` -replace "# HostInterface=","HostInterface=$hostNameFQDN" } | Set-Content $confLocalActive Start-Sleep -Seconds 5 Write-Output "Taking a wee nap." Write-Output "Starting the Zabbix Agent." net start "Zabbix Agent" Write-Output "`nHappy computing Mr. Gopher!`n`n" }
  1. Create a Scheduled Task GPO using the following settings:
Name: zabbixConfigUpdate Run As: NT AUTHORITY\System Logged on or not: Checked Highest privledge: Checked Confiugre for: Windows 7 and Windows 2008R2 Action: Start a program Program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add arguments: -ExecutionPolicy Bypass -File "C:\Program Files\Zabbix Agent\versionCheck.ps1"
  1. Now we will "install" the Zabbix agent. Create a GPO object as you normally would, except, set it to only run once. Use the following settings:
General tab: Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce New: String Value Value name: Zabbix Agent Install Value date: "C:\Program Files\Zabbix Agent\zabbix_agentd.exe" --config "C:\Program Files\Zabbix Agent\zabbix_agentd.conf" --install Common tab: Check: "Apply once and do not reapply"
  1. After the changes have been made and the GPO has been applied, reboot the machine.
  2. Verify the "Zabbix Agent" is added to the Windows services and set to start "Automatic."