Zabbix

From HerzbubeWiki
Jump to: navigation, search

This page has information about how to install, configure and run the system monitoring solution Zabbix.


Debian packages

Install the following packages from Debian backports

zabbix-agent
zabbix-server-pgsql
zabbix-frontend-php

Zabbix makes use of fping to perform ICMP pings. This package therefore must also be installed:

fping


Server setup

Create database and user

This is documented in

/usr/share/doc/zabbix-server-pgsql/README.Debian

Run the following commands to create the PostgreSQL database and the database user/role:

sudo -u postgres createdb zabbix
sudo -u postgres createuser -SDRP zabbix

Discussion

  • -D = --no-createdb
  • -P = --pwprompt
  • -R = --no-createrole
  • -S = --no-superuser


Finally, this command populates the database:

zcat /usr/share/zabbix-server-pgsql/{schema,images,data}.sql.gz | psql -h localhost zabbix zabbix


Server configuration

The Zabbix server configuration is stored in

/etc/zabbix/zabbix_server.conf

Local configuration snippets that override the main server configuration can be placed in the folder

/etc/zabbix/zabbix_server.conf.d

Here are the settings I use on pelargir:

root@pelargir:~# cat /etc/zabbix/zabbix_server.conf.d/pelargir.conf
# Don't listen for trapper items on port 10051
# Note from the documentation:
#       At least one trapper process must be running to display server availability and view queue
#       in the frontend.
# I don't know yet what this means.
StartTrappers=0

# If listening for trapper items is required for any reason, at least
# do not listen on the public network interface.
ListenIP=127.0.0.1

DBPassword=secret

Because the configuration snippet contains a password, its file system permissions must be restricted:

root@pelargir:~# ls -l /etc/zabbix/zabbix_server.conf.d/pelargir.conf
-r--r----- 1 root zabbix 27 Jul 28 02:45 /etc/zabbix/zabbix_server.conf.d/pelargir.conf

Note: If the Zabbix Server cannot read any of its configuration files on startup, it will not start up at all - the error is only visible in the syslog.


Server start

The usual

/etc/init.d/zabbix-server start


Agent setup

Agent configuration

The Zabbix agent configuration is stored in

/etc/zabbix/zabbix_agentd.conf

Local configuration snippets that override the main agent configuration can be placed in the folder

/etc/zabbix/zabbix_agentd.conf.d

Here are the settings I use on pelargir:

# Do not listen on the public network interface
ListenIP=127.0.0.1


Agent start

The usual

/etc/init.d/zabbix-agent start


Web frontend setup

Apache configuration

The Zabbix packages provide an Apache configuration snippet, but it remains disabled by default. To enable it manually:

a2enconf zabbix-frontend-php


Also, add this to pelargir.herzbube.ch.conf to make Zabbix accessible under https://pelargir.herzbube.ch/zabbix/:

<Directory /usr/share/zabbix/>
  php_admin_flag engine on
</Directory>


PHP configuration

The Zabbix web frontend setup requires that the PHP timezone is set up correctly. See this wiki page for details.


Finish setup in web browser

Point the browser at this URL:

https://pelargir.herzbube.ch/zabbix/


This starts the setup wizard. Enter the following details:

  • Database = Enter database name, user and password
  • Server = localhost, port = 10051
  • Installation name = pelargir.herzbube.ch


The setup process tries to create the config file

/etc/zabbix/zabbix.conf.php

which of course fails because the web server does not have write access to this directory. The configuration file can be manually downloaded and installed in the path shown above. Here is the content:

root@pelargir:~# cat /etc/zabbix/zabbix.conf.php
<?php
// Zabbix GUI configuration file.
global $DB;

$DB['TYPE']     = 'POSTGRESQL';
$DB['SERVER']   = 'localhost';
$DB['PORT']     = '0';
$DB['DATABASE'] = 'zabbix';
$DB['USER']     = 'zabbix';
$DB['PASSWORD'] = 'secret';

// Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '';

$ZBX_SERVER      = 'localhost';
$ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = 'pelargir.herzbube.ch';

$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;

Because the configuration file contains a password, its file system permissions must be restricted:

root@pelargir:~# ls -l /etc/zabbix/zabbix.conf.php
-r--r----- 1 root www-data 449 Jul 28 03:04 /etc/zabbix/zabbix.conf.php

Once the configuration file is in place, the setup wizard can be finished. Important: Immediately log in with the default username/password (Admin/zabbix) and change the password to something non-standard!


Configuration

Remove guest login

Navigate to "Administration > User groups > Guests", then disable the user group to remove the guest login option from the login screen.


Configure media types

Navigate to "Administration > Media types > Email". Configure the media type like this:

  • SMTP server = localhost
  • SMTP helo = zabbix
  • SMTP email = zabbix@herzbube.ch
  • Connection security = None
  • Authentication = None


Disable the other media types

  • Administration > Media types > Jabber
  • Administration > Media types > SMS


Enable email alerts

Navigate to "Administration > Users > Admin > Media". Select "Add", then enter the following details:

  • Type = Email
  • Send to = herzbube@herzbube.ch


Enable server monitoring

Navigate to "Configuration > Hosts > Zabbix server", then enable the host.


Monitor internet connection

TODO: The following stuff doesn't work. I have not yet found out how to ping an external host that does not run a Zabbix agent.


Navigate to "Configuration > Host groups", then select "Create host group" and enter the following details:

  • Group name = Internet servers

Navigate to "Configuration > Hosts", then select "Create host" and enter the following details:

  • Host name = www.google.ch
  • Groups = Internet servers
  • Agent interfaces = Remove the default interface


Navigate to "Configuration > Hosts > Zabbix server > Items", then select "Create item" and enter the following details:

  • Name = Internet connection
  • Type = Simple check
  • Key = icmpping[www.google.ch,4]


Service monitoring

Navigate to "Configuration > Hosts > Zabbix server > Templates". In the section "Link new templates", search and add the following templates:

  • Template App SMTP Service
  • Template App IMAP Service
  • Template App LDAP Service
  • Template App HTTP Service
  • Template App HTTPS Service
  • Template App MySQL Service
  • Template App SSH Service


TODO: PostgreSQL


Certificate validity checks

TODO


Diagnostics

Testing whether email works

Add a dummy trigger that is guaranteed to fire to the "Zabbix server" host:

  • Name = root fs has more than 10% free space
  • Expression = {Zabbix server:vfs.fs.size[/,pfree].last()}>10