Menu
▾
▴
Re: [Zabbix-users] How to automatically create host macro by discovery rule for use with discovered items/triggers.
|
From: Shane C. <sc...@ew...> - 2021-09-09 19:07:56
|
Thanks for the response Shawn. That’s kind of disappointing. I first considered separate templates for each piece of software I am concerned about, but unfortunately I am concerned about all of them no matter how big or small. The solution to this was creating the macros using discovery, and if and only if I get a notice of or discover a vulnerable version of a given piece of software, the macro and trigger would already be present, and all I would have to do is update the one macro on the one template from the seemingly infinite value preventing the trigger from going active to the real latest vulnerable version number, and get a flooding of alerts from Zabbix letting me know about each and every machine that contains the vulnerable version so I can quickly organize the effort to remove or upgrade the affected versions. Managing a template per piece of software would get the same results, however I would spend the next month or two creating templates. As for RHEL not incrementing version numbers when patching vulns is… well.. disappointing and quite irresponsible of them. That’s exactly what minor version numbers are for. Not surprising though, we intentionally avoid RHEL for many other reasons, this is just yet another reason to continue on that path. Thanks for the thoughts. Hopefully discovery based macro creation becomes a thing sometime in the near future. Shane Corbin Electrical Engineer/IT Administrator Direct: (217) 893-5526 Office: (217) 892-4322 Call via Teams<callto:sc...@ew...> Chat via Teams<https://teams.microsoft.com/l/chat/0/0?use...@ew...> From: Shawn Badger <sh...@ba...> Sent: Wednesday, September 8, 2021 6:47 AM To: Shane Corbin <sc...@ew...> Cc: Zab...@li... Subject: Re: [Zabbix-users] How to automatically create host macro by discovery rule for use with discovered items/triggers. I don't believe there is a way to create marco's with a discovery rule. If I was to do something like what you are talking about I would create a template for piece of software that you are concerned about and apply those templates to the host. The real issue I see is maintaining those templates with all the different vulnerable versions. Also be aware that some system like RHEL patch the vulnerability but don't increment the major or minor version numbers for that piece of software to maintain compatibility. Good luck! On Tue, Aug 24, 2021 at 10:35 PM Shane Corbin <sc...@ew...<mailto:sc...@ew...>> wrote: Hi Guys, I currently have a template that I created that discovers installed software on Windows systems and creates items to monitor it’s existence and version. I have a trigger that alerts me when a version number changes, essentially notifying me of updates, and it works quite well. What I want to add to this, is the ability to monitor for vulnerable versions of each piece of discovered software. For example, when the discovery rule finds a piece of installed software, it should create another trigger that alerts me if a program’s version number is below a certain number. To make this vulnerable version number adjustable I need it also to create a macro on the host for each piece of software discovered called something like {$PROGRAMNAME_LAST_KNOWN_VULN_VERSION}. I would have it default to something like 999999999 so that my trigger would be in the OK state by default, but then if I get a vulnerability notice on a piece of software, I can change this macro to the version number of the known vulnerable software version, and then my trigger would alert me if any of our machines are using a version that is equal to or less than the vulnerable version. Is it possible to create macros by discovery like this? Can’t find much documentation on it if it is possible. Shane Corbin Electrical Engineer/IT Administrator Direct: (217) 893-5526 Office: (217) 892-4322 Call via Teams<callto:sc...@ew...> Chat via Teams<https://teams.microsoft.com/l/chat/0/0?use...@ew...> _______________________________________________ Zabbix-users mailing list Zab...@li...<mailto:Zab...@li...> https://lists.sourceforge.net/lists/listinfo/zabbix-users |
