Menu
▾
▴
Re: [Zabbix-users] How to automatically create host macro by discovery rule for use with discovered items/triggers.
|
From: Guus S. <gsn...@gm...> - 2021-09-10 20:04:23
|
Op vr 10 sep. 2021 15:23 schreef Shane Corbin <sc...@ew...>: > That’s actually the approach we have been taking until now, however with a > huge number of cyber attacks now targeted at industrial infrastructure, > it’s not enough to just sit around and wait for the producer to release an > update. The standards that we are required to adhere to are requiring us > to be even more proactive. > I understand where you're coming from, also the point of using the available tools (vs wished for tools), but it's also a matter of scale. With 'regular' *nix distro's, you have *a lot* of packages on any given system. It's probably faster to query a (central) database for specific package versions than creating thousands of alerts (and then getting lost in the message storm). It's probably possible to use the zabbix agent to query that DB (as opposed to all systems) and have a nice counter on a dashboard, but then you'd still need to create *detailed* strings to search for. Eg for distro X it's version 1.foo, with pkg rel a, but for distro y, it's 1.bar with pkgrel d, etc. When your queries are that specific, Zabbix just isn't worth it anymore. You're better off writing the sql interactively IMHO.... Otoh, when you have the central db of all packages, these queries become fairly easy, suddenly. This doesn't help with config errors, of course. Those are an entirely other game :). Mvg, Guus Snijders |
