You can subscribe to this list here.
2002 |
Jan
|
Feb
(6) |
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
(3) |
Nov
(6) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2003 |
Jan
|
Feb
(8) |
Mar
(2) |
Apr
(14) |
May
(10) |
Jun
(13) |
Jul
(16) |
Aug
(11) |
Sep
(14) |
Oct
(9) |
Nov
(4) |
Dec
(14) |
2004 |
Jan
(6) |
Feb
(11) |
Mar
(2) |
Apr
(14) |
May
(12) |
Jun
(3) |
Jul
(14) |
Aug
(22) |
Sep
(13) |
Oct
(9) |
Nov
(11) |
Dec
(8) |
2005 |
Jan
|
Feb
(4) |
Mar
|
Apr
(7) |
May
(4) |
Jun
(3) |
Jul
(8) |
Aug
(37) |
Sep
(16) |
Oct
(15) |
Nov
(1) |
Dec
(12) |
2006 |
Jan
|
Feb
(2) |
Mar
(2) |
Apr
(15) |
May
(22) |
Jun
(3) |
Jul
(9) |
Aug
(17) |
Sep
(46) |
Oct
(17) |
Nov
(14) |
Dec
(6) |
2007 |
Jan
(14) |
Feb
(7) |
Mar
(32) |
Apr
(4) |
May
(5) |
Jun
(56) |
Jul
(35) |
Aug
(33) |
Sep
(19) |
Oct
(16) |
Nov
(35) |
Dec
(19) |
2008 |
Jan
(16) |
Feb
(6) |
Mar
(10) |
Apr
(12) |
May
(4) |
Jun
(1) |
Jul
(5) |
Aug
(5) |
Sep
(7) |
Oct
(10) |
Nov
(1) |
Dec
(10) |
2009 |
Jan
(10) |
Feb
(3) |
Mar
(13) |
Apr
(9) |
May
(2) |
Jun
(5) |
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
(1) |
Dec
(16) |
2010 |
Jan
(1) |
Feb
(1) |
Mar
(1) |
Apr
(1) |
May
(10) |
Jun
(2) |
Jul
(3) |
Aug
(3) |
Sep
(1) |
Oct
(1) |
Nov
(1) |
Dec
(5) |
2011 |
Jan
(1) |
Feb
(1) |
Mar
(3) |
Apr
|
May
(1) |
Jun
(7) |
Jul
(17) |
Aug
(9) |
Sep
(4) |
Oct
(14) |
Nov
(7) |
Dec
(17) |
2012 |
Jan
(18) |
Feb
(13) |
Mar
(11) |
Apr
(5) |
May
(25) |
Jun
(23) |
Jul
(22) |
Aug
(30) |
Sep
(12) |
Oct
(5) |
Nov
(18) |
Dec
(13) |
2013 |
Jan
(2) |
Feb
(18) |
Mar
(28) |
Apr
(14) |
May
(33) |
Jun
(20) |
Jul
(24) |
Aug
(3) |
Sep
(26) |
Oct
(12) |
Nov
(3) |
Dec
(11) |
2014 |
Jan
(32) |
Feb
(17) |
Mar
(25) |
Apr
(20) |
May
(47) |
Jun
(15) |
Jul
(35) |
Aug
(13) |
Sep
(5) |
Oct
(5) |
Nov
(12) |
Dec
(2) |
2015 |
Jan
(3) |
Feb
(15) |
Mar
(10) |
Apr
(8) |
May
(12) |
Jun
(4) |
Jul
(2) |
Aug
|
Sep
(42) |
Oct
(10) |
Nov
(12) |
Dec
(2) |
2016 |
Jan
|
Feb
(11) |
Mar
(17) |
Apr
(3) |
May
(32) |
Jun
(13) |
Jul
(15) |
Aug
(14) |
Sep
(8) |
Oct
(8) |
Nov
(15) |
Dec
(4) |
2017 |
Jan
(5) |
Feb
(46) |
Mar
(10) |
Apr
(1) |
May
(15) |
Jun
(5) |
Jul
(11) |
Aug
(6) |
Sep
(10) |
Oct
(12) |
Nov
(7) |
Dec
(2) |
2018 |
Jan
(1) |
Feb
(3) |
Mar
(3) |
Apr
|
May
|
Jun
(1) |
Jul
(2) |
Aug
(7) |
Sep
(1) |
Oct
(1) |
Nov
(5) |
Dec
|
2019 |
Jan
(4) |
Feb
(1) |
Mar
|
Apr
(4) |
May
(1) |
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(1) |
2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
(7) |
Oct
(2) |
Nov
(4) |
Dec
|
2022 |
Jan
|
Feb
|
Mar
(7) |
Apr
(7) |
May
(9) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(5) |
Nov
|
Dec
|
2024 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2025 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: <dav...@gm...> - 2022-03-18 12:48:33
|
Welcome to the list. Enjoy Zabbix and if we can help we’ll try ! Dave. From: Toussaint OTTAVI <t.o...@bc...> Sent: 11 March 2022 10:00 To: wajika <wa...@12...>; zab...@li... Subject: Re: [Zabbix-users] test Le 11/03/2022 à 10:20, wajika a écrit : yes At 2022-03-11 16:36:37, "Toussaint OTTAVI" <mailto:t.o...@bc...> <t.o...@bc...> wrote: Is this list still active ? Thank you very much. I didn't see so much messages in the history... I'm starting playing around with Zabbix 6. I'm coming from another software,so, I'll have many questions... But for now, I still need to read some docs and test... Kind regards |
From: Ted S. <te...@se...> - 2022-03-17 12:30:58
|
if you are trying to give two different users/groups access to the same data, you could just create and give them two different dashboards only showing the data that they need to see. This way you collect all the data once, but present it differently to different people. I do this for some of my users today. I present the same data (or a portion of it) to different user groups. Both have permission to the raw data, but the item is hidden behind the custom dashboard for the group. Ted Serreyn Serreyn Network Services, LLC > On Mar 17, 2022, at 4:10 AM, Andreas Laut <and...@sp...> wrote: > > Hi, > > I don't think that this is possible. You have to use two different Hosts. Maye with underscore and group shortcut or so. > > The permissions for the template are only for the template. Access to a host means to the whole host with all items and triggers. > > The only thing which happens is in your scenario that the users can't see, that items depends of a template. > > Regards, > > Andreas > >> Am 16.03.22 um 15:23 schrieb Felipe Mendonça de Araujo: >> Hi, >> >> Is it possible to configure the scenario below? Two groups with access to >> the same host, but each one with restricted access to its template. I >> already defined the groups and permissions, but all users can view the >> items, graphics,... of the other group. >> >> >> [image: image.png] >> >> Regards, >> >> Felipe >> >> >> >> _______________________________________________ >> Zabbix-users mailing list >> Zab...@li... >> https://lists.sourceforge.net/lists/listinfo/zabbix-users > > > _______________________________________________ > Zabbix-users mailing list > Zab...@li... > https://lists.sourceforge.net/lists/listinfo/zabbix-users |
From: Andreas L. <and...@sp...> - 2022-03-17 08:59:59
|
Hi, I don't think that this is possible. You have to use two different Hosts. Maye with underscore and group shortcut or so. The permissions for the template are only for the template. Access to a host means to the whole host with all items and triggers. The only thing which happens is in your scenario that the users can't see, that items depends of a template. Regards, Andreas Am 16.03.22 um 15:23 schrieb Felipe Mendonça de Araujo: > Hi, > > Is it possible to configure the scenario below? Two groups with access to > the same host, but each one with restricted access to its template. I > already defined the groups and permissions, but all users can view the > items, graphics,... of the other group. > > > [image: image.png] > > Regards, > > Felipe > > > > _______________________________________________ > Zabbix-users mailing list > Zab...@li... > https://lists.sourceforge.net/lists/listinfo/zabbix-users |
From: Felipe M. de A. <fel...@gm...> - 2022-03-16 14:23:59
|
Hi, Is it possible to configure the scenario below? Two groups with access to the same host, but each one with restricted access to its template. I already defined the groups and permissions, but all users can view the items, graphics,... of the other group. [image: image.png] Regards, Felipe |
From: Toussaint O. <t.o...@bc...> - 2022-03-11 10:17:53
|
Le 11/03/2022 à 10:20, wajika a écrit : > > yes > > At 2022-03-11 16:36:37, "Toussaint OTTAVI" <t.o...@bc...> wrote: > > Is this list still active ? > Thank you very much. I didn't see so much messages in the history... I'm starting playing around with Zabbix 6. I'm coming from another software,so, I'll have many questions... But for now, I still need to read some docs and test... Kind regards |
From: Volker F. <vol...@gm...> - 2022-03-11 10:17:36
|
I guess Am 10. März 2022 14:10:51 MEZ schrieb Toussaint OTTAVI <t.o...@bc...>: >Hi, > >Is this list still active ? > >Kind regards |
From: Toussaint O. <t.o...@bc...> - 2022-03-10 14:26:29
|
Hi, Is this list still active ? Kind regards |
From: Shawn H. <za...@el...> - 2021-11-10 15:29:19
|
I am seeing TCP reset packets (at least that is what I think they are) being blocked by the firewall on my zabbix server. Log entries like this: Nov 10 07:59:33 smeagol kernel: [ 1176.045749] [UFW BLOCK] IN=eno1 OUT= MAC=ec:f4:bb:c8:bf:b8:00:25:22:24:e8:21:08:00 SRC=192.168.1.199 DST=192.168.1.200 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=10050 DPT=42724 WINDOW=0 RES=0x00 RST URGP=0 I found a couple of forum posts where others said the same. Neither post is recent: https://www.zabbix.com/forum/zabbix-troubleshooting-and-problems/412862-zabbix-passive-communication-extra-rst-packets https://www.zabbix.com/forum/zabbix-help/51363-strange-client-originated-traffic-on-random-ports On both agents and server, I am running version 1:6.0.0~alpha5-1+ubuntu20.04 installed from the zabbix APT repo. The zabbix agents all work properly. This isn't causing problems, just a lot of syslog spam. On one of those forum topics, the poster was informed that the extra packet was due to the TLS library. My servers have openssl 1.1.1f installed from Ubuntu packages. zabbix traffic is the only common traffic being logged by the firewall. I did see one reset on an https connection from somewhere out on the Internet, but almost all of the logged denies are from my zabbix agents. Thanks, Shawn |
From: Shawn H. <za...@el...> - 2021-11-05 23:55:01
|
On 11/5/2021 3:14 PM, Guus Snijders wrote: > This is probably a matter of measuring the wrong item (or rather, > triggering). > > In short: > For the Linux kernel goes that unused memory is wasted memory; memory > that isn't used for programs can be put to good use for buffering and > caches. > (Tip: google a bit on how to read the output of "free", you'll be > surprised). I'm very aware of how modern operating systems utilize otherwise unallocated memory for disk caching, and how that memory can be quickly surrendered if the system suddenly needs it. I know that it is completely normal for the "free" memory value to be extremely low even on systems with a lot of memory. I'm not looking at "free" memory, I am looking at "available" memory. The OS says there's 26077112 KB available (most of which comes from the "cache" column). But the zabbix agent seems to be telling the zabbix server that there's less than 10GB. I think it's reporting the wrong number. Or maybe the zabbix server is changing the number after it gets it from the agent, but that seems like a VERY unlikely scenario. If the available memory actually DOES drop below 10GB then we want to know. But according to the OS, it hasn't dropped below 10GB. So I am pretty sure zabbix is alerting when it shouldn't. I am trying to figure out how we can get the zabbix agent to report the same number that OS tools report. When I went looking into the source code, it looked to me like it SHOULD be gathering the same number that free and top use -- MemAvailable in /proc/meminfo, so I am very confused about where it is getting the number below 10GB. I was looking at this file, with the git branch changed to tags/5.2.6: src/libs/zbxsysinfo/linux/memory.c Thanks, Shawn |
From: Guus S. <gsn...@gm...> - 2021-11-05 21:14:32
|
Op vr 5 nov. 2021 20:48 schreef Shawn Heisey <za...@el...>: > I am seeing a large discrepancy between "available memory" reported by > the zabbix agent and what the OS itself reports for available memory: > > [root@prod-mirth01 ~]# free > total used free shared buff/cache > available > Mem: 263875988 236396884 800544 517912 26678560 > 26077112 > Swap: 134217724 2550784 131666940 > > The following graph was gathered a few seconds after that "free" command. > > https://www.dropbox.com/s/pfakf8oxayvvv3s/memory_graph_psa97.png?dl=0 > > We are seeing triggered alerts for a server that has plenty of free > memory every time we look at it. > This is probably a matter of measuring the wrong item (or rather, triggering). In short: For the Linux kernel goes that unused memory is wasted memory; memory that isn't used for programs can be put to good use for buffering and caches. (Tip: google a bit on how to read the output of "free", you'll be surprised). On the flipside, if you only take a quick look, you'll see that the system above has a 'free' metric of 800544, on a total of 263875988. So that isn't very much and looks a bit scary (trigger). However, that's the wrong value to look at. There's also 2607711 available memory. Available as in: not in (direct) use for running programs. Whether these values are good or bad depends on the workload: on a fileserver, you want a lot of 'available', but only a bit of 'free' memory. On an interactive system, you might prefer a lot of 'free' memory, before starting $intensive job, etc. A quick comparison would be a (big) office building: empty rooms can be great for possible expansion, but those can also mean that you invested too much for too little use. It just depends on the situation. So the trigger an sich might be ok or it might be totally fluff. There is no universal law here. It's a good idea to keep an eye on, though. If you notice *performance* problems om whatever workload, memory stats are one thing to look at. If the performance is ok, you might consider tuning this trigger to only fire on long occasions or only at externe values (some free memory will always be neccesary). Mvg, Guus Snijders |
From: Shawn H. <za...@el...> - 2021-11-05 19:45:39
|
I am seeing a large discrepancy between "available memory" reported by the zabbix agent and what the OS itself reports for available memory: [root@prod-mirth01 ~]# free total used free shared buff/cache available Mem: 263875988 236396884 800544 517912 26678560 26077112 Swap: 134217724 2550784 131666940 The following graph was gathered a few seconds after that "free" command. https://www.dropbox.com/s/pfakf8oxayvvv3s/memory_graph_psa97.png?dl=0 We are seeing triggered alerts for a server that has plenty of free memory every time we look at it. Here's the zabbix packages installed on the monitored server: [root@prod-mirth01 ~]# rpm -qa | grep zabb zabbix-release-5.2-1.el7.noarch zabbix-agent-5.2.6-1.el7.x86_64 zabbix-sender-5.2.6-1.el7.x86_64 The zabbix server is running 4.2.0rc2. This is for my job. These servers are running CentOS 7. On my own personal Ubuntu servers, I have a zabbix system of my own, running 6.0.0-alpha5 on both agents and server, and the available memory for its monitored servers matches the "free" command output. No discrepancy. Searching google for possible bugs, I see a number of bug reports, but from what I can see, all of them are on zabbix versions older than 3.0, much older than what's running here, and they are all fixed. Upgrading zabbix is something we would like to do, but these systems provide services to a client, and all changes must be approved by our management as well as that client. It's not impossible, just very challenging. We try not to make changes unless it's absolutely necessary, usually for obtaining security fixes. I took a look at what I think is the agent source code for 5.2.6. I will admit that my understanding of the code is not what I would hope for, but from what I can see, it should be gathering correct numbers. Would upgrading the zabbix agent and maybe the zabbix server fix this? Thanks, Shawn |
From: Volker F. <vol...@gm...> - 2021-10-12 10:05:36
|
You might be a lot better off with a shallow clone in every regards, see git-clone manpage. Greetings, Volker Am 08.10.21 um 17:07 schrieb Shawn Heisey: > I cannot successfully clone the zabbix git repository. > > sheisey@sheisey-dell-lp:~/git$ git clone > https://git.zabbix.com/scm/zbx/zabbix.git > Cloning into 'zabbix'... > remote: Counting objects: 959590, done. > remote: Compressing objects: 100% (206179/206179), done. > fatal: the remote end hung up unexpectedly.00 GiB | 8.30 MiB/s > fatal: early EOF > fatal: index-pack failed > > I believe this is likely the issue: > > https://confluence.atlassian.com/bitbucketserverkb/git-clone-fails-fatal-the-remote-end-hung-up-unexpectedly-fatal-early-eof-fatal-index-pack-failed-779171803.html > > > From what I have been able to deduce with git tracing enabled, the > zabbix repo is indeed bitbucket behind nginx. And what I see coincides > with the notion that nginx is configured with a 1GB size limit, as > mentioned in that article. > > I doubt this problem would show up for anyone who already has the repo > cloned, because an incremental change won't hit the 1GB limit. > > Thanks, > Shawn > > > > _______________________________________________ > Zabbix-users mailing list > Zab...@li... > https://lists.sourceforge.net/lists/listinfo/zabbix-users |
From: Shawn H. <za...@el...> - 2021-10-08 15:26:14
|
I cannot successfully clone the zabbix git repository. sheisey@sheisey-dell-lp:~/git$ git clone https://git.zabbix.com/scm/zbx/zabbix.git Cloning into 'zabbix'... remote: Counting objects: 959590, done. remote: Compressing objects: 100% (206179/206179), done. fatal: the remote end hung up unexpectedly.00 GiB | 8.30 MiB/s fatal: early EOF fatal: index-pack failed I believe this is likely the issue: https://confluence.atlassian.com/bitbucketserverkb/git-clone-fails-fatal-the-remote-end-hung-up-unexpectedly-fatal-early-eof-fatal-index-pack-failed-779171803.html From what I have been able to deduce with git tracing enabled, the zabbix repo is indeed bitbucket behind nginx. And what I see coincides with the notion that nginx is configured with a 1GB size limit, as mentioned in that article. I doubt this problem would show up for anyone who already has the repo cloned, because an incremental change won't hit the 1GB limit. Thanks, Shawn |
From: Guus S. <gsn...@gm...> - 2021-09-13 22:13:43
|
Op vr 10 sep. 2021 15:23 schreef Shane Corbin <sc...@ew...>: > That’s actually the approach we have been taking until now, however with a > huge number of cyber attacks now targeted at industrial infrastructure, > it’s not enough to just sit around and wait for the producer to release an > update. The standards that we are required to adhere to are requiring us > to be even more proactive. That includes making a best effort to address > zero day threats that have not been patched by the producer. > I haven't worked this out completely, but I think some scripting can come a long way here. Still assuming the cental db with installed programs/packages/etc (along with the relevant hosts. Why not just query this DB and use some Zabbix functionality for log parsing? You'd still need to register the (vulnerable) versions/pkg rels, but that can be in the same DB. No need for complex, changing macro's; just a single log format to check. That should be easy enough to trigger on. It's still a lot of work to keep up2date, though (although the installed version info should be automated). Not a complete answer, perhaps something to look into? Always remember that complexity will come back to bite, later.... Mvg, Guus Snijders |
From: Gustavo G. <gus...@cu...> - 2021-09-10 21:17:32
|
Looks like you did not set the values for the macros. El mar, 31 ago 2021 a las 4:10, Roy Sigurd Karlsbakk via Zabbix-users (< zab...@li...>) escribió: > Hi > > I'm trying to setup apache monitoring, but it fails with "Cannot perform > request: URL using bad/illegal format or missing URL". As far as I can see, > the URL tested is > '{$APACHE.STATUS.SCHEME}://{HOST.CONN}:{$APACHE.STATUS.PORT}/{$APACHE.STATUS.PATH}'. > This looks sane enough, but any idea how to really test this? > > Vennlig hilsen > > roy > -- > Roy Sigurd Karlsbakk > (+47) 98013356 > http://blogg.karlsbakk.net/ > GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt > -- > Da mihi sis bubulae frustrum assae, solana tuberosa in modo Gallico > fricta, ac quassum lactatum coagulatum crassum. Quod me nutrit me destruit. > > > _______________________________________________ > Zabbix-users mailing list > Zab...@li... > https://lists.sourceforge.net/lists/listinfo/zabbix-users > -- [image: Custos Monitoring] <http://custos.uy/> Gustavo Guido Zabbix Certified Trainer +598 99 286 741 custos.uy |
From: Guus S. <gsn...@gm...> - 2021-09-10 20:04:23
|
Op vr 10 sep. 2021 15:23 schreef Shane Corbin <sc...@ew...>: > That’s actually the approach we have been taking until now, however with a > huge number of cyber attacks now targeted at industrial infrastructure, > it’s not enough to just sit around and wait for the producer to release an > update. The standards that we are required to adhere to are requiring us > to be even more proactive. > I understand where you're coming from, also the point of using the available tools (vs wished for tools), but it's also a matter of scale. With 'regular' *nix distro's, you have *a lot* of packages on any given system. It's probably faster to query a (central) database for specific package versions than creating thousands of alerts (and then getting lost in the message storm). It's probably possible to use the zabbix agent to query that DB (as opposed to all systems) and have a nice counter on a dashboard, but then you'd still need to create *detailed* strings to search for. Eg for distro X it's version 1.foo, with pkg rel a, but for distro y, it's 1.bar with pkgrel d, etc. When your queries are that specific, Zabbix just isn't worth it anymore. You're better off writing the sql interactively IMHO.... Otoh, when you have the central db of all packages, these queries become fairly easy, suddenly. This doesn't help with config errors, of course. Those are an entirely other game :). Mvg, Guus Snijders |
From: Shane C. <sc...@ew...> - 2021-09-10 13:23:08
|
That’s actually the approach we have been taking until now, however with a huge number of cyber attacks now targeted at industrial infrastructure, it’s not enough to just sit around and wait for the producer to release an update. The standards that we are required to adhere to are requiring us to be even more proactive. That includes making a best effort to address zero day threats that have not been patched by the producer. Should a threat arise that a patch has not been released for, we still have to take immediate action to prevent the attack until such a patch becomes available. I agree we should use the right tools for the job, and Zabbix is definitely not the right tool for the job, however I have to work with the tools I’m being given, and this seems like it would be a very simple task for Zabbix if not for the macro restrictions. Setting up a central database and monitoring the database is an option although it would get pretty complicated setting up triggers to compare version numbers in the database to the version numbers detected on each host. Shane Corbin Electrical Engineer/IT Administrator Direct: (217) 893-5526 Office: (217) 892-4322 Call via Teams<callto:sc...@ew...> Chat via Teams<https://teams.microsoft.com/l/chat/0/0?users=sc...@ew...> From: Guus Snijders <gsn...@gm...> Sent: Friday, September 10, 2021 4:08 AM To: Shane Corbin <sc...@ew...>; zabbix-users <zab...@li...> Subject: Re: [Zabbix-users] How to automatically create host macro by discovery rule for use with discovered items/triggers. Op vr 10 sep. 2021 08:20 schreef Shane Corbin <sc...@ew...<mailto:sc...@ew...>>: Thanks for the response Shawn. That’s kind of disappointing. I first considered separate templates for each piece of software I am concerned about, but unfortunately I am concerned about all of them no matter how big or small. [···] As for RHEL not incrementing version numbers when patching vulns is… well.. disappointing and quite irresponsible of them. That’s exactly what minor version numbers are for. Not surprising though, we intentionally avoid RHEL for many other reasons, this is just yet another reason to continue on that path. Just a suggestion, but why not flip the logic around and report the available updates for $system? One thing we *know* in advance is that we're running vulnerable software, but when a new vulnerability is found, we still rely on the distributor for an update to fix the vulnerability. So why would we chase changing version numbers? If you really want to know, you could query the package db and store the relevant version numbers in a central DB (for all running systems!), and then monitor that DB for relevant versions. You should probably include pkg release numbers, but that shouldn't be that hard. Zabbix is about performance and availability, just use the right tools for the right purpose. Just my € 0.02 mvg, Guus Snijders |
From: Guus S. <gsn...@gm...> - 2021-09-10 09:08:11
|
Op vr 10 sep. 2021 08:20 schreef Shane Corbin <sc...@ew...>: > Thanks for the response Shawn. That’s kind of disappointing. I first > considered separate templates for each piece of software I am concerned > about, but unfortunately I am concerned about all of them no matter how big > or small. [···] > > > > As for RHEL not incrementing version numbers when patching vulns is… > well.. disappointing and quite irresponsible of them. That’s exactly what > minor version numbers are for. Not surprising though, we intentionally > avoid RHEL for many other reasons, this is just yet another reason to > continue on that path. > Just a suggestion, but why not flip the logic around and report the available updates for $system? One thing we *know* in advance is that we're running vulnerable software, but when a new vulnerability is found, we still rely on the distributor for an update to fix the vulnerability. So why would we chase changing version numbers? If you really want to know, you could query the package db and store the relevant version numbers in a central DB (for all running systems!), and then monitor that DB for relevant versions. You should probably include pkg release numbers, but that shouldn't be that hard. Zabbix is about performance and availability, just use the right tools for the right purpose. Just my € 0.02 mvg, Guus Snijders |
From: Shane C. <sc...@ew...> - 2021-09-09 19:07:56
|
Thanks for the response Shawn. That’s kind of disappointing. I first considered separate templates for each piece of software I am concerned about, but unfortunately I am concerned about all of them no matter how big or small. The solution to this was creating the macros using discovery, and if and only if I get a notice of or discover a vulnerable version of a given piece of software, the macro and trigger would already be present, and all I would have to do is update the one macro on the one template from the seemingly infinite value preventing the trigger from going active to the real latest vulnerable version number, and get a flooding of alerts from Zabbix letting me know about each and every machine that contains the vulnerable version so I can quickly organize the effort to remove or upgrade the affected versions. Managing a template per piece of software would get the same results, however I would spend the next month or two creating templates. As for RHEL not incrementing version numbers when patching vulns is… well.. disappointing and quite irresponsible of them. That’s exactly what minor version numbers are for. Not surprising though, we intentionally avoid RHEL for many other reasons, this is just yet another reason to continue on that path. Thanks for the thoughts. Hopefully discovery based macro creation becomes a thing sometime in the near future. Shane Corbin Electrical Engineer/IT Administrator Direct: (217) 893-5526 Office: (217) 892-4322 Call via Teams<callto:sc...@ew...> Chat via Teams<https://teams.microsoft.com/l/chat/0/0?users=sc...@ew...> From: Shawn Badger <sh...@ba...> Sent: Wednesday, September 8, 2021 6:47 AM To: Shane Corbin <sc...@ew...> Cc: Zab...@li... Subject: Re: [Zabbix-users] How to automatically create host macro by discovery rule for use with discovered items/triggers. I don't believe there is a way to create marco's with a discovery rule. If I was to do something like what you are talking about I would create a template for piece of software that you are concerned about and apply those templates to the host. The real issue I see is maintaining those templates with all the different vulnerable versions. Also be aware that some system like RHEL patch the vulnerability but don't increment the major or minor version numbers for that piece of software to maintain compatibility. Good luck! On Tue, Aug 24, 2021 at 10:35 PM Shane Corbin <sc...@ew...<mailto:sc...@ew...>> wrote: Hi Guys, I currently have a template that I created that discovers installed software on Windows systems and creates items to monitor it’s existence and version. I have a trigger that alerts me when a version number changes, essentially notifying me of updates, and it works quite well. What I want to add to this, is the ability to monitor for vulnerable versions of each piece of discovered software. For example, when the discovery rule finds a piece of installed software, it should create another trigger that alerts me if a program’s version number is below a certain number. To make this vulnerable version number adjustable I need it also to create a macro on the host for each piece of software discovered called something like {$PROGRAMNAME_LAST_KNOWN_VULN_VERSION}. I would have it default to something like 999999999 so that my trigger would be in the OK state by default, but then if I get a vulnerability notice on a piece of software, I can change this macro to the version number of the known vulnerable software version, and then my trigger would alert me if any of our machines are using a version that is equal to or less than the vulnerable version. Is it possible to create macros by discovery like this? Can’t find much documentation on it if it is possible. Shane Corbin Electrical Engineer/IT Administrator Direct: (217) 893-5526 Office: (217) 892-4322 Call via Teams<callto:sc...@ew...> Chat via Teams<https://teams.microsoft.com/l/chat/0/0?users=sc...@ew...> _______________________________________________ Zabbix-users mailing list Zab...@li...<mailto:Zab...@li...> https://lists.sourceforge.net/lists/listinfo/zabbix-users |
From: Shawn B. <sh...@ba...> - 2021-09-08 12:51:50
|
I don't believe there is a way to create marco's with a discovery rule. If I was to do something like what you are talking about I would create a template for piece of software that you are concerned about and apply those templates to the host. The real issue I see is maintaining those templates with all the different vulnerable versions. Also be aware that some system like RHEL patch the vulnerability but don't increment the major or minor version numbers for that piece of software to maintain compatibility. Good luck! On Tue, Aug 24, 2021 at 10:35 PM Shane Corbin <sc...@ew...> wrote: > Hi Guys, > > I currently have a template that I created that discovers > installed software on Windows systems and creates items to monitor it’s > existence and version. I have a trigger that alerts me when a version > number changes, essentially notifying me of updates, and it works quite > well. What I want to add to this, is the ability to monitor for vulnerable > versions of each piece of discovered software. For example, when the > discovery rule finds a piece of installed software, it should create > another trigger that alerts me if a program’s version number is below a > certain number. To make this vulnerable version number adjustable I need > it also to create a macro on the host for each piece of software discovered > called something like {$PROGRAMNAME_LAST_KNOWN_VULN_VERSION}. I would have > it default to something like 999999999 so that my trigger would be in the > OK state by default, but then if I get a vulnerability notice on a piece of > software, I can change this macro to the version number of the known > vulnerable software version, and then my trigger would alert me if any of > our machines are using a version that is equal to or less than the > vulnerable version. > > > > Is it possible to create macros by discovery like this? > Can’t find much documentation on it if it is possible. > > > > Shane Corbin > > Electrical Engineer/IT Administrator > > Direct: (217) 893-5526 > > Office: (217) 892-4322 > > Call via Teams <callto:sc...@ew...> > > Chat via Teams > <https://teams.microsoft.com/l/chat/0/0?users=sc...@ew...> > > > _______________________________________________ > Zabbix-users mailing list > Zab...@li... > https://lists.sourceforge.net/lists/listinfo/zabbix-users > |
From: Roy S. K. <ro...@ka...> - 2021-08-31 07:29:51
|
Hi I'm trying to setup apache monitoring, but it fails with "Cannot perform request: URL using bad/illegal format or missing URL". As far as I can see, the URL tested is '{$APACHE.STATUS.SCHEME}://{HOST.CONN}:{$APACHE.STATUS.PORT}/{$APACHE.STATUS.PATH}'. This looks sane enough, but any idea how to really test this? Vennlig hilsen roy -- Roy Sigurd Karlsbakk (+47) 98013356 http://blogg.karlsbakk.net/ GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt -- Da mihi sis bubulae frustrum assae, solana tuberosa in modo Gallico fricta, ac quassum lactatum coagulatum crassum. Quod me nutrit me destruit. |
From: Shane C. <sc...@ew...> - 2021-08-24 19:42:46
|
Hi Guys, I currently have a template that I created that discovers installed software on Windows systems and creates items to monitor it's existence and version. I have a trigger that alerts me when a version number changes, essentially notifying me of updates, and it works quite well. What I want to add to this, is the ability to monitor for vulnerable versions of each piece of discovered software. For example, when the discovery rule finds a piece of installed software, it should create another trigger that alerts me if a program's version number is below a certain number. To make this vulnerable version number adjustable I need it also to create a macro on the host for each piece of software discovered called something like {$PROGRAMNAME_LAST_KNOWN_VULN_VERSION}. I would have it default to something like 999999999 so that my trigger would be in the OK state by default, but then if I get a vulnerability notice on a piece of software, I can change this macro to the version number of the known vulnerable software version, and then my trigger would alert me if any of our machines are using a version that is equal to or less than the vulnerable version. Is it possible to create macros by discovery like this? Can't find much documentation on it if it is possible. Shane Corbin Electrical Engineer/IT Administrator Direct: (217) 893-5526 Office: (217) 892-4322 Call via Teams<callto:sc...@ew...> Chat via Teams<https://teams.microsoft.com/l/chat/0/0?users=sc...@ew...> |
From: Javi L. <ja...@le...> - 2020-12-07 15:46:41
|
Hi there. I would like to monitor a host without having to install zabbix agent. I would like to run a docker container. The only thing that I've found is this project <https://github.com/digiapulssi/docker-zabbix-agent>. I tried below approach, but no items are supported: docker run \ --name test \ --network=host \ --privileged \ --hostname=host1.example.com \ -e ZBX_HOSTNAME=host1.example.com \ -e ZBX_SERVER_HOST=server.example.com \ -e ZBX_TLSPSKIDENTITY=host1.example.com \ -e ZBX_TLSPSKFILE=psk_file.psk \ -e ZBX_TLSCONNECT=unencrypted \ -e ZBX_TLSACCEPT=unencrypted \ -e ZBX_REFRESHACTIVECHECKS=60 \ -e ZBX_DEBUGLEVEL=3 \ -v /proc:/host/proc:ro \ -v /sys:/host/sys:ro \ -v /dev:/host/dev:ro \ -v /etc:/host/etc:ro \ -v /home/kedu/zabbix/enc:/var/lib/zabbix/enc \ -d zabbix/zabbix-agent The host is even autoregistered, but after get the host added to some templates no Linux items are supported. Thanks. Javier |
From: Guus S. <gsn...@gm...> - 2020-11-11 07:50:54
|
Op wo 11 nov. 2020 08:36 schreef Piyush Joshi <piy...@pr...>: > Hi, > > I am new to Zabbix and trying to integrate Ruckus WLC to monitor all > connected AP, Bandwidth, Uptime of AP. > There are some templates available here: https://www.zabbix.com/integrations/ruckus Not sure if these are what you're looking for, but it might be a start. I have had devices where we had to dig uo the SNMP OID's ourselves, that was not funny... There are usually quite good templates available, though sometimes it's a bit of trial and error to find the best one for your specific situation. Mvg, Guus Snijders |
From: Piyush J. <piy...@pr...> - 2020-11-11 07:15:33
|
Hi, I am new to Zabbix and trying to integrate Ruckus WLC to monitor all connected AP, Bandwidth, Uptime of AP. Is there anyone who can help me with this? Regards Piyush Joshi |