The table provides details on the item keys that you can use with Zabbix Windows agent only.
Key | ||||
---|---|---|---|---|
Description | Return value | Parameters | Comments | |
eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxlines>,<mode>] | ||||
Event log monitoring. | Log | name - name of event log regexp - regular expression describing the required pattern severity - regular expression describing severity The parameter accepts the following values: "Information", "Warning", "Error", "Critical", "Verbose" (since Zabbix 2.2.0 running on Windows Vista or newer) In older Zabbix versions running on any Windows version it would be "Information", "Warning", "Error", "Failure Audit", "Success Audit". source - regular expression describing source identifier (regular expression is supported since Zabbix 2.2.0) eventid - regular expression describing the event identifier(s) maxlines - maximum number of new lines per second the agent will send to Zabbix server or proxy. This parameter overrides the value of 'MaxLinesPerSecond' in zabbix_agentd.win.conf mode - possible values: all (default), skip - skip processing of older data (affects only newly created items that have not returned any data yet). The mode parameter is supported since Zabbix 2.0.0. |
The item must be configured as an active check. Examples: eventlog[Application] eventlog[Security,,"Failure Audit",,^(529|680)$] eventlog[System,,"Warning|Error"] eventlog[System,,,,^1$] eventlog[System,,,,@TWOSHORT] - here a custom regular expression named TWOSHORT is referenced (defined as a Result is TRUE type, the expression itself being ^1$\|^70$ ).Note that the agent is unable to send in events from the "Forwarded events" log. "Windows Eventing 6.0" is supported since Zabbix 2.2.0. See also additional information on log monitoring. |
|
net.if.list | ||||
Network interface list (includes interface type, status, IPv4 address, description). | Text | Supported since Zabbix agent version 1.8.1. Multi-byte interface names supported since Zabbix agent version 1.8.6. Disabled interfaces are not listed. Note that enabling/disabling some components may change their ordering in the Windows interface name. Some Windows versions (for example, Server 2008) might require the latest updates installed to support non-ASCII characters in interface names. |
||
perf_counter[counter,<interval>] | ||||
Value of any Windows performance counter. | Integer, float, string or text (depending on the request) | counter - path to the counter interval - last N seconds for storing the average value. The interval must be between 1 and 900 seconds (included) and the default value is 1. |
Performance Monitor can be used to obtain list of available counters. Until version 1.6 this parameter will return correct value only for counters that require just one sample (like \System\Threads). It will not work as expected for counters that require more that one sample - like CPU utilisation. Since 1.6 interval is used, so the check returns an average value for last "interval" seconds every time. See also: Windows performance counters. |
|
proc_info[process,<attribute>,<type>] | ||||
Various information about specific process(es). | Float | process - process name attribute - requested process attribute. type - representation type (meaningful when more than one process with the same name exists) |
The following attributes are currently supported: vmsize (default) - Size of process virtual memory in Kbytes wkset - Size of process working set (amount of physical memory used by process) in Kbytes pf - Number of page faults ktime - Process kernel time in milliseconds utime - Process user time in milliseconds io_read_b - Number of bytes read by process during I/O operations io_read_op - Number of read operation performed by process io_write_b - Number of bytes written by process during I/O operations io_write_op - Number of write operation performed by process io_other_b - Number of bytes transferred by process during operations other than read and write operations io_other_op - Number of I/O operations performed by process, other than read and write operations gdiobj - Number of GDI objects used by process userobj - Number of USER objects used by process Valid types are: avg (default) - average value for all processes named <process> min - minimum value among all processes named <process> max - maximum value among all processes named <process> sum - sum of values for all processes named <process> Examples: proc_info[iexplore.exe,wkset,sum] - to get the amount of physical memory taken by all Internet Explorer processes proc_info[iexplore.exe,pf,avg] - to get the average number of page faults for Internet Explorer processes Note that on a 64-bit system, a 64-bit Zabbix agent is required for this item to work correctly. Note: io_*, gdiobj and userobj attributes are available only on Windows 2000 and later versions of Windows, not on Windows NT 4.0. |
|
service_state[service] | ||||
State of a service. | 0 - running 1 - paused 2 - start pending 3 - pause pending 4 - continue pending 5 - stop pending 6 - stopped 7 - unknown 255 - no such service |
service - a real service name or its display name as seen in MMC Services snap-in | ||
services[<type>,<state>,<exclude>] | ||||
Listing of services. | 0 - if empty Text - list of services separated by a newline |
type - one of all (default), automatic, manual, disabled state - one of all (default), stopped, started, start_pending, stop_pending, running, continue_pending, pause_pending, paused exclude - list of services to exclude it from the result. Excluded services should be written in double quotes, separated by comma, without spaces. This parameter is supported starting with Zabbix 1.8.1. |
Examples: services[,started] - list of started services services[automatic, stopped] - list of stopped services, that should be run services[automatic, stopped, "service1,service2,service3"] - list of stopped services, that should be run, excluding services with names service1, service2 and service3 |
|
wmi.get[<namespace>,<query>] | ||||
Execute WMI query and return the first selected object. | Integer, float, string or text (depending on the request) | namespace - WMI namespace query - WMI query returning a single object |
This key is supported starting with Zabbix 2.2.0. Examples: wmi.get[root\cimv2,select status from Win32_DiskDrive where Name like '%PHYSICALDRIVE0%'] - returns the status of the first physical disk |
This tutorial provides step-by-step instructions for setting up the monitoring of Windows services. It is assumed that Zabbix server and agent are configured and operational.
To monitor the up/down status of a service you need to perform the following steps:
Get the service name.
You can get that name by going to the services mmc and bringing up the properties of the service. In the General tab you should see a field called 'Service name'. The value that follows is the name you will use when setting up an item for monitoring.
For example, if you wanted to monitor the "workstation" service then your service might be: lanmanworkstation.
Configure an item for monitoring the service, with: