Documentation
Table of Contents
Elementos claves específicos de Windows
Item keys
The table provides details on the item keys that you can use with Zabbix Windows agent only.
See also: Minimum permission level for Windows agent items
| Key | ||||
|---|---|---|---|---|
| Description | Return value | Parameters | Comments | |
| eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxlines>,<mode>] | ||||
| Event log monitoring. | Log | name - name of event log regexp - regular expression describing the required pattern severity - regular expression describing severity This parameter accepts the following values: "Information", "Warning", "Error", "Critical", "Verbose" (since Zabbix 2.2.0 running on Windows Vista or newer) source - regular expression describing source identifier (regular expression is supported since Zabbix 2.2.0) eventid - regular expression describing the event identifier(s) maxlines - maximum number of new lines per second the agent will send to Zabbix server or proxy. This parameter overrides the value of 'MaxLinesPerSecond' in zabbix_agentd.win.conf mode - possible values: all (default), skip - skip processing of older data (affects only newly created items). |
The item must be configured as an active check. Examples: => eventlog[Application] => eventlog[Security,,"Failure Audit",,^(529|680)$] => eventlog[System,,"Warning|Error"] => eventlog[System,,,,^1$] => eventlog[System,,,,@TWOSHORT] - here a custom regular expression named TWOSHORT is referenced (defined as a Result is TRUE type, the expression itself being ^1$\|^70$).Note that the agent is unable to send in events from the "Forwarded events" log. The mode parameter is supported since Zabbix 2.0.0."Windows Eventing 6.0" is supported since Zabbix 2.2.0. Note that selecting a non-Log type of information for this item will lead to the loss of local timestamp, as well as log severity and source information. See also additional information on log monitoring. |
|
| net.if.list | ||||
| Network interface list (includes interface type, status, IPv4 address, description). | Text | Supported since Zabbix agent version 1.8.1. Multi-byte interface names supported since Zabbix agent version 1.8.6. Disabled interfaces are not listed. Note that enabling/disabling some components may change their ordering in the Windows interface name. Some Windows versions (for example, Server 2008) might require the latest updates installed to support non-ASCII characters in interface names. |
||
| perf_counter[counter,<interval>] | ||||
| Value of any Windows performance counter. | Integer, float, string or text (depending on the request) | counter - path to the counter interval - last N seconds for storing the average value. The interval must be between 1 and 900 seconds (included) and the default value is 1. |
Performance Monitor can be used to obtain list of available counters. Until version 1.6 this parameter will return correct value only for counters that require just one sample (like \System\Threads). It will not work as expected for counters that require more that one sample - like CPU utilization. Since 1.6, interval is used, so the check returns an average value for last "interval" seconds every time.See also: Windows performance counters. |
|
| perf_counter_en[counter,<interval>] | ||||
| Value of any Windows performance counter in English. | Integer, float, string or text (depending on the request) | counter - path to the counter in English interval - last N seconds for storing the average value. The interval must be between 1 and 900 seconds (included) and the default value is 1. |
This item is only supported on Windows Server 2008/Vista and above. You can find the list of English strings by viewing the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009.Supported since Zabbix agent versions 4.0.13 and 4.2.7. |
|
| perf_instance.discovery[object] | ||||
| List of object instances of Windows performance counters. Used for low-level discovery. | JSON object | object - object name (localized) | Supported since Zabbix agent version 5.0.1. | |
| perf_instance_en.discovery[object] | ||||
| List of object instances of Windows performance counters, discovered using object names in English. Used for low-level discovery. | JSON object | object - object name (in English) | Supported since Zabbix agent version 5.0.1. | |
| proc_info[process,<attribute>,<type>] | ||||
| Various information about specific process(es). | Float | process - process name attribute - requested process attribute type - representation type (meaningful when more than one process with the same name exists) |
The following attributes are supported:vmsize (default) - size of process virtual memory in Kbytes wkset - size of process working set (amount of physical memory used by process) in Kbytes pf - number of page faults ktime - process kernel time in milliseconds utime - process user time in milliseconds io_read_b - number of bytes read by process during I/O operations io_read_op - number of read operation performed by process io_write_b - number of bytes written by process during I/O operations io_write_op - number of write operation performed by process io_other_b - number of bytes transferred by process during operations other than read and write operations io_other_op - number of I/O operations performed by process, other than read and write operations gdiobj - number of GDI objects used by process userobj - number of USER objects used by process Valid types are:avg (default) - average value for all processes named <process> min - minimum value among all processes named <process> max - maximum value among all processes named <process> sum - sum of values for all processes named <process> Examples: => proc_info[iexplore.exe,wkset,sum] - to get the amount of physical memory taken by all Internet Explorer processes => proc_info[iexplore.exe,pf,avg] - to get the average number of page faults for Internet Explorer processes Note that on a 64-bit system, a 64-bit Zabbix agent is required for this item to work correctly. Note: io_*, gdiobj and userobj attributes are available only on Windows 2000 and later versions of Windows, not on Windows NT 4.0. |
|
| service.discovery | ||||
| List of Windows services. Used for low-level discovery. | JSON object | Supported since Zabbix agent version 3.0. | ||
| service.info[service,<param>] | ||||
| Information about a service. | Integer - with param as state, startupString - with param as displayname, path, userText - with param as descriptionSpecifically for state: 0 - running, 1 - paused, 2 - start pending, 3 - pause pending, 4 - continue pending, 5 - stop pending, 6 - stopped, 7 - unknown, 255 - no such service Specifically for startup: 0 - automatic, 1 - automatic delayed, 2 - manual, 3 - disabled, 4 - unknown, 5 - automatic trigger start, 6 - automatic delayed trigger start, 7 - manual trigger start |
service - a real service name or its display name as seen in MMC Services snap-in param - state (default), displayname, path, user, startup or description |
Examples: => service.info[SNMPTRAP] - state of the SNMPTRAP service => service.info[SNMP Trap] - state of the same service, but with display name specified => service.info[EventLog,startup] - startup type of the EventLog service Items service.info[service,state] and service.info[service] will return the same information. Note that only with param as state this item returns a value for non-existing services (255).This item is supported since Zabbix 3.0.0. It should be used instead of the deprecated service_state[service] item. |
|
| services[<type>,<state>,<exclude>] | ||||
| Listing of services. | 0 - if empty Text - list of services separated by a newline |
type - all (default), automatic, manual or disabled state - all (default), stopped, started, start_pending, stop_pending, running, continue_pending, pause_pending or paused exclude - services to exclude from the result. Excluded services should be listed in double quotes, separated by comma, without spaces. |
Examples: => services[,started] - list of started services => services[automatic, stopped] - list of stopped services, that should be run => services[automatic, stopped, "service1,service2,service3"] - list of stopped services, that should be run, excluding services with names service1, service2 and service3 The exclude parameter is supported since Zabbix 1.8.1. |
|
| wmi.get[<namespace>,<query>] | ||||
| Execute WMI query and return the first selected object. | Integer, float, string or text (depending on the request) | namespace - WMI namespace query - WMI query returning a single object |
WMI queries are performed with WQL. Example: => wmi.get[root\cimv2,select status from Win32_DiskDrive where Name like '%PHYSICALDRIVE0%'] - returns the status of the first physical disk This key is supported since Zabbix 2.2.0. |
|
| wmi.getall[<namespace>,<query>] | ||||
| Execute WMI query and return the whole response. Can be used for low-level discovery. |
JSON object | namespace - WMI namespace query - WMI query |
WMI queries are performed with WQL. Example: => wmi.getall[root\cimv2,select * from Win32_DiskDrive where Name like '%PHYSICALDRIVE%'] - returns status information of physical disks JSONPath preprocessing can be used to point to more specific values in the returned JSON. This key is supported since Zabbix 4.4.0. |
|
| vm.vmemory.size[<type>] | ||||
| Virtual memory size in bytes or in percentage from total. | Integer - for bytes Float - for percentage |
type - possible values: available (available virtual memory), pavailable (available virtual memory, in percent), pused (used virtual memory, in percent), total (total virtual memory, default), used (used virtual memory) |
Example: => vm.vmemory.size[pavailable] → available virtual memory, in percentage Monitoring of virtual memory statistics is based on: * Total virtual memory on Windows (total physical + page file size); * The maximum amount of memory Zabbix agent can commit; * The current committed memory limit for the system or Zabbix agent, whichever is smaller. This key is supported since Zabbix 3.0.7 and 3.2.3. |
|
Monitoreo de servicios de Windows
Este tutorial proporciona instrucciones paso a paso para configurar el seguimiento de los servicios de Windows. Se asume que el servidor Zabbix y el agente están configurados y operativos.
Paso 1
Obtenga el nombre del servicio.
Puede obtener ese nombre yendo al complemento MMC Services y abriendo las propiedades del servicio. En la pestaña General debería ver un campo llamado 'Nombre del servicio'. El valor que sigue es el nombre que usará al configurar un elemento para la supervisión.
Por ejemplo, si desea monitorear el servicio de "estación de trabajo", entonces su servicio podría ser: lanmanworkstation.
Paso 2
Configurar un elemento para monitorear el Servicio.
El elemento service.info[service,<param>] recupera la información sobre un servicio en particular. Dependiendo de la información que necesite, especifique la opción param que acepta los siguientes valores: nombre para mostrar, estado, ruta, usuario, inicio o descripción. los el valor predeterminado es estado si no se especifica parámetro (servicio.info[servicio]).
El tipo de valor devuelto depende del parámetro elegido: entero para estado y arranque; cadena de caracteres para nombre para mostrar, ruta y usuario; texto para descripción.
Ejemplo:
- Clave: service.info[lanmanworkstation]
- Tipo de información: Numérico (sin firmar)
- Mostrar valor: seleccione la asignación de valor Estado de servicio de Windows
Hay dos mapas de valores disponibles Estado de servicio de Windows y Windows tipo de inicio de servicio para asignar un valor numérico a una representación de texto en el Frontend.
Descubrimiento de servicios de Windows
Descubrimiento de bajo nivel proporciona una forma de crear automáticamente elementos, disparadores y gráficos para diferentes entidades en una computadora. Zabbix puede comenzar a monitorear automáticamente servicios de Windows en su máquina, sin la necesidad de saber exactamente nombre de un servicio o crear artículos para cada servicio manualmente. Un filtro se puede utilizar para generar elementos reales, disparadores y gráficos solo para servicios de interes.