This is a translation of the original English documentation page. Help us make it better.

Sidebar

Zabbix Summit 2022
Register for Zabbix Summit 2022

Windows 固有の item キー

Item キー

表は、Zabbix Windows agent で使用できる固有の item キーの詳細です。

こちらもご参照ください。Minimum permission level for Windows agent items

Key
Description 戻り値 パラメータ コメント
eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxlines>,<mode>]
Event log monitoring. Log name - name of event log
regexp - regular expression describing the required pattern
severity - regular expression describing severity
This parameter accepts the following values: "Information", "Warning", "Error", "Critical", "Verbose" (since Zabbix 2.2.0 running on Windows Vista or newer)
source - regular expression describing source identifier (regular expression is supported since Zabbix 2.2.0)
eventid - regular expression describing the event identifier(s)
maxlines - maximum number of new lines per second the agent will send to Zabbix server or proxy. This parameter overrides the value of 'MaxLinesPerSecond' in zabbix_agentd.win.conf
mode - possible values:
all (default), skip - skip processing of older data (affects only newly created items).
The item must be configured as an active check.

Examples:
=> eventlog[Application]
=> eventlog[Security,,"Failure Audit",,^(529|680)$]
=> eventlog[System,,"Warning|Error"]
=> eventlog[System,,,,^1$]
=> eventlog[System,,,,@TWOSHORT] - here a custom regular expression named TWOSHORT is referenced (defined as a Result is TRUE type, the expression itself being ^1$\|^70$).

Note that the agent is unable to send in events from the "Forwarded events" log.

The mode parameter is supported since Zabbix 2.0.0.
"Windows Eventing 6.0" is supported since Zabbix 2.2.0.

Note that selecting a non-Log type of information for this item will lead to the loss of local timestamp, as well as log severity and source information.

See also additional information on log monitoring.
net.if.list
Network interface list (includes interface type, status, IPv4 address, description). Text Supported since Zabbix agent version 1.8.1. Multi-byte interface names supported since Zabbix agent version 1.8.6. Disabled interfaces are not listed.

Note that enabling/disabling some components may change their ordering in the Windows interface name.

Some Windows versions (for example, Server 2008) might require the latest updates installed to support non-ASCII characters in interface names.
perf_counter[counter,<interval>]
Value of any Windows performance counter. Integer, float, string or text (depending on the request) counter - path to the counter
interval - last N seconds for storing the average value.
The interval must be between 1 and 900 seconds (included) and the default value is 1.
Performance Monitor can be used to obtain list of available counters. Until version 1.6 this parameter will return correct value only for counters that require just one sample (like \System\Threads). It will not work as expected for counters that require more than one sample - like CPU utilization. Since 1.6, interval is used, so the check returns an average value for last "interval" seconds every time.

See also: Windows performance counters.
perf_counter_en[counter,<interval>]
Value of any Windows performance counter in English. Integer, float, string or text (depending on the request) counter - path to the counter in English
interval - last N seconds for storing the average value.
The interval must be between 1 and 900 seconds (included) and the default value is 1.
This item is only supported on Windows Server 2008/Vista and above.

You can find the list of English strings by viewing the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009.

Supported since Zabbix agent versions 4.0.13 and 4.2.7.
perf_instance.discovery[object]
List of object instances of Windows performance counters. Used for low-level discovery. JSON object object - object name (localized) Supported since Zabbix agent version 5.0.1.
perf_instance_en.discovery[object]
List of object instances of Windows performance counters, discovered using object names in English. Used for low-level discovery. JSON object object - object name (in English) Supported since Zabbix agent version 5.0.1.
proc_info[process,<attribute>,<type>]
Various information about specific process(es). Float process - process name
attribute - requested process attribute
type - representation type (meaningful when more than one process with the same name exists)
The following attributes are supported:
vmsize (default) - size of process virtual memory in Kbytes
wkset - size of process working set (amount of physical memory used by process) in Kbytes
pf - number of page faults
ktime - process kernel time in milliseconds
utime - process user time in milliseconds
io_read_b - number of bytes read by process during I/O operations
io_read_op - number of read operation performed by process
io_write_b - number of bytes written by process during I/O operations
io_write_op - number of write operation performed by process
io_other_b - number of bytes transferred by process during operations other than read and write operations
io_other_op - number of I/O operations performed by process, other than read and write operations
gdiobj - number of GDI objects used by process
userobj - number of USER objects used by process

Valid types are:
avg (default) - average value for all processes named <process>
min - minimum value among all processes named <process>
max - maximum value among all processes named <process>
sum - sum of values for all processes named <process>

Examples:
=> proc_info[iexplore.exe,wkset,sum] - to get the amount of physical memory taken by all Internet Explorer processes
=> proc_info[iexplore.exe,pf,avg] - to get the average number of page faults for Internet Explorer processes

Note that on a 64-bit system, a 64-bit Zabbix agent is required for this item to work correctly.

Note: io_*, gdiobj and userobj attributes are available only on Windows 2000 and later versions of Windows, not on Windows NT 4.0.
service.discovery
List of Windows services. Used for low-level discovery. JSON object Supported since Zabbix agent version 3.0.
service.info[service,<param>]
Information about a service. Integer - with param as state, startup

String - with param as displayname, path, user

Text - with param as description

Specifically for state:
0 - running,
1 - paused,
2 - start pending,
3 - pause pending,
4 - continue pending,
5 - stop pending,
6 - stopped,
7 - unknown,
255 - no such service

Specifically for startup:
0 - automatic,
1 - automatic delayed,
2 - manual,
3 - disabled,
4 - unknown,
5 - automatic trigger start,
6 - automatic delayed trigger start,
7 - manual trigger start
service - a real service name or its display name as seen in MMC Services snap-in
param - state (default), displayname, path, user, startup or description
Examples:
=> service.info[SNMPTRAP] - state of the SNMPTRAP service
=> service.info[SNMP Trap] - state of the same service, but with display name specified
=> service.info[EventLog,startup] - startup type of the EventLog service

Items service.info[service,state] and service.info[service] will return the same information.

Note that only with param as state this item returns a value for non-existing services (255).

This item is supported since Zabbix 3.0.0. It should be used instead of the deprecated service_state[service] item.
services[<type>,<state>,<exclude>]
Listing of services. 0 - if empty

Text - list of services separated by a newline
type - all (default), automatic, manual or disabled
state - all (default), stopped, started, start_pending, stop_pending, running, continue_pending, pause_pending or paused
exclude - services to exclude from the result. Excluded services should be listed in double quotes, separated by comma, without spaces.
Examples:
=> services[,started] - list of started services
=> services[automatic, stopped] - list of stopped services, that should be run
=> services[automatic, stopped, "service1,service2,service3"] - list of stopped services, that should be run, excluding services with names service1, service2 and service3

The exclude parameter is supported since Zabbix 1.8.1.
wmi.get[<namespace>,<query>]
Execute WMI query and return the first selected object. Integer, float, string or text (depending on the request) namespace - WMI namespace
query - WMI query returning a single object
WMI queries are performed with WQL.

Example:
=> wmi.get[root\cimv2,select status from Win32_DiskDrive where Name like '%PHYSICALDRIVE0%'] - returns the status of the first physical disk

This key is supported since Zabbix 2.2.0.
wmi.getall[<namespace>,<query>]
Execute WMI query and return the whole response.

Can be used for low-level discovery.
JSON object namespace - WMI namespace
query - WMI query
WMI queries are performed with WQL.

Example:
=> wmi.getall[root\cimv2,select * from Win32_DiskDrive where Name like '%PHYSICALDRIVE%'] - returns status information of physical disks

JSONPath preprocessing can be used to point to more specific values in the returned JSON.

This key is supported since Zabbix 4.4.0.
vm.vmemory.size[<type>]
Virtual memory size in bytes or in percentage from total. Integer - for bytes

Float - for percentage
type - possible values:
available (available virtual memory), pavailable (available virtual memory, in percent), pused (used virtual memory, in percent), total (total virtual memory, default), used (used virtual memory)
Example:
=> vm.vmemory.size[pavailable] → available virtual memory, in percentage

Monitoring of virtual memory statistics is based on:
* Total virtual memory on Windows (total physical + page file size);
* The maximum amount of memory Zabbix agent can commit;
* The current committed memory limit for the system or Zabbix agent, whichever is smaller.

This key is supported since Zabbix 3.0.7 and 3.2.3.

Windows サービスの監視

このチュートリアルでは、Windows サービスの監視を設定するためのステップバイステップの手順を説明します。 Zabbix server と agent が設定され、動作していることを前提としています。

Step 1

サービス名を取得します。

この名前は、MMCサービススナップインを開き、サービスのプロパティを表示することで取得できます。
General タブに 'Service name' というフィールドがあります。
この後の値は、監視のための項目を設定する際に使用する名前です。

例えば、"workstation" サービスを監視する場合、次のようになります。
lanmanworkstation

Step 2

サービスを監視するための item の設定 [Configure an item] (/manual/config/items/item)を行います。

service.info[service,<param>]は、特定のサービスの情報を取得する item です。
必要な情報に応じて、次の値を受け付ける param オプションを指定します:
displaynamestatepathuserstartup または description
service.info[service] の paramが指定されない場合、デフォルト値はstateです。

戻り値のタイプは選択された param に依存します:
statestartup の場合は整数値、displayname, path, user は文字列、description はテキスト。
説明(description)には文字列を指定します。


  • Key: service.info[lanmanworkstation]
  • Type of information:Numeric (符号なし)
  • Show value: Windows service state 値のマッピングを選択します。

Windows service stateWindows service startup type の2つのバリューマップがあり、
フロントエンドで数値からテキスト表現にマッピングすることができます。

Windowsサービスの検出

Low-level discoveryは、コンピュータ上のさまざまなエンティティに対して、
item 、trigger 、およびグラフを自動的に作成する方法を提供します。
Zabbix は自動的にマシンの Windows サービスの監視を開始します。
サービス名を正確に把握したり、各サービス用の item を手動で作成する必要はありません。

フィルタを使用することで、監視したいサービスのみに対して実際の item、trigger 、グラフを生成することができます。