Documentation
2 Zabbix プロキシ
概要
このセクションでは、Zabbixプロキシ設定ファイル(zabbix_proxy.conf)でサポートされているパラメータの一覧を提示します。
注意点:
- デフォルト値は、出荷時設定ファイルの値ではなく、プロセスのデフォルト値です。
- ZabbixはBOMなしのUTF-8エンコーディングでのみ構成ファイルをサポートします。
- 行の先頭が"#"で始まった場合のみコメントとして認識されます。
Parameter details
AllowRoot
Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy will try to switch to the 'zabbix' user instead. Has no effect if started under a regular user.
Default: 0 | Values: 0 - do not allow; 1 - allow
AllowUnsupportedDBVersions
Allow the proxy to work with unsupported database versions.
Default: 0 | Values: 0 - do not allow; 1 - allow
CacheSize
The size of the configuration cache, in bytes. The shared memory size for storing host and item data.
Default: 32M | Range: 128K-64G
ConfigFrequency
This parameter is deprecated (use ProxyConfigFrequency instead).
How often the proxy retrieves configuration data from Zabbix server in seconds.
Active proxy parameter. Ignored for passive proxies (see ProxyMode parameter).
Default: 3600 | Range: 1-604800
DataSenderFrequency
The proxy will send collected data to the server every N seconds. Note that an active proxy will still poll Zabbix server every second for remote command tasks.
Active proxy parameter. Ignored for passive proxies (see ProxyMode parameter).
Default: 1 | Range: 1-3600
DBHost
The database host name.
With MySQL localhost or empty string results in using a socket. With PostgreSQL only empty string results in attempt to use socket. With Oracle empty string results in using the Net Service Name connection method; in this case consider using the TNS_ADMIN environment variable to specify the directory of the tnsnames.ora file.
Default: localhost
DBName
The database name or path to the database file for SQLite3 (the multi-process architecture of Zabbix does not allow to use in-memory database, e.g. :memory:, file::memory:?cache=shared or file:memdb1?mode=memory&cache=shared).
Warning: Do not attempt to use the same database the Zabbix server is using.
With Oracle, if the Net Service Name connection method is used, specify the service name from tnsnames.ora or set to empty string; set the TWO_TASK environment variable if DBName is set to empty string.
Mandatory: Yes
DBPassword
The database password. Comment this line if no password is used. Ignored for SQLite.
DBPort
The database port when not using local socket. Ignored for SQLite.
With Oracle, if the Net Service Name connection method is used, this parameter will be ignored; the port number from the tnsnames.ora file will be used instead.
Range: 1024-65535
DBSchema
The database schema name. Used for PostgreSQL.
DBSocket
The path to the MySQL socket file.
The database port when not using local socket. Ignored for SQLite.
Default: 3306
DBUser
The database user. Ignored for SQLite.
DBTLSConnect
Setting this option enforces to use TLS connection to the database:
required - connect using TLS
verify_ca - connect using TLS and verify certificate
verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost matches its certificate
On MySQL starting from 5.7.11 and PostgreSQL the following values are supported: "required", "verify", "verify_full".
On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
By default not set to any option and the behavior depends on database configuration.
DBTLSCAFile
The full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
Mandatory: no (yes, if DBTLSConnect set to verify_ca or verify_full)
DBTLSCertFile
The full pathname of a file containing the Zabbix proxy certificate for authenticating to database.
DBTLSKeyFile
The full pathname of a file containing the private key for authenticating to the database.
DBTLSCipher
The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLS v1.2. Supported only for MySQL.
DBTLSCipher13
The list of encryption ciphersuites that Zabbix proxy permits for the TLS v1.3 protocol. Supported only for MySQL, starting from version 8.0.16.
DebugLevel
Specify the debug level:
0 - basic information about starting and stopping of Zabbix processes
1 - critical information;
2 - error information;
3 - warnings;
4 - for debugging (produces lots of information);
5 - extended debugging (produces even more information).
Default: 3 | Range: 0-5
EnableRemoteCommands
Whether remote commands from Zabbix server are allowed.
0 - not allowed
1 - allowed
Default: 0
ExternalScripts
The location of external scripts (depends on the datadir compile-time installation variable).
Default: /usr/local/share/zabbix/externalscripts
Fping6Location
The location of fping6. Make sure that the fping6 binary has root ownership and the SUID flag set. Make empty ("Fping6Location=") if your fping utility is capable to process IPv6 addresses.
Default: /usr/sbin/fping6
FpingLocation
The location of fping. Make sure that the fping binary has root ownership and the SUID flag set.
Default: /usr/sbin/fping
HistoryCacheSize
The size of the history cache, in bytes. The shared memory size for storing history data.
Default: 16M | Range: 128K-2G
HistoryIndexCacheSize
The size of the history index cache, in bytes. The shared memory size for indexing the history data stored in history cache. The index cache size needs roughly 100 bytes to cache one item.
Default: 4M | Range: 128K-2G
Hostname
A unique, case sensitive proxy name. Make sure the proxy name is known to the server.
Allowed characters: alphanumeric, '.', ' ', '_' and '-'.
Maximum length: 128
Default: Set by HostnameItem
HostnameItem
The item used for setting Hostname if it is undefined (this will be run on the proxy similarly as on an agent). Ignored if Hostname is set.m
Does not support UserParameters, performance counters or aliases, but does support system.run[].
Default: system.hostname
HousekeepingFrequency
How often Zabbix will perform housekeeping procedure (in hours). Housekeeping is removing outdated information from the database.
Note: To prevent housekeeper from being overloaded (for example, when configuration parameters ProxyLocalBuffer or ProxyOfflineBuffer are greatly reduced), no more than 4 times HousekeepingFrequency hours of outdated information are deleted in one housekeeping cycle. Thus, if HousekeepingFrequency is 1, no more than 4 hours of outdated information (starting from the oldest entry) will be deleted per cycle.
Note: To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start. Thus, if HousekeepingFrequency is 1, the very first housekeeping procedure after proxy start will run after 30 minutes, and will repeat every hour thereafter.
Since Zabbix 3.0.0 it is possible to disable automatic housekeeping by setting HousekeepingFrequency to 0. In this case the housekeeping procedure can only be started by housekeeper_execute runtime control option and the period of outdated information deleted in one housekeeping cycle is 4 times the period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
Default: 1 | Range: 0-24
Include
You may include individual files or all files in a directory in the configuration file.
To only include relevant files in the specified directory, the asterisk wildcard character is supported for pattern matching.
See special notes about limitations.
Example:
JavaGateway
The IP address (or hostname) of Zabbix Java gateway. Only required if Java pollers are started.
JavaGatewayPort
The port that Zabbix Java gateway listens on.
Default: 10052 | Range: 1024-32767
ListenBacklog
The maximum number of pending connections in the TCP queue.
The default value is a hard-coded constant, which depends on the system.
The maximum supported value depends on the system, too high values may be silently truncated to the 'implementation-specified maximum'.
Default: SOMAXCONN | Range: 0 - INT_MAX
ListenIP
A list of comma-delimited IP addresses that the trapper should listen on.
Trapper will listen on all network interfaces if this parameter is missing.
Default: 0.0.0.0
ListenPort
The listen port for trapper.
Default: 10051 | Range: 1024-32767
LoadModule
The module to load at proxy startup. Modules are used to extend the functionality of the proxy. The module must be located in the directory specified by LoadModulePath or the path must precede the module name. If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
Formats:
LoadModule=<module.so>
LoadModule=<path/module.so>
LoadModule=</abs_path/module.so>
It is allowed to include multiple LoadModule parameters.
LoadModulePath
Full path to the location of proxy modules. The default depends on compilation options.
LogFile
Name of the log file.
Mandatory: Yes, if LogType is set to file; otherwise no
LogFileSize
The maximum size of a log file in MB.
0 - disable automatic log rotation.
Note: If the log file size limit is reached and file rotation fails, for whatever reason, the existing log file is truncated and started anew.
Default: 1 | Range: 0-1024
LogRemoteCommands
Enable logging of executed shell commands as warnings.
Default: 0 | Values: 0 - disabled, 1 - enabled
LogType
Type of the log output:
file - write log to the file specified by LogFile parameter;
system - write log to syslog;
console - write log to standard output.
Default: file
LogSlowQueries
How long a database query may take before being logged (in milliseconds).
0 - don't log slow queries.
This option becomes enabled starting with DebugLevel=3.
Default: 0 | Range: 0-3600000
MaxConcurrentChecksPerPoller
The maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller.
Default: 1000
Range: 1-1000
PidFile
Name of the PID file.
Default: /tmp/zabbix\_proxy.pid
ProxyBufferMode
Specifies history, discovery and autoregistration data storage mechanism: disk - data are stored in database and uploaded from database; memory - data are stored in memory and uploaded from memory. If buffer runs out of memory the old data will be discarded. On shutdown the buffer is discarded. hybrid - the proxy buffer normally works like in the memory mode until it runs out of memory or the oldest record exceeds the configured age. If that happens the buffer is flushed to database and it works like in disk mode until all data have been uploaded and it starts working with memory again. On shutdown the memory buffer is flushed to database.
See also: Proxy memory buffer.
Default: disk
Values: disk; memory; hybrid
ProxyConfigFrequency
How often the proxy retrieves configuration data from Zabbix server in seconds.
Active proxy parameter. Ignored for passive proxies (see ProxyMode parameter).
Default: 10 | Range: 1-604800
ProxyLocalBuffer
The proxy will keep data locally for N hours, even if the data have already been synced with the server.
This parameter may be used if local data will be used by third-party applications.
Default: 0 | Range: 0-720
ProxyMemoryBufferAge
The maximum age of data in proxy memory buffer, in seconds. When enabled (not zero) and records in proxy memory buffer are older, then it forces proxy buffer to switch to database mode until all records are uploaded to server. This parameter must be less or equal to ProxyOfflineBuffer parameter.
Default: 0
Range: 0,600-864000
ProxyMemoryBufferSize
The size of shared memory cache for collected history, discovery and autoregistration data, in bytes. If enabled (not zero) proxy will keep history discovery and autoregistration data in memory unless cache is full or stored records are older than defined ProxyMemoryBufferAge. This parameter cannot be used together with ProxyLocalBuffer parameter.
Default: 0
Range: 0,128K-2G4
ProxyMode
The proxy operating mode.
0 - proxy in the active mode
1 - proxy in the passive mode
Note that (sensitive) proxy configuration data may become available to parties having access to the Zabbix server trapper port when using an active proxy. This is possible because anyone may pretend to be an active proxy and request configuration data; authentication does not take place.
Default: 0 | Range: 0-1
ProxyOfflineBuffer
The proxy will keep data for N hours in case of no connectivity with Zabbix server.
Older data will be lost.
Default: 1 | Range: 1-720
Server
If ProxyMode is set to active mode:
Zabbix server IP address or DNS name (address:port) or cluster (address:port;address2:port) to get configuration data from and send data to.
If port is not specified, the default port is used.
Cluster nodes must be separated by a semicolon.
If ProxyMode is set to passive mode:
List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server. Incoming connections will be accepted only from the addresses listed here. If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
'::/0' will allow any IPv4 or IPv6 address. '0.0.0.0/0' can be used to allow any IPv4 address.
Example:
Mandatory: yes
SNMPTrapperFile
A temporary file used for passing data from the SNMP trap daemon to the proxy.
Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
Default: /tmp/zabbix\_traps.tmp
SocketDir
The directory to store IPC sockets used by internal Zabbix services.
Default: /tmp
SourceIP
The source IP address for:
- outgoing connections to Zabbix server;
- agentless connections (VMware, SSH, JMX, SNMP, Telnet and simple checks);
- HTTP agent connections;
- script item JavaScript HTTP requests;
- preprocessing JavaScript HTTP requests;
- connections to the Vault
SSHKeyLocation
The location of public and private keys for SSH checks and actions.
SSLCertLocation
The location of SSL client certificate files for client authentication.
This parameter is used in web monitoring only.
SSLKeyLocation
The location of SSL private key files for client authentication.
This parameter is used in web monitoring only.
SSLCALocation
The location of certificate authority (CA) files for SSL server certificate verification.
Note that the value of this parameter will be set as the CURLOPT_CAPATH libcurl option. For libcurl versions before 7.42.0, this only has effect if libcurl was compiled to use OpenSSL. For more information see the cURL web page.
This parameter is used in web monitoring and in SMTP authentication.
StartAgentPollers
The number of pre-forked instances of Zabbix agent pollers. See MaxConcurrentChecksPerPoller.
Default: 1
Range: 0-1000
StartBrowserPollers
The number of pre-forked instances of browser item pollers.
Default: 1
Range: 0-1000
StartDBSyncers
The number of pre-forked instances of history syncers.
Note: Be careful when changing this value, increasing it may do more harm than good.
Default: 4 | Range: 1-100
StartDiscoverers
The number of pre-forked instances of discoverers.
Default: 1 | Range: 0-250
StartHTTPAgentPollers
The number of pre-forked instances of HTTP agent pollers. See MaxConcurrentChecksPerPoller.
Default: 1
Range: 0-1000
StartHTTPPollers
The number of pre-forked instances of HTTP pollers.
Default: 1 | Range: 0-1000
StartIPMIPollers
The number of pre-forked instances of IPMI pollers.
Default: 0 | Range: 0-1000
StartJavaPollers
The number of pre-forked instances of Java pollers.
Default: 0 | Range: 0-1000
StartODBCPollers
The number of pre-forked instances of ODBC pollers.
Default: 1 | Range: 0-1000
StartPingers
The number of pre-forked instances of ICMP pingers.
Default: 1 | Range: 0-1000
StartPollersUnreachable
The number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java). At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers are started.
Default: 1 | Range: 0-1000
StartPollers
The number of pre-forked instances of pollers.
Default: 5 | Range: 0-1000
StartPreprocessors
The number of pre-forked instances of preprocessing workers.
The preprocessing manager process is automatically started when a preprocessor worker is started.
Default: 3 | Range: 1-1000
StartSNMPPollers
The number of pre-forked instances of SNMP pollers. See MaxConcurrentChecksPerPoller.
Default: 1
Range: 0-1000
StartSNMPTrapper
If set to 1, an SNMP trapper process will be started.
Default: 0 | Range: 0-1
StartTrappers
The number of pre-forked instances of trappers.
Trappers accept incoming connections from Zabbix sender and active agents.
Default: 5 | Range: 0-1000
StartVMwareCollectors
The number of pre-forked VMware collector instances.
Default: 0 | Range: 0-250
StatsAllowedIP
A list of comma-delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances. The stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests will be accepted.
If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally and '::/0' will allow any IPv4 or IPv6 address. '0.0.0.0/0' can be used to allow any IPv4 address.
Example:
Timeout
Specifies how long we wait for agent, SNMP device or external check in seconds.
Default: 3 | Range: 1-30
TLSAccept
What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy. Multiple values can be specified, separated by comma:
unencrypted - accept connections without encryption (default)
psk - accept connections with TLS and a pre-shared key (PSK)
cert - accept connections with TLS and a certificate
Mandatory: yes for passive proxy, if TLS certificate or PSK parameters are defined (even for unencrypted connection); otherwise no
TLSCAFile
Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification, used for encrypted communications between Zabbix components.
TLSCertFile
Full pathname of a file containing the proxy certificate or certificate chain, used for encrypted communications between Zabbix components.
TLSCipherAll
GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
Example:
TLSCipherAll13
Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
Example for GnuTLS:
NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL::+SIGN-ALL:+CTYPE-X.509Example for OpenSSL:
TLSCipherCert
GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for certificate-based encryption.
Example for GnuTLS:
NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509Example for OpenSSL:
TLSCipherCert13
Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for certificate-based encryption.
TLSCipherPSK
GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for PSK-based encryption.
Example for GnuTLS:
NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALLExample for OpenSSL:
TLSCipherPSK13
Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for PSK-based encryption.
Example:
TLSConnect
How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy. Only one value can be specified:
unencrypted - connect without encryption (default)
psk - connect using TLS and a pre-shared key (PSK)
cert - connect using TLS and a certificate
Mandatory: yes for active proxy, if TLS certificate or PSK parameters are defined (even for unencrypted connection); otherwise no
TLSCRLFile
The full pathname of a file containing revoked certificates. This parameter is used for encrypted communications between Zabbix components.
TLSKeyFile
The full pathname of a file containing the proxy private key, used for encrypted communications between Zabbix components.
TLSPSKFile
The full pathname of a file containing the proxy pre-shared key, used for encrypted communications with Zabbix server.
TLSPSKIdentity
The pre-shared key identity string, used for encrypted communications with Zabbix server.
TLSServerCertIssuer
The allowed server certificate issuer.
TLSServerCertSubject
The allowed server certificate subject.
TmpDir
Temporary directory.
Default: /tmp
TrapperTimeout
Specifies how many seconds the trapper may spend processing new data.
Default: 300 | Range: 1-300
UnavailableDelay
Determines how often host is checked for availability during the unavailability period in seconds.
Default: 60 | Range: 1-3600
UnreachableDelay
Determines how often host is checked for availability during the unreachability period in seconds.
Default: 15 | Range: 1-3600
UnreachablePeriod
After how many seconds of unreachability treat a host as unavailable.
Default: 45 | Range: 1-3600
User
Drop privileges to a specific, existing user on the system.
Only has effect if run as 'root' and AllowRoot is disabled.
Default: zabbix
Vault
Specifies the vault provider:
HashiCorp - HashiCorp KV Secrets Engine version 2
CyberArk - CyberArk Central Credential Provider
Must match the vault provider set in the frontend.
Default: HashiCorp
VaultDBPath
Specifies a location, from where database credentials should be retrieved by keys. Depending on the vault, can be vault path or query.
The keys used for HashiCorp are 'password' and 'username'.
Example:
The keys used for CyberArk are 'Content' and 'UserName'.
Example:
This option can only be used if DBUser and DBPassword are not specified.
VaultPrefix
A custom prefix for the vault path or query, depending on the vault; if not specified, the most suitable defaults will be used.
VaultTLSCertFile
Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
If the certificate file contains also the private key, leave the SSL key file field empty.
The directory containing this file is specified by the SSLCertLocation configuration parameter.
This option can be omitted, but is recommended for CyberArkCCP vault.
VaultTLSKeyFile
Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
The directory containing this file is specified by the SSLKeyLocation configuration parameter.
This option can be omitted, but is recommended for CyberArkCCP vault.
VaultToken
HashiCorp Vault authentication token that should have been generated exclusively for Zabbix proxy with read-only permission to the path specified in the optional VaultDBPath configuration parameter.
It is an error if VaultToken and the VAULT_TOKEN environment variable are defined at the same time.
Mandatory: Yes, if Vault is set to HashiCorp; otherwise no
VaultURL
Vault server HTTP[S] URL. The system-wide CA certificates directory will be used if SSLCALocation is not specified.
Default: https://127.0.0.1:8200
VMwareCacheSize
Shared memory size for storing VMware data.
A VMware internal check zabbix[vmware,buffer,...] can be used to monitor the VMware cache usage (see Internal checks).
Note that shared memory is not allocated if there are no vmware collector instances configured to start.
Default: 8M | Range: 256K-2G
VMwareFrequency
Delay in seconds between data gathering from a single VMware service.
This delay should be set to the least update interval of any VMware monitoring item.
Default: 60 | Range: 10-86400
VMwarePerfFrequency
Delay in seconds between performance counter statistics retrieval from a single VMware service.
This delay should be set to the least update interval of any VMware monitoring item that uses VMware performance counters.
Default: 60 | Range: 10-86400
VMwareTimeout
The maximum number of seconds a vmware collector will wait for a response from VMware service (vCenter or ESX hypervisor).
Default: 10 | Range: 1-300
WebDriverURL
WebDriver interface HTTP[S] URL.
Example (used with Selenium WebDriver standalone server):
Footnotes
1 DBSocket and DBPort are mutually exclusive in server configuration. Specify only one, or leave both undefined.