Table of Contents
3 Windows agent 监控项的最低权限级别
概述
使用 agent 监控系统时,一种最佳实践是从安装 agent 的主机上获取指标。要使用最小权限原则,有必要确定哪些指标是从 agent 那里获得的。
本文档中的表格允许您选择最低权限,保证 Zabbix agent 的正确运行。
如果选择了其他用户才能使 agent 工作,而不是"LocalSystem",则要使 agent 作为Windows服务运行,新用户必须具有“本地策略→用户权限分配"中的"作为服务登录”权限分配”以及创建、写入和删除 Zabbix agent日志文件的权利。必须将 Active Directory 用户添加到性能监视器用户组。
基于 agent 的权限处理问题上,需要给出 "技术上可接受的最低要求 "的权限组,并且事先为监控对象提供权限。
Windows 上支持的常用 agent 监控项
| 监控项 key | 用户组 | |
|---|---|---|
| 推荐的 | 技术上可接受的最低权限组 (功能有限) | |
| agent.hostname | Guests | Guests |
| agent.ping | Guests | Guests |
| agent.variant | Guests | Guests |
| agent.version | Guests | Guests |
| log | Administrators | Guests |
| log.count | Administrators | Guests |
| logrt | Administrators | Guests |
| logrt.count | Administrators | Guests |
| net.dns | Guests | Guests |
| net.dns.perf | Guests | Guests |
| net.dns.record | Guests | Guests |
| net.if.discovery | Guests | Guests |
| net.if.in | Guests | Guests |
| net.if.out | Guests | Guests |
| net.if.total | Guests | Guests |
| net.tcp.listen | Guests | Guests |
| net.tcp.port | Guests | Guests |
| net.tcp.service | Guests | Guests |
| net.tcp.service.perf | Guests | Guests |
| net.udp.service | Guests | Guests |
| net.udp.service.perf | Guests | Guests |
| proc.num | Administrators | Guests |
| system.cpu.discovery | Performance Monitor Users | Performance Monitor Users |
| system.cpu.load | Performance Monitor Users | Performance Monitor Users |
| system.cpu.num | Guests | Guests |
| system.cpu.util | Performance Monitor Users | Performance Monitor Users |
| system.hostname | Guests | Guests |
| system.localtime | Guests | Guests |
| system.run | Administrators | Guests |
| system.sw.arch | Guests | Guests |
| system.swap.size | Guests | Guests |
| system.uname | Guests | Guests |
| system.uptime | Performance Monitor Users | Performance Monitor Users |
| vfs.dir.count | Administrators | Guests |
| vfs.dir.get | Administrators | Guests |
| vfs.dir.size | Administrators | Guests |
| vfs.file.cksum | Administrators | Guests |
| vfs.file.contents | Administrators | Guests |
| vfs.file.exists | Administrators | Guests |
| vfs.file.md5sum | Administrators | Guests |
| vfs.file.regexp | Administrators | Guests |
| vfs.file.regmatch | Administrators | Guests |
| vfs.file.size | Administrators | Guests |
| vfs.file.time | Administrators | Guests |
| vfs.fs.discovery | Administrators | Guests |
| vfs.fs.size | Administrators | Guests |
| vm.memory.size | Guests | Guests |
| web.page.get | Guests | Guests |
| web.page.perf | Guests | Guests |
| web.page.regexp | Guests | Guests |
| zabbix.stats | Guests | Guests |
Windows特定的监控项键
| 监控项 key | 用户组 | |
|---|---|---|
| 推荐的 | 技术上可接受的最低权限组 (功能有限) | |
| eventlog | Event Log Readers | Guests |
| net.if.list | Guests | Guests |
| perf_counter | Performance Monitor Users | Performance Monitor Users |
| proc_info | Administrators | Guests |
| service.discovery | Guests | Guests |
| service.info | Guests | Guests |
| services | Guests | Guests |
| wmi.get | Administrators | Guests |
| vm.vmemory.size | Guests | Guests |