This solution is based on zabbix 2.0 api and LLD which is only available in zabbix 2.0
The template included uses active checks. Your zabbix agent must be configured for active checks otherwise the server won't receive any data..
Description
A long lost dream of many admins was to have a sort of task manager in zabbix, monitoring cpu load, memory and even bytes read/write per second, all per process. Identifying resource hogs and memory leaks without having to remote desktop to the server. All this is now possible with zabbix 2.0 and this solution.
In a real world scenario you end up with these types of graphs:
You also get monitoring for eventlog entries generated by application hangs.
Usage
Download the archive, extract the XML template, import it into the frontend and link the hosts to it.
Copy the vbs scripts to your zabbix agent folder and configure the following lines in your zabbix_agentd.conf file, replacing the path in the UserParameter with your zabbix agent installation path, restart the agent.
Download the perl scripts to you zabbix server, edit them, specifically the parameters below, and cron them (I personally user cron.hourly).
The scripts connect using $user and $password via json api (so the user needs API access, check that in the frontend) and creates the following graphs for all hosts linked to "WIN Processes" template.
For a detailed explanation of how the scripts work you can view the following post: http://www.zabbix.com/forum/showthread.php?t=26678
Gotchas
The discovery rule has the filter configured so that only processes larger than 25MB are discovered. This is because the perl scripts only support a maximum of 26 processes. If this limit is breached then the graphs will not be created. You can edit the filter to match you own needs using any of the following values OR-ed together with "|"
Processes with the same executable name are always merged into one and all values like memory, cpu and read/writes per second are summed up. For example you only get one entry for all you svchost.exe processes and they only count as one to the 26 processes limit.
All items except WIN Process memory bytes committed may return ZBX_NOTSUPPORTED on first poll.
This is because the script is designed to query values for all items of a process and save them to a file when WIN Process memory bytes committed is polled. Then when other items are polled, the script simply reads the last value from the file.
This why WIN Process memory bytes committed is polled every 600 seconds and all other items are polled every 610 seconds, so when they are polled 10 seconds later, the data is already in the file. This of course, does not work after restarting the agent because zabbix just polls _all_ items regardless of their intervals.
If you are using any other of my templates, make sure your hosts only have one active instance of the WIN Eventlog OOP item. If there is more than one, disable the extra items.
The eventlog triggers send an alert containing information on the most recent events logged. For these to show up in the alert make sure you include the following macros in the alert message:
Eventlog info: {ITEM.LASTVALUE}
If you have any issues importing this template, please upgrade to zabbix 2.0.2 (not released at the date of this post) and php 5.3 or higher.
Update 1
Locales with a floating point decimal separator other than dot (.) are now properly supported.
Update 2
I can confirm that importing templates with Discovery Rules is broken in zabbix 2.0.1 and will be fixed in zabbix 2.0.2.
A partial fix for this, until zabbix 2.0.2 is released, can be achieved by SSH to your zabbix server and making the following changes to these files:
This will fix importing Discovery rules, item prototypes and trigger prototypes. Graph prototypes importing will still be broken, as they will get imported directly into the template, not in the discovery rules.
Update 3
Added eventlog monitoring for application hangs in the template. Download and import the template again, copy the 2 new vbs scripts to the zabbix agent installation path and add the following to the conf file:
Update 4
Decreased eventlog query time to 300s.
The template included uses active checks. Your zabbix agent must be configured for active checks otherwise the server won't receive any data..
Description
A long lost dream of many admins was to have a sort of task manager in zabbix, monitoring cpu load, memory and even bytes read/write per second, all per process. Identifying resource hogs and memory leaks without having to remote desktop to the server. All this is now possible with zabbix 2.0 and this solution.
In a real world scenario you end up with these types of graphs:
You also get monitoring for eventlog entries generated by application hangs.
Usage
Download the archive, extract the XML template, import it into the frontend and link the hosts to it.
Copy the vbs scripts to your zabbix agent folder and configure the following lines in your zabbix_agentd.conf file, replacing the path in the UserParameter with your zabbix agent installation path, restart the agent.
Code:
#system discovery UserParameter = system.discovery[*],cscript "C:\Program Files\Zabbix agent\zabbix_win_system_discovery.vbs" //Nologo "$1" #process UserParameter = process[*],cscript "C:\Program Files\Zabbix agent\zabbix_win_process.vbs" //Nologo "$1" "$2" #eventlog query UserParameter = eventlog.query[*],cscript "C:\Program Files\Zabbix agent\zabbix_win_eventlog.vbs" //Nologo "$1" "$2" # allow weird chars in userparameters arguments UnsafeUserParameters=1
Code:
$user = "Admin"; ### username
$password = "zabbix"; ### password
$url = "http://127.0.0.1/api_jsonrpc.php"; ### intenal zabbix url
For a detailed explanation of how the scripts work you can view the following post: http://www.zabbix.com/forum/showthread.php?t=26678
- WIN Process "ALL" bytes/sec stack
- WIN Process "ALL" handles stack
- WIN Process "ALL" memory bytes committed stack
- WIN Process "ALL" memory bytes kernel-nonpaged stack
- WIN Process "ALL" memory bytes kernel-paged stack
- WIN Process "ALL" pages/sec fault stack
- WIN Process "ALL" processor time stack
- WIN Process "ALL" threads stack
Gotchas
The discovery rule has the filter configured so that only processes larger than 25MB are discovered. This is because the perl scripts only support a maximum of 26 processes. If this limit is breached then the graphs will not be created. You can edit the filter to match you own needs using any of the following values OR-ed together with "|"
- 10$ : processes with memory size 0-10 MB
- 25$ : processes with memory size 10-25MB
- 50$ : processes with memory size 25-50MB
- 100$ : processes with memory size 50-100MB
- 250$ : processes with memory size 100-250MB
- 500$ : processes with memory size 250-500MB
- 1000$ : processes with memory size 500-1GB
- Higher : processes with memory size > 1GB
Processes with the same executable name are always merged into one and all values like memory, cpu and read/writes per second are summed up. For example you only get one entry for all you svchost.exe processes and they only count as one to the 26 processes limit.
All items except WIN Process memory bytes committed may return ZBX_NOTSUPPORTED on first poll.
This is because the script is designed to query values for all items of a process and save them to a file when WIN Process memory bytes committed is polled. Then when other items are polled, the script simply reads the last value from the file.
This why WIN Process memory bytes committed is polled every 600 seconds and all other items are polled every 610 seconds, so when they are polled 10 seconds later, the data is already in the file. This of course, does not work after restarting the agent because zabbix just polls _all_ items regardless of their intervals.
If you are using any other of my templates, make sure your hosts only have one active instance of the WIN Eventlog OOP item. If there is more than one, disable the extra items.
The eventlog triggers send an alert containing information on the most recent events logged. For these to show up in the alert make sure you include the following macros in the alert message:
Eventlog info: {ITEM.LASTVALUE}
If you have any issues importing this template, please upgrade to zabbix 2.0.2 (not released at the date of this post) and php 5.3 or higher.
Update 1
Locales with a floating point decimal separator other than dot (.) are now properly supported.
Update 2
I can confirm that importing templates with Discovery Rules is broken in zabbix 2.0.1 and will be fixed in zabbix 2.0.2.
A partial fix for this, until zabbix 2.0.2 is released, can be achieved by SSH to your zabbix server and making the following changes to these files:
- Edit /var/www/html/include/classes/import/formatters/C20ImportFormatter.php
- Search for getDiscoveryRules function
- Modify the line:
- if (!empty[$host['discovery_rules'])) {
- with:
- if (!empty[$template['discovery_rules'])) {
This will fix importing Discovery rules, item prototypes and trigger prototypes. Graph prototypes importing will still be broken, as they will get imported directly into the template, not in the discovery rules.
Update 3
Added eventlog monitoring for application hangs in the template. Download and import the template again, copy the 2 new vbs scripts to the zabbix agent installation path and add the following to the conf file:
Code:
#eventlog query UserParameter = eventlog.query[*],cscript "C:\Program Files\Zabbix agent\zabbix_win_eventlog.vbs" //Nologo "$1" "$2"
Decreased eventlog query time to 300s.
However, I wasn't able to get it to run on my zabbix 2 server (Windows 2003 Standard Edition) :
as for my x64 system, the vbs doesn't work at all, and I can't get any process from the .pl script, any idea ? (maybe this fucking damn UAC)
Comment