You know how to make items and triggers to monitor things. But what if you want to monitor a number of similar things on the same host? Or multiple hosts?
You can use Zabbix low-level discovery to generate monitoring items, IF there is a way to return a JSON object with names and values for the items to monitor. Zabbix has a number of built-in methods for discovering items such as SNMP, file systems etc. But Zabbix currently doesn't have any way that I know of to just give it a list of things to monitor. So I made a script called "discover_items" which can do that. You place this script (attached with .txt extension, rename to no extension) in your externalscripts directory and make it executable.
Then make a discovery rule to generate items. You can then use {#ITEM_NAME}, {#ITEM_INDEX}, {#ITEM_VALUE0} etc. in item prototypes as you would with any Zabbix LLD items.
discovery item: discover_items[a#60,b#1440]
will return JSON object:
{
"data":[
{
"{#ITEM_NAME}":"a",
"{#ITEM_VALUE0}":"60",
"{#ITEM_INDEX}":"0"
}
,
{
"{#ITEM_NAME}":"b",
"{#ITEM_VALUE0}":"1440",
"{#ITEM_INDEX}":"1"
}
]
}
Now, you can use this in a template. Suppose you want to monitor a number of directories on a number of Windows servers, to make sure that files are being create / modified, and you want to alert if file modification stops.
You make a user macro {$RECENT_FILE_SPECS} for each host, with a list of filespecs to watch, and number of minutes to look back for each ('\' needs to be triple-escaped to get through to powershell):
example {$RECENT_FILE_SPECS}:
C:\\\\Reports\\\\Blue\\\\*#1440,C:\\\\Reports\\\\O range\\\\*#120,C:\\\\Reports\\\\Purple\\\\*#60
You then create a template with a discovery item "Recent File Specs" of type "External Check":
discover_items[{$RECENT_FILE_SPECS}]
Then you create an item prototype "Recent files {#ITEM_NAME}" of type "Zabbix agent (active)", data type "Decimal":
system.run["powershell \"@(Get-ChildItem {#ITEM_NAME} | Where-Object { $_.LastWriteTime -gt (Get-Date).AddMinutes(-{#ITEM_VALUE0})}).count\"",wait]
This item uses powershell to return the count of files which match the filespec and were written within {#ITEM_VALUE0} minutes. If no files were written within that period, we want to alert.
Create a trigger prototype "{HOST.NAME}: No recent files matching {#ITEM_NAME}":
{Template_Recent_Files_Windows:system.run["powershell \"@(Get-ChildItem {#ITEM_NAME} | Where-Object { $_.LastWriteTime -gt (Get-Date).AddMinutes(-{#ITEM_VALUE0})}).count\"",wait].last()}=0
Now we can apply this template to any host, and create a user macro {$RECENT_FILE_SPECS} on each host with a list of file directories / file specs to monitor.
This technique can be used in a wide variety of situations where we know the list of things we want to monitor, but we can't discover the list with the usual LLD methods.
You can use Zabbix low-level discovery to generate monitoring items, IF there is a way to return a JSON object with names and values for the items to monitor. Zabbix has a number of built-in methods for discovering items such as SNMP, file systems etc. But Zabbix currently doesn't have any way that I know of to just give it a list of things to monitor. So I made a script called "discover_items" which can do that. You place this script (attached with .txt extension, rename to no extension) in your externalscripts directory and make it executable.
Then make a discovery rule to generate items. You can then use {#ITEM_NAME}, {#ITEM_INDEX}, {#ITEM_VALUE0} etc. in item prototypes as you would with any Zabbix LLD items.
discovery item: discover_items[a#60,b#1440]
will return JSON object:
{
"data":[
{
"{#ITEM_NAME}":"a",
"{#ITEM_VALUE0}":"60",
"{#ITEM_INDEX}":"0"
}
,
{
"{#ITEM_NAME}":"b",
"{#ITEM_VALUE0}":"1440",
"{#ITEM_INDEX}":"1"
}
]
}
Now, you can use this in a template. Suppose you want to monitor a number of directories on a number of Windows servers, to make sure that files are being create / modified, and you want to alert if file modification stops.
You make a user macro {$RECENT_FILE_SPECS} for each host, with a list of filespecs to watch, and number of minutes to look back for each ('\' needs to be triple-escaped to get through to powershell):
example {$RECENT_FILE_SPECS}:
C:\\\\Reports\\\\Blue\\\\*#1440,C:\\\\Reports\\\\O range\\\\*#120,C:\\\\Reports\\\\Purple\\\\*#60
You then create a template with a discovery item "Recent File Specs" of type "External Check":
discover_items[{$RECENT_FILE_SPECS}]
Then you create an item prototype "Recent files {#ITEM_NAME}" of type "Zabbix agent (active)", data type "Decimal":
system.run["powershell \"@(Get-ChildItem {#ITEM_NAME} | Where-Object { $_.LastWriteTime -gt (Get-Date).AddMinutes(-{#ITEM_VALUE0})}).count\"",wait]
This item uses powershell to return the count of files which match the filespec and were written within {#ITEM_VALUE0} minutes. If no files were written within that period, we want to alert.
Create a trigger prototype "{HOST.NAME}: No recent files matching {#ITEM_NAME}":
{Template_Recent_Files_Windows:system.run["powershell \"@(Get-ChildItem {#ITEM_NAME} | Where-Object { $_.LastWriteTime -gt (Get-Date).AddMinutes(-{#ITEM_VALUE0})}).count\"",wait].last()}=0
Now we can apply this template to any host, and create a user macro {$RECENT_FILE_SPECS} on each host with a list of file directories / file specs to monitor.
This technique can be used in a wide variety of situations where we know the list of things we want to monitor, but we can't discover the list with the usual LLD methods.
Comment