Ad Widget

**nieuwhier** · 11-02-2009, 18:34

Wauw this would be a great feature!

**Neurotox** · 11-02-2009, 20:13

that could be usefull!

**llurch** · 16-08-2013, 05:01

Design thoughts for acknowledge-by-email and one-click acknowledge

A custom alertscript parses standard arguments to obtain the "to" and "triggerid."

Connect to the database.

Determine the Zabbix userid number:

Code:

select distinct userid from media where sendto=$to

Determine the specific eventid. We need this in order to create a specific deep link.

Code:

select max(eventid) from events where objectid=$triggerid and clock > unix_timestamp() - 60 and value = 1;

Compute a string with a small MAC (strtolower may be necessary because email addresses are not case-sensitive):

Code:

$userid . '.' . substr(preg_replace('/[^a-zA-Z0-9]+/','',strtolower(base64_encode(hash_hmac('sha256',$userid . $eventid,$secret,TRUE)))),1,8) . $eventid;

For userid 12345, eventid 7654321, this yields 12345.eezgzfpl123456.

Create a virtual host z.example.com on the same machine as the Zabbix server (could be placed on another host, with some further work).

For SMS notifications, send the URL https://z.example.com/12345.eezgzfpl123456 (43 characters, plus or minus the size of your userids, eventids, and how much of a MAC you care to keep). Subject to verification below, that web page presents a simple text field and submit button.

For email, we set the from/reply-to to [email protected]. The subject line of the user's reply becomes the acknowledgment body (this saves us the trouble of dealing with HTML/MIME).

In both cases, parse out $userid and $eventid, then validate the MAC. Check the database for $eventid and $userid. If everything checks out, insert a row into the Zabbix sessions table (random sessionid, $userid). Set a cookie for the session we just created, then POST the user-supplied data to Zabbix. Delete the session. This POST is done by server-side code; the user's browser never touches Zabbix, just the ack handler vhost. I could imagine an implementation that does give the user a cookie that logs them in to Zabbix, but I don't want to do that.

End result: One-time authentication tied to a specific userid and eventid. Someone who intercepts the alert can acknowledge that specific event, but is not actually logged on to Zabbix. No changes to Zabbix code. Minimal abuse of the Zabbix database. 8 characters of case-insensitive alphanumerics is only 41 bits of entropy, so anyone moderately serious will be able to brute-force or more likely find a collision with your $secret, but that only gives them the ability to forge acknowledgements. A more secure variation would essentially add a sessionid column to the alerts table (or equivalent auxiliary table). I don't want to do that because it seems a waste. A middle ground would add a "salt" to the users table, so that an attacker would need to intercept and crack each user separately.

**de-denker** · 02-09-2014, 13:10

Beter late then never

Hi Guys,

I put together this tool:

Repbix

https://sourceforge.net/projects/repbix/

Download Repbix for free. Communication droid for Zabbix. Welcome to Repbix. A tool to help with auditing in Zabbix.

And somewhat you are talking about.
I would appreciate any useful comments!

Ad Widget

Acknowledge an email alert via reply

Acknowledge an email alert via reply

Comment

Comment

Comment

Comment