Ad Widget

**andris** · 31-07-2019, 14:24

Zabbix uses TCP between server, proxy, agents. Proxies in active mode do TCP connections to Zabbix server and the server does not connect to active proxies. So, "one-way" TCP connections are supported, but UDP is not. TCP connections can be encrypted (TLS 1.2/1.3, certificates (verified on both ends) or PSK).

**Djelly** · 06-10-2022, 14:49

Originally posted by andris

Zabbix uses TCP between server, proxy, agents. Proxies in active mode do TCP connections to Zabbix server and the server does not connect to active proxies. So, "one-way" TCP connections are supported, but UDP is not. TCP connections can be encrypted (TLS 1.2/1.3, certificates (verified on both ends) or PSK).

I'm looking to get a proxy and server with a diode inbetween them to work but either I'm missing something or i don't understand the communication between the proxy and the server.
According to you the communication is one way but how will the proxy then know what he needs to check if he can't get that information from the server?

**cyber** · 10-10-2022, 08:17

Originally posted by Djelly

...but either I'm missing something or i don't understand the communication between the proxy and the server.
According to you the communication is one way but how will the proxy then know what he needs to check if he can't get that information from the server?

Proxy connects to server and asks for the list of things it has to check. Server gives it to proxy and then proxy checks those things (or forwards to agents to check) and sends collected data to server, time to time asks for updated list of things to check...
"One way" means, that connection is initiated by proxy. This does not mean, that answers are not moving back to proxy..

**Djelly** · 10-10-2022, 09:41

Thanks for the reply,

So Proxy -- datadaiode -- server won't work. Is there a way to sent all data collected from one server to another? for example a file (like an export of the current status) that I can deconstruct on another server or maybe something like using ODBC to get the ping satus of all host into a Json, sent it through and read it out by the other server.

**Markku** · 10-10-2022, 20:13

If you are not able to deal with the way the configuration vs. results are being transmitted when using Zabbix agent or proxy, you may want to look at Zabbix trapper items. Using them your monitored hosts don't need any dynamic configuration data from the Zabbix server, meaning that you can configure your monitoring client as you wish. First you obviously need to configure the proper items in Zabbix server and then also implement your own monitoring agent, or a script using zabbix-sender command, on the monitored hosts.

Zabbix server/proxy will respond to the trapper messages with a status message ("x successful, y failed"), but you can just drop that in your diode.

Markku

Ad Widget

Anyone has ideas on how to create a data diode for Zabbix

Anyone has ideas on how to create a data diode for Zabbix

Comment

Comment

Comment

Comment

Comment