Ad Widget

**zabbix_woc** · 12-02-2020, 14:07

Notes on the template would seem to confirm the above:

https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/os/windows_agent

All help appreciated - thanks in advance!

**Markku** · 12-02-2020, 20:22

Hi, from the screenshot above, and from the notes/instructions you linked, there already is the regexp support: just define the SERVICE.STARTUPNAME.XXX macros with the regexps as you wish, in the host level.

I think this is very flexible way of configuring those includes/excludes: the template provides some (hopefully sane) default values for the macros, and then you can define/override them at the host level as you wish.

For example, if you only want to include services containing string "Zabbix", then define the macro "{$SERVICE.STARTUPNAME.MATCHES} = Zabbix" in the host level.

Markku

**zabbix_woc** · 13-02-2020, 12:19

Thanks Markku - I think from that I am now on the right track.

want to exclude services from ALL hosts that this template applies to, so I have found what I believe to be the settings to allow this.

"Template OS Windows by Zabbix agent" has a linked template called "Template Module Windows services by Zabbix agent" - within this, on the Macros tab, I have the "{$SERVICE.NAME.NOT_MATCHES}" macro - on this, I have added the undesired services, and deleted the previously discovered services, and this seems to have worked. The undesired services are no longer being discovered.

Is this the correct approach? I also note that there is a character limit on the field of {$SERVICE.NAME.NOT_MATCHES}. Should I be doing this elsewhere?

I am very much a Linux newbie, so any guidance on this would be appreciated!

**guilly** · 13-02-2020, 16:33

I'm having similar issues although on version 4.0.17. I've attempted to do the following

Administration --> General --> Regular Expressions
- Expression type: Result is FALSE
- Expression ^(RemoteRegistry|gupdate)$
Added a new filter to Windows service discovery
- {#SERIVCE.name} macthes @name of new expression

Linked Template OS Windows to my Host

Unfortunately the services are still being discovered. I've found several sources stating this is the accepted method but maybe I'm missing something ? Does the Template OS Windows in 4.0.17 not accept regex either ? I don't recall seeing this in the documentation anywhere.

**guilly** · 13-02-2020, 21:16

Looks like I resolved the issue by cloning the default Template OS Windows and modifying the Discovery rules of the cloned template to include my custom regex. I guess the default 'Template OS Windows' template doesn't respect the regex filter.

**Markku** · 13-02-2020, 21:32

Is this the correct approach? I also note that there is a character limit on the field of {$SERVICE.NAME.NOT_MATCHES}. Should I be doing this elsewhere?

I am very much a Linux newbie, so any guidance on this would be appreciated!

That is the correct approach, and if you reach the field limit, try to optimize your string somehow to match with fewer characters.

Markku

**zabbix_woc** · 14-02-2020, 16:55

Originally posted by Markku

That is the correct approach, and if you reach the field limit, try to optimize your string somehow to match with fewer characters.

Markku

Thanks Markku,much appreciated

**Arcom** · 11-05-2020, 11:28

I've been struggling with this myself for a couple of days on our new Zabbix environment running v.4.4.7. I modified the Global RegEx Windows service names for discovery, but until I read this post, I didn't realize it wasn't being used by the template.
After checking the <host> - Macros - Inherited and host macros, I discovered it only uses the following macro's from the Template Module Windows services by Zabbix agent in regards to service discoveries:

{$SERVICE.NAME.MATCHES}
{$SERVICE.NAME.NOT_MATCHES}
{$SERVICE.STARTUPNAME.MATCHES}
{$SERVICE.STARTUPNAME.NOT_MATCHES}

So I suppose if I add the regex in the template for {$SERVICE.NAME.NOT_MATCHES}, it should work. However I then have to add the same regular expression to the Template Module Windows services by Zabbix agent active, when using active checks. So a Global regex would make more sense.

**havoc2k10** · 01-07-2020, 08:47

Is this the part that should put the windows services' reg exp to remove it from the alerts? From the box i highlighted should i add |Bits|OneSyncSvc_|TrustedInstaller. I would appreciate if can help with to filter out unwanted alerts from windows services.

**havoc2k10** · 18-07-2020, 04:58

Originally posted by zabbix_woc

Thanks Markku - I think from that I am now on the right track.

want to exclude services from ALL hosts that this template applies to, so I have found what I believe to be the settings to allow this.

"Template OS Windows by Zabbix agent" has a linked template called "Template Module Windows services by Zabbix agent" - within this, on the Macros tab, I have the "{$SERVICE.NAME.NOT_MATCHES}" macro - on this, I have added the undesired services, and deleted the previously discovered services, and this seems to have worked. The undesired services are no longer being discovered.

Is this the correct approach? I also note that there is a character limit on the field of {$SERVICE.NAME.NOT_MATCHES}. Should I be doing this elsewhere?

I am very much a Linux newbie, so any guidance on this would be appreciated!

This also didnt worked for me. I added the "TrustedInstaller" but still alerting. How do i delete discovered services? Please see image.

**Markku** · 18-07-2020, 07:49

Originally posted by havoc2k10

This also didnt worked for me. I added the "TrustedInstaller" but still alerting. How do i delete discovered services? Please see image.

If you already had them discovered, go to the Items in the affected hosts and delete the unwanted items.

Markku

**chrisme** · 14-09-2020, 10:36

Is the regular expression method for windows services deprecated?
The new 5.0 template "Template Module Windows services by Zabbix agent active" uses the macro method, the old "Template OS Windows" template uses the regular expression method.
Can i build a new 5.0 template with regular expression?

Chris

edit:
i have change the filter on the discovery rule and now it works again with regular expression.

Ad Widget

Official templates and regular expressions

Official templates and regular expressions

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment