Ad Widget

Collapse

Excluding Windows-Services from Autodiscover

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • zabefs
    Junior Member
    • Mar 2020
    • 4
    #1

    Excluding Windows-Services from Autodiscover

    Hey everyone

    Newbie here. I installed Zabbix successfully but i have a problem. Yeah i know there are a lot of topics with the same problem and i tried all solutions but none of them is working.

    All my servers are monitored by Zabbix and also the Windows-Services but i do not want to monitor all services. I tried to fix it with the general expressions in different ways but the alarms keep popping up.
    I also deleted the hosts, restarted Zabbix, reinstalled the Agent but nothing works for me.

    I tried:
    We’ll be back soon!
    https://www.zabbix.com/forum/zabbix-help/372904-excluding-certain-windows-services

    We’ll be back soon!
    https://www.zabbix.com/forum/zabbix-help/49841-discover-windows-services-with-exclusions

    We’ll be back soon!
    https://www.zabbix.com/forum/zabbix-help/357698-turn-off-alerting-for-specific-services


    How do i configured Zabbix?
    Just installed the agent on the Windows-Servers and added the "Host Metadata=WindowsServer" for the Autoregistration
    Click image for larger version Name: zabbix_autoconfig.png Views: 12405 Size: 69.9 KB ID: 396758

    Here is a screenshot from the Regular expressions:

    Click image for larger version Name: zabbix_regularexpr.png Views: 13744 Size: 10.4 KB ID: 396759

    Can you help me? Am i blind or just stupid?
    Tags: None
    • Atsushi
      Senior Member
      • Aug 2013
      • 2028
      #2
      Changed the regular expression and waited more than an hour?
      If the template you are using is "Template OS Windows" provided as a standard, the discovery process (Windows service discovery) in that template will be executed at hourly intervals by default. In other words, the monitoring items and triggers of each service set in the discovery process will not be reset until one hour has elapsed.

      If it doesn't improve after more than one hour, the regular expression specification may be incorrect. Tell me in detail how you have set the services and regular expressions you want to exclude from monitoring.

        Comment

        • zabefs
          Junior Member
          • Mar 2020
          • 4
          #3
          I waited more than one hour. After a day i have still new incoming alarms.
          I am using the "Template OS Windows" but i do also deleted the hosts and let dem autodiscover again after i changed the regular expressions.

          Detailed way how i have changed the regular expressions:
          Looked for the "problems" like 'Service "sppsvc" (Software Protection) is not running (startup type automatic delayed)" or "Service "MapsBroker" (Downloaded Maps Manager) is not running (startup type automatic delayed)" in the "Monitoring - Problems Section".

          After that i went to Administration, General, Regular expressions and edited the "Windows service names for discovery". I used the default Expression type which is pre-configurated.
          Code:
           [TABLE]
[TR]
[TD]^(MMCSS|gupdate|SysmonLog|clr_optimization_v2.0.50727_32|clr_optimization_v4.0.30319_32)$[/TD]
 		[/TR]
[/TABLE]
          I just added every service i want to exklude within two "|servicename|" like this:
          Code:
          ^(MMCSS|TrustedInstaller|BITS|GISvc|gupdate|MapsBroker|WbioSrvc|sppsvc|RemoteRegistry|wuauserv|gupdate|SysmonLog|clr_optimization_v2.0.50727_32|clr_optimization_v4.0.30319_32)$
          Expressoin type is: Result is FALSE; Case sensitive is checked

          When i test the expression with the service "sppsvc" i get the result FALSE as you can see in the screenshot below.
          Click image for larger version Name: zabbix_regularexprtest.png Views: 11700 Size: 39.7 KB ID: 396800

          Thats all i have done (i also tried to add a new expression like in the posted links from my first post)

            Comment

            • scstechZ
              Junior Member
              • Sep 2020
              • 2
              #4
              I realize that this is a few months old, but I thought that this might help.
              As zabefs indicated, you can change the regular expression for service discovery (Administration - General - regular expressions - service names for discovery).
              While you can add the specific service names for all of the "clr_optimization_xxxxxx" available, it is easier to add a second "False" expression:

              Add - Type: Result is False, Expression: ^clr_optimization, check the case sensitive box. This will handle all of the past and future iterations of clr_optimization services (as well as the 32 and 64 bit versions).

              For completeness, I have included my service name rule as well:
              Code:
              ^(MMCSS|gupdate|SysmonLog|VeeamVssSupport|TrustedInstaller|BITS|sppsvc|ShellHWDetection|Remote Access Service|RemoteRegistry)$
              Hope this helps someone.

                Comment

                • Wolvverine
                  Junior Member
                  • Sep 2019
                  • 6
                  #5
                  Look here:
                  https://www.zabbix.com/forum/zabbix-...overy-zabbix-5

                    Comment

                    Previous template Next
                    Working...