Ad Widget

Collapse

ICMP Ping false alarms

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • drabbit17
    Junior Member
    • Jan 2019
    • 1
    #1

    ICMP Ping false alarms

    Hi everyone. I'm new inzabbix so I was wondering if you all can help me with something.

    The company I work for uses zabbix as the monitoring system to check on all of our customers connections. Im getting involved more in the project and Im currently learning and playing around with my own zabbix to get the one at work to work better.

    One thing that Im seeing with the one at work is that we get false alarms with the ICMP Ping template we have. Zabbix reports as a "Disaster" the connection but if I grab the IP and ping it from the CMD I get replays back. Sometimes it takes zabbix more than 5 minutes to figure out that the IP is reachable and then the alarm recovers.

    So right now the set up is like this:

    There is a trigger called "ICMP ping" with an update interval of 30s. The "Disaster" trigger has the expression {Template PING:icmpping.max(150)}=0

    Anyone knows why is zabbix showing the connection unreachable when it is reachable and how to fix it.

    Thanks for the help.
    Tags: None
    • tim.mooney
      Senior Member
      • Dec 2012
      • 1427
      #2
      There could be a few things that cause this, but with some investigation it should be possible to figure out why it's happening and what the best fix is.

      One note: when you say 'There is a trigger called "ICMP Ping" with an update interval of 30s', I think you probably mean that there is an item with an update interval of 30 seconds. The data about ping (the item) gets collected and recorded every 30 seconds. Evaluating the thresholds you've set (i.e, the triggers) is separate from collecting and recording the data.

      Also, when you say "ping it from the CMD", do you mean that you're pinging the IP from perhaps your workstation? If so, that's not the same test, because your workstation and your zabbix server likely don't traverse the same network topology to get to the device. It's very much possible that you can ping the device but the zabbix server cannot. Again, that can happen for a few reasons, but one possibility is intermittent issues with one of the network devices that is in the network topology between your Zabbix server and the device.

      The first thing I would probably do is view Monitoring->Latest data in your web interface and select the host and icmping item that's frequently alerting. Find a place where an alert happened (remember that you can select/drag a section of a graph to "zoom in" on that section) and then switch the "View as:" from Graph to Value, so you see the actual values that were returned as part of each check for the item. That should show whether Zabbix recorded a bunch of 0 values for that item in a row. If it did, then the ping from the zabbix server to the device was indeed failing.

      If you can follow up with info on what you're seeing for the collected values during one of the problem periods, that may help determine what the next diagnostic step should be.

      If I were you, I would also be figuring out how many network devices are "between" your Zabbix server and the device that is frequently alerting, and determine if those devices are all being monitored. I would also be looking at the trigger for your ICMP Ping to see if the trigger has any dependencies.

      Finally, are there any errors related to icmping or 'fping' in your zabbix_server.log file? Those would potentially be relevant to this problem too.

        Comment

        Previous template Next
        Working...