Ad Widget

**NilsA** · 26-10-2020, 16:11

How exactly is your Zabbix server set up?
Did you configure anything TLS-related in /etc/zabbix/zabbix_server.conf?

**amirhz** · 26-10-2020, 18:57

No, I didn't,
Everything in the TLS section is commented on.

**NilsA** · 27-10-2020, 10:48

From the log it looks like another device - 192.168.0.1 - is trying to connect via TLS with an unknown PSK identity. Which makes sense if there is nothing configured.
I don't know what the problem could be so here's some more questions:
Which device is 192.168.0.1?
Is the zabbix-server service running and restarted after the last change in your config file?

**amirhz** · 27-10-2020, 15:46

Originally posted by NilsA

From the log it looks like another device - 192.168.0.1 - is trying to connect via TLS with an unknown PSK identity. Which makes sense if there is nothing configured.
I don't know what the problem could be so here's some more questions:
Which device is 192.168.0.1?
Is the zabbix-server service running and restarted after the last change in your config file?

This device is a host that I added using the "Configuration" menu by a PSK identity and a PSK key, while this PSK is defined on both sides. Should I add this key anywhere like the config file?
The Zabbix server is running and restarted multiple times. It is the result of running the status command (systemctl status zabbix-server):

zabbix-server.service - Zabbix Server
Loaded: loaded (/lib/systemd/system/zabbix-server.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-10-23 15:51:41 UTC; 3 days ago
Main PID: 976910 (zabbix_server)
Tasks: 38 (limit: 9452)
Memory: 72.9M
CGroup: ..........
...

**NilsA** · 27-10-2020, 15:57

To add encryption to a host, under the "Encryption" tab choose connections to and from your host according to the values of TLSConnect and TLSAccept in the zabbix_agentd.conf on your host system.
Then put in your PSK identity and PSK. On your host system PSK identity is the value TLSPSKIdentity in your config. You also need to have a file containing your PSK on the host system with the config value TLSPSKFile pointing at it.

If it doesn't work, check for simple errors like an empty space at the end of a PSK.
Alternatively you can turn off your TLS and try monitoring without encryption just so you know it works at all.

I'm not sure why your zabbix server still says "not running" when it is running. Can you try increasing the debug-level and checking the server log for any errors?

**amirhz** · 27-10-2020, 18:05

Originally posted by NilsA

To add encryption to a host, under the "Encryption" tab choose connections to and from your host according to the values of TLSConnect and TLSAccept in the zabbix_agentd.conf on your host system.
Then put in your PSK identity and PSK. On your host system PSK identity is the value TLSPSKIdentity in your config. You also need to have a file containing your PSK on the host system with the config value TLSPSKFile pointing at it.

If it doesn't work, check for simple errors like an empty space at the end of a PSK.
Alternatively you can turn off your TLS and try monitoring without encryption just so you know it works at all.

I'm not sure why your zabbix server still says "not running" when it is running. Can you try increasing the debug-level and checking the server log for any errors?

This did not work either, and the server log shows this now:

976950:20201027:155647.947 cannot send list of active checks to "x.x.x.x": host [XRouter] not found

Also, I have this on the agent log:
976913:20201027:155047.480 failed to accept an incoming connection: connection from "x.x.x.x" rejected, allowed hosts: "127.0.0.1"

Wonder what can I do for the Zabbix server status, although the web interface is working and I can add different types of hosts, it can not identify them as available devices!

Attached Files

**NilsA** · 27-10-2020, 18:12

The agent log suggests, that the Server or ServerActive are not correctly set up and only accept connections from localhost (127.0.0.1).

Concerning the server status, I checked up on the config again. What value is StatsAllowedIP in your server config?

**amirhz** · 27-10-2020, 18:41

Originally posted by NilsA

The agent log suggests, that the Server or ServerActive are not correctly set up and only accept connections from localhost (127.0.0.1).

Concerning the server status, I checked up on the config again. What value is StatsAllowedIP in your server config?

It is
StatsAllowedIP=127.0.0.1

**NilsA** · 28-10-2020, 11:14

Please check agent config for Server and ServerActive.

Concerning server status, try adding port 10051 to your iptables like this: "iptables -A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT"

**amirhz** · 28-10-2020, 16:50

I even add those IP addresses to both server and agent config files, with no effect.
I wonder what is this error message and if it is something related:
/etc/passwd has been changed

Problem expression

{Zabbix server:vfs.file.cksum[/etc/passwd].diff()}>0

**NilsA** · 28-10-2020, 17:04

You did restart the services for agent and server after the changes?
I don't think that trigger event makes any difference.

Can you put your server and agent settings in the thread? I don't see this going anywhere.

**amirhz** · 28-10-2020, 20:42

Yes, I stop, start both of them several times.
Here are the config files:

Dropbox

https://www.dropbox.com/s/nngf5ipva0i9kc1/zabbix_agentd.conf?dl=0

Dropbox

https://www.dropbox.com/s/i5eohgsehz0ckur/zabbix_server.conf?dl=0

**amirhz** · 03-11-2020, 21:53

Any solution?

**NilsA** · 04-11-2020, 10:52

I'm looking through your configs and can't really find anything wrong with them. Multiple IPs in your agent config shouldn't cause this.
Can you post your iptables here?

Ad Widget

Zabbix server does not discover anything

Zabbix server does not discover anything

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment