Ad Widget

Collapse

proc.num return 0 for root proccesses

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ggs_admin
    Member
    • Oct 2021
    • 44
    #1

    proc.num return 0 for root proccesses

    Hello

    I have an item that should monitor some proccess.

    Click image for larger version Name: 1.png Views: 1194 Size: 30.8 KB ID: 433210

    When I test this on monitored server I'm seeng a correct result

    HTML Code:
    zabbix_agentd -t proc.num[,,,localert]
proc.num[,,,localert]      [u|2]
    But when I check it on Zabbix Dashboard it is getting 0.

    When I have changed it from localert to zabbix (for testing purposes) I have noticed that it works properly in the Zabbix Dasboard.
    So looks like zabbix is uanble to check root proccesses.

    My /etc/sudoers contains the followig:

    HTML Code:
    # Zabbix Agent PDNS
Defaults:zabbix !requiretty
zabbix ALL=NOPASSWD: /usr/bin/pdns_control, /usr/sbin/testscript, /usr/local/libexec/httpd
    Does anybody know what Ihave missed?
    PS. I don't want to allow root in the conf file.
    Tags: None
    • tim.mooney
      Senior Member
      • Dec 2012
      • 1427
      #2
      I haven't had any trouble gathering and alerting upon proc.num for some processes that run as root. I don't think it's "root" that is your issue.

      Did you carefully read the additional documentation about the proc.* items: https://www.zabbix.com/documentation..._mem_num_notes

        Comment

        • ggs_admin
          Member
          • Oct 2021
          • 44
          #3
          I definitely think that this issue is still related to permissions
          Let me show you more:

          HTML Code:
          root@server [/etc/zabbix]# ps auxfS | grep localert

root 69212 0.1 0.1 159760 154100 ? SN Oct17 1:12 /usr/bin/localert -r --fromfile /usr//sess/paths.68325 --exclude (^/var/tmp/mysql.sock$|^/tmp/mysql.sock$|^/var/tmp/#sql_.*\.MYD$|^/tmp/#sql_.*\.MYD$|^/var/tmp/clamav-.*|^/tmp/clamav-.*|^/usr/local/maldetect*|^/dev/pts*|^/dev/null|^/home/.*/public_html/.*error_log$/wp-content/temp-write-test*|/wp-content/bps-backup/logs/http_error_log.txt$|/wp-content/plugins/complianz-gdpr-premium/pro/assets/composer.phar$|/wp-content/plugins/antihacker/assets/rules.txt$) --timefmt %d %b %H:%M:%S --format %w%f %e %T -m -e create,move,modify

root 33270 0.0 0.0 112808 980 pts/0 S+ 10:15 0:00 | \_ grep --color=auto localert
          When I'm checking that via zabbix agent on the monitored server I'm still geting a correct result:

          Code:
          root@server [/etc/zabbix]# zabbix_agentd -t proc.num[,,,localert]
proc.num[,,,localert] [u|2]
          But when I'm checking it via Zabbix Dashboard I'm getting 0

          Click image for larger version Name: Zabbix-Server-Configuration-of-items.png Views: 1137 Size: 82.4 KB ID: 433262

            Comment

            • ggs_admin
              Member
              • Oct 2021
              • 44
              #4
              The issue has been solved by using the following way

              created the following UserParameter in the zabbix_agentd.conf

              HTML Code:
              UserParameter=localert,ps auxfS | grep localert | wc -l
              also, I have added

              the following rule

              HTML Code:
              AllowKey=system.run[ps auxfS | grep localert | wc -l]
              After that I have edited item in order to get it working.

                Comment

                • riBoon
                  Junior Member
                  • May 2017
                  • 25
                  #5
                  I have this on a bsd based OS. There is a sysctl Option for that:
                  security.bsd.see_other_uids=0
                  If you set this to 1 zabbix user can see the processes from other users than zabbix.

                    Comment

                    • ggs_admin
                      Member
                      • Oct 2021
                      • 44
                      #6
                      Hello,

                      Sorry, I have forgotten mention about that.
                      I'm using Centos 7

                        Comment

                        • riBoon
                          Junior Member
                          • May 2017
                          • 25
                          #7
                          To help you faster I will do a duplicate posting. (the other one is in status 'Unapproved' and can be deleted)
                          I have this on a bsd based OS. There is a sysctl Option for that:
                          security.bsd.see_other_uids=0
                          If you set this to 1 zabbix user can see the processes from other users than zabbix.

                          I don't know, if centOS has something like that but maybe.

                            Comment

                            Previous template Next
                            Working...