Ad Widget

**Atsushi** · 06-01-2016, 03:59

Information of encryption for that host may not have been set correctly on database.
(Table: hosts, Colum: tls_connect)

Please try change the settings and save for the encryption of the host.

**dukejustice** · 07-01-2016, 19:18

Hello and thanks for a response.

The thing is that encryption is not used on the host. No line are present in the zabbix_agentd.conf and when I tried to add some per zabbix's 3 configuration on the website, the agent wouldn't start at all.

I have tried enabling/disabling encryption to no avail.

Would you have a suggestion to get me on the track to solving this issue?

Best regards.

Marc

**Atsushi** · 08-01-2016, 04:27

Zabbix agent wouldn't start at all?
I think that configuration file incorrect.

What kind of added a setting?
And, Please check that agent log.

**dukejustice** · 08-01-2016, 04:53

Hi again.

in my zabbix_agentd.conf, I added

TLSAccept=unencrypted
TLSConnect=unencrypted

as per https://www.zabbix.com/documentation.../zabbix_agentd

The strangest thing is that the agent's log file doesn't give me anything! Not when with the added lines when it's not starting... Not without when it's refusing to execute a remote command on a trigger's action.

I am puzzled.

And I've tried duplicating the host, cloning the host, rebooting the host... Always same result...

A TLS connection is configured to be used with agent but support for TLS was not compiled into server.

Agent is not configured with TLS. And I found no way to deactivate something that's not there. Nor have I found anything on Google searching for this error message.

In the meantime, I cron'ed a restart task, but it's inelegant.

Still praying for a solution.

Thanks for trying to help.

Best regards.

Marc

**Atsushi** · 08-01-2016, 07:41

If you don't enabled TLS option at configure, you cann't enable that option.
Please try comment out that TLS options.

Code:

# TLSAccept=unencrypted
# TLSConnect=unencrypted

**dukejustice** · 08-01-2016, 16:31

Hi.

The lines are removed from the config.

No TLS configuration whatsoever. Nowhere. I can't understand why zabbix server would report such a thing.

Here is my complete zabbix_agentd.conf

HTML Code:

# This is a config file for the Zabbix agent daemon (Unix)
# To get more information about Zabbix, visit http://www.zabbix.com

############ GENERAL PARAMETERS #################

### Option: PidFile
#	Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_agentd.pid

PidFile=/var/run/zabbix/zabbix_agentd.pid

### Option: LogFile
#	Name of log file.
#	If not set, syslog is used.
#
# Mandatory: no
# Default:
# LogFile=

LogFile=/var/log/zabbix/zabbix_agentd.log

### Option: LogFileSize
#	Maximum size of log file in MB.
#	0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1

LogFileSize=0

### Option: DebugLevel
#	Specifies debug level
#	0 - no debug
#	1 - critical information
#	2 - error information
#	3 - warnings
#	4 - for debugging (produces lots of information)
#
# Mandatory: no
# Range: 0-4
# Default:
# DebugLevel=3

### Option: SourceIP
#	Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=

### Option: EnableRemoteCommands
#	Whether remote commands from Zabbix server are allowed.
#	0 - not allowed
#	1 - allowed
#
# Mandatory: no
# Default:
EnableRemoteCommands=1

### Option: LogRemoteCommands
#	Enable logging of executed shell commands as warnings.
#	0 - disabled
#	1 - enabled
#
# Mandatory: no
# Default:
# LogRemoteCommands=0

##### Passive checks related

### Option: Server
#	List of comma delimited IP addresses (or hostnames) of Zabbix servers.
#	Incoming connections will be accepted only from the hosts listed here.
#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
#
# Mandatory: no
# Default:
# Server=

Server=noIdidnT

### Option: ListenPort
#	Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10050

### Option: ListenIP
#	List of comma delimited IP addresses that the agent should listen on.
#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0

### Option: StartAgents
#	Number of pre-forked instances of zabbix_agentd that process passive checks.
#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
#
# Mandatory: no
# Range: 0-100
# Default:
# StartAgents=3

##### Active checks related

### Option: ServerActive
#	List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.
#	If port is not specified, default port is used.
#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
#	If port is not specified, square brackets for IPv6 addresses are optional.
#	If this parameter is not specified, active checks are disabled.
#	Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
#
# Mandatory: no
# Default:
# ServerActive=

#ServerActive=127.0.0.1

### Option: Hostname
#	Unique, case sensitive hostname.
#	Required for active checks and must match hostname as configured on the server.
#	Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=

Hostname=didnTeither

### Option: HostnameItem
#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
#	Does not support UserParameters or aliases.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname

### Option: HostMetadata
#	Optional parameter that defines host metadata.
#	Host metadata is used at host auto-registration process.
#	An agent will issue an error and not start if the value is over limit of 255 characters.
#	If not defined, value will be acquired from HostMetadataItem.
#
# Mandatory: no
# Range: 0-255 characters
# Default:
# HostMetadata=

### Option: HostMetadataItem
#	Optional parameter that defines an item used for getting host metadata.
#	Host metadata is used at host auto-registration process.
#	During an auto-registration request an agent will log a warning message if
#	the value returned by specified item is over limit of 255 characters.
#	This option is only used when HostMetadata is not defined.
#
# Mandatory: no
# Default:
# HostMetadataItem=

### Option: RefreshActiveChecks
#	How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 60-3600
# Default:
# RefreshActiveChecks=120

### Option: BufferSend
#	Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5

### Option: BufferSize
#	Maximum number of values in a memory buffer. The agent will send
#	all collected data to Zabbix Server or Proxy if the buffer is full.
#
# Mandatory: no
# Range: 2-65535
# Default:
# BufferSize=100

### Option: MaxLinesPerSecond
#	Maximum number of new lines the agent will send per second to Zabbix Server
#	or Proxy processing 'log' and 'logrt' active checks.
#	The provided value will be overridden by the parameter 'maxlines',
#	provided in 'log' or 'logrt' item keys.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxLinesPerSecond=100

############ ADVANCED PARAMETERS #################

### Option: Alias
#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
#	Different Alias keys may reference the same item key.
#	For example, to retrieve the ID of user 'zabbix':
#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
#	Now shorthand key zabbix.userid may be used to retrieve data.
#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
#
# Mandatory: no
# Range:
# Default:

### Option: Timeout
#	Spend no more than Timeout seconds on processing
#
# Mandatory: no
# Range: 1-30
# Default:
Timeout=30

### Option: AllowRoot
#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
#	will try to switch to user 'zabbix' instead. Has no effect if started under a regular user.
#	0 - do not allow
#	1 - allow
#
# Mandatory: no
# Default:
AllowRoot=1

### Option: Include
#	You may include individual files or all files in a directory in the configuration file.
#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=

Include=/etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf

# Include=/usr/local/etc/zabbix_agentd.userparams.conf
# Include=/usr/local/etc/zabbix_agentd.conf.d/

####### USER-DEFINED MONITORED PARAMETERS #######

### Option: UnsafeUserParameters
#	Allow all characters to be passed in arguments to user-defined parameters.
#	0 - do not allow
#	1 - allow
#
# Mandatory: no
# Range: 0-1
# Default:
# UnsafeUserParameters=0

### Option: UserParameter
#	User-defined parameter to monitor. There can be several user-defined parameters.
#	Format: UserParameter=<key>,<shell command>
#	See 'zabbix_agentd' directory for examples.
#
# Mandatory: no
# Default:
# UserParameter=

####### LOADABLE MODULES #######

### Option: LoadModulePath
#	Full path to location of agent modules.
#	Default depends on compilation options.
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules

### Option: LoadModule
#	Module to load at agent startup. Modules are used to extend functionality of the agent.
#	Format: LoadModule=<module.so>
#	The modules must be located in directory specified by LoadModulePath.
#	It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
UserParameter=wordpress.discovery[*],bash -c "/root/wplist.sh"
UserParameter=user.discovery[*],bash -c "/root/userlist.sh"
UserParameter=mailuser.discovery[*],bash -c "/root/mailuserlist.sh"
UserParameter=user.usedquota[*],bash -c "quota -g $1 --hide-device | grep -v 'Filesystem' | grep -v 'Disk quotas' | awk '{print $ 1/1024;}'"
UserParameter=mailuser.usedquota[*],bash -c "quota -u $1 --hide-device | grep -v 'Filesystem' | grep -v 'Disk quotas' | awk '{print $ 1/1024;}'"
UserParameter=user.availablequota[*],bash -c "quota -g $1 --hide-device | grep -v 'Filesystem' | grep -v 'Disk quotas' | awk '{print $ 3/1024;}'"
UserParameter=mailuser.availablequota[*],bash -c "quota -u $1 --hide-device | grep -v 'Filesystem' | grep -v 'Disk quotas' | awk '{print $ 3/1024;}'"
UserParameter=user.files[*],bash -c "quota -g $1 --hide-device | grep -v 'Filesystem' | grep -v 'Disk quotas' | awk '{print $ 4;}'"
UserParameter=mailuser.files[*],bash -c "quota -u $1 --hide-device | grep -v 'Filesystem' | grep -v 'Disk quotas' | awk '{print $ 4;}'"

See? Nothing!

zabbix_agentd.log is totally empty. The were messages in the past for other errors which I fixed. Since last log file rotation... nothing!

zabbix_server.log has many lines, but none concerning my host in regards to my "should not be" TLS problem.

Any other suggestions?

Thanks in advance.

Marc

**dukejustice** · 08-01-2016, 17:05

I forced agent upgrade to latest stable 2.4.7-1 to no avail.

adding TLS lines makes agent not want to start.

IU'm still stuck with my non-existent TLS problem.

Ad Widget

A TLS connection is configured to be used with agent but support for TLS on server...

A TLS connection is configured to be used with agent but support for TLS on server...

Comment

Comment

Comment

Comment

Comment

Comment

Comment