Ad Widget

Collapse

Simple checks not so simple?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jtnfoley
    Member
    • Mar 2022
    • 76
    #1

    Simple checks not so simple?

    I have Zabbix 6.0.4 on a RHEL 8.5 VM with three vNICs. I need to make extensive use of "simple checks" to monitor running services on devices with no agent installed.

    Trying to use simple checks to test the presence of SSH and LDAP services on my first few monitored devices all come up in '0' "Service is down" status even when I can confirm that those services are running and accessible from the Zabbix host.
    zabbix_get also shows the service as up but the Zabbix web GUI shows down?


    The vNICs are on each of three VLANs, in two separate firewall zones. I did try to disable the firewall entirely, and disabling two of the vNICs.
    Agent2 is running on the Zabbix host.



    Code:
    [root@zabx02 ~]# zabbix_get -s127.0.0.1 -k'net.tcp.service[ssh,sftpd02]'
1
    Am I missing something obvious?
    Attached Files
    Tags: None
    • Hamardaban
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • May 2019
      • 2713
      #2
      There are two different items with the same keys.
      Simple check and zabbix agents .
      https://www.zabbix.com/documentation.../simple_checks
      net.tcp.service[service,<ip>,<port>]
      Checks if service is running and accepting TCP connections. 0 - service is down

      1 - service is running      		 service - possible values: ssh, ldap, smtp, ftp, http, pop, nntp, imap, tcp, https, telnet (see details)
      ip - IP address or DNS name (by default host IP/DNS is used)
      port - port number (by default standard service port number is used).      		 Example:
      => net.tcp.service[ftp,,45] → can be used to test the availability of FTP server on TCP port 45.

      Note that with tcp service indicating the port is mandatory.
      These checks may result in additional messages in system daemon logfiles (SMTP and SSH sessions being logged usually).
      Checking of encrypted protocols (like IMAP on port 993 or POP on port 995) is currently not supported. As a workaround, please use net.tcp.
      https://www.zabbix.com/documentation...s/zabbix_agent
      net.tcp.service[service,<ip>,<port>]
      Checks if service is running and accepting TCP connections. 0 - service is down

      1 - service is running      		 service - either of:
      ssh, ldap, smtp, ftp, http, pop, nntp, imap, tcp, https, telnet(see details)
      ip - IP address (default is 127.0.0.1)
      port - port number (by default standard service port number is used)      		 Example:
      => net.tcp.service[ftp,,45] → can be used to test the availability of FTP server on TCP port 45.

      Note that these checks may result in additional messages in system daemon logfiles (SMTP and SSH sessions being logged usually).

      Checking of encrypted protocols (like IMAP on port 993 or POP on port 995) is currently not supported. As a workaround, please use net.tcp.port for checks like these.

      Checking of LDAP and HTTPS on Windows is only supported by Zabbix agent 2.

      Note that the telnet check looks for a login prompt (':' at the end).

      See als

      Zabbix_get requests an agents item, not a simple check! The request is executed by an agent on the local system.

      Simple checks are done by the server or proxy itself.

      Read the documentation carefully.

        Comment

        • Brain2000
          #2.1
          Brain2000 commented
          08-08-2024, 23:37
          Editing a comment
          Aha! Thank you very much for this information. The "MSSQL by Zabbix Agent 2" template has this mistake in it, and therefore always returns 0. I spend over 8 hours trying to figure this out. Maybe they shouldn't call it a "Simple Check", but a "Local Check". It's quite misleading.
        • jtnfoley
          Member
          • Mar 2022
          • 76
          #3
          So, how does one actually execute external checks? The defined checks "SSH Service" etc all come up in Down state despite the type being "Simple check"

            Comment

          • cyber
            Senior Member
            Zabbix Certified SpecialistZabbix Certified Professional
            • Dec 2006
            • 4806
            #4
            FW-s allow ssh connections from server/proxy to that host? Simple check is initiated from server/proxy towards that host or defined IP/DNS name.

            External checks are completely different thing... https://www.zabbix.com/documentation...types/external

              Comment

              • jtnfoley
                Member
                • Mar 2022
                • 76
                #5
                Originally posted by cyber
                FW-s allow ssh connections from server/proxy to that host? Simple check is initiated from server/proxy towards that host or defined IP/DNS name.
                I can ssh from zabbix server to target host on same VLAN, with the firewall enabled. I've also tried disabling the firewall entirely.
                nc on the zabbix server command line also shows the version of OpenSSH I'm connecting to.

                  Comment

                  • Hamardaban
                    Senior Member
                    Zabbix Certified SpecialistZabbix Certified Professional
                    • May 2019
                    • 2713
                    #6
                    some more glue: https://www.zabbix.com/documentation..._check_details

                      Comment

                      • jtnfoley
                        Member
                        • Mar 2022
                        • 76
                        #7
                        I turned up verbosity to 4 and restarted the server. A LOT of IPC spam in the log file meant a little judicious grep'ing was required to find this:

                        Code:
                        [root@zabx02 zabbix]# tail -f zabbix_server.log | grep 1.2.3.4
5423:20220513:100354.054 End substitute_simple_macros_impl() data:'1.2.3.4'
5423:20220513:100354.054 End of substitute_key_macros_impl():SUCCEED data:'net.tcp.service.perf[ssh,1.2.3.4,22]'
5423:20220513:100354.054 In get_value_simple() key_orig:'net.tcp.service.perf[ssh,{HOST.IP},22]' addr:'1.2.3.4'
5423:20220513:100354.054 SSH check error: cannot connect to [[1.2.3.4]:22]: [13] Permission denied
5423:20220513:100426.084 In get_value_simple() key_orig:'net.tcp.service[ssh,,22]' addr:'1.2.3.4'
5423:20220513:100426.084 SSH check error: cannot connect to [[1.2.3.4]:22]: [13] Permission denied
5423:20220513:100454.113 End substitute_simple_macros_impl() data:'1.2.3.4'
                        THAT led me to https://www.pc-freak.net/blog/fix-za...rror-solution/

                        Code:
                        Setting selinux for zabbix agent and zabbix proxy to permissive mode
       # semanage permissive –add zabbix_t
       # semanage permissive -a zabbix_agent_t

                        Now the 4-verbose log says something different:

                        Code:
                        5423:20220513:100954.450 In get_value_simple() key_orig:'net.tcp.service.perf[ssh,{HOST.IP},22]' addr:'1.2.3.4'
5423:20220513:100954.451 In is_ip4() ip:'1.2.3.4'

                        And, at long last, I am happy to report that Zabbix can see services on target hosts running simple checks.
                        Last edited by jtnfoley; 13-05-2022, 16:16.
                          👍 1

                          Comment

                          Previous template Next
                          Working...