No announcement yet.

Activating changes to Windows Service Names for Discovery

  • Filter
  • Time
  • Show
Clear All
new posts

    Activating changes to Windows Service Names for Discovery

    Sorry that I am very new to the Zabbix world, and I apologise if the answer is obvious to those of you with much more experience....

    I have three Windows 2012 servers with agents installed.
    A common problem is that they are all reporting issues with services not running, including some which are known as services that start up automatically but then stop automatically, just starting when needed. For example, "RemoteRegistry" and "sppsvc".
    I can see that the configuration/templates/Template OS Windows/Items/Discovery rules/Windows service discovery is configured for service names as @Windows service names for discovery.
    So I have changed the Administration/General/Regular Expressions/Windows service names for discovery to:
    ^(MMCSS|gupdate|sppsvc|RemoteRegistry|SysmonLog|cl r_optimization_v2.0.50727_32|clr_optimization_v4.0 .30319_32|clr_optimization_v4.0.30319_64)$

    What else do I need to do to get rid of the dashboard messages:
    Service "RemoteRegistry" (Remote Registry) is not running (startup type automatic)
    Service "sppsvc" (Software Protection) is not running (startup type automatic delayed)

    I am also waiting for an answer ...


      From my (also) limited experience...

      You can go in and disable the trigger on a per-host basis. With 3 hosts, this won't be too much of a thing.

      You could also (I think) delete the hosts and let them get re-discovered.

      I have a similar problem, but with around 100 I've got the same question, but I'm hoping to use an Action to picks up on one (of a few) services and then goes through and disables the Triggers on the host as needed. Even if they became re-enabled at some point, this process would disable them again.

      But for your three hosts, the first is probably the way to go, the second is a slightly more extreme option.



        I have the same problem. I added the services to the regex but nothing happened and I continue to get the trigger...


          I have had to delete the prototypes (which also deletes any associated triggers) after making changes to the regex. This will remove all discovered data. Then add the prototypes back in. All items will rediscover and this time you should see the changes made in the regex reflected. This is the only way I have been able to make changes to the regex become applied.


            Hi *
            How can I remove and re-enable the prototype?



              I am experiencing the same symptoms with 3.2.10.

              If I add a service name to the regex to be skipped, it will never be recognized by the LLD and the problem will never go away.

              Same situation with change a service start-up on a server. If I change the service to disabled, the change is never recognized by Zabbix.

              Rebooting the zabbix server has no effect. Nor does stopping/starting the zabbix agent.

              The only way that I have found to rectify the issue is to delete the item prototype and trigger from the template, then add them back in.

              Sounds like a bug to me?


              Bryan Hunt


                I am on 3.4.4 and only recently I started to make use of Low Level Discovery.
                Not knowing about the existence of this regular expression I too created a thread in this forum, but after getting an answer I had no problem getting it to work properly. Maybe there was some bug before, but for me it is working as expected (3.4.4).

                I did change the regular expressions for both the Interface discover as the Service discovery.


                After changing the rule one should delete all the wrongly discovered services in items in the host section (use the same expressions as a filter).

                Select items in configuration of a random host.
                Delete the host name and select a group (Windows servers?)
                Select Application "Services" and "Disabled" (assuming you have them disabled).
                Then select all the items and press "Delete" until all of them are gone.

                You could lower the discovery refresh temporarily (3 minutes), but set it to 4 hours afterward.
                BTW... I changed the item interval to 3 minutes as well... Faster is a bit unnecessary
                Last edited by frater; 23-11-2017, 00:49.
                Zabbix agents on Linux, FreeBSD, Windows, AVM-Fritz!box, DD-WRT and QNAP


                  With some guidance from Ingus Vilnis, I now understand what was (and was not) happening.

                  Ingus pointed me here:

                  Specifically to the Keep lost resources period (in days) parameter.

                  If an entity is discovered by LLD, and then is either: removed; lost; or excluded by a filter, it is still kept in Zabbix for the duration of time defined by the Keep Lost Resources parameter (default is 30 days).

                  So, the changes were recognized in the next LLD cycle (1 hour), but the filtered entity was then considered "lost", so would be kept for an additional 30 days. If I had waited that long, it would have finally disappeared.

                  Fortunately you can set that parameter to "0" and it will disappear after the next LLD cycle. Best not to leave that setting at "0" though, so reset back to "30" after LLD.


                  Bryan Hunt