New Feature Request: move UserParameter=xxx into zabbix db - ZABBIX Forums

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to REGISTER before you can post. To start viewing messages, select the forum that you want to visit from the selection below.

X

Eric

Junior Member

Joined: Mar 2006

Posts: 10
#1

New Feature Request: move UserParameter=xxx into zabbix db

25-06-2009, 00:55

Hello All,

I would like to suggest storing extended agent data collection, (i.e., UserParameter=xxx) in the zabbix data base instead of the agent.conf file and sending the information to the agent automatically would be an *huge* improvment. Making management of the system and also the ability to 'veiw' the actual command used to collect the data an easy task.

Also, if implemented, we would not have to update the zabbix_agent.conf unless we changed 'agent' configuration (ip address, logging, debug level)

Regards,

Eric
Tags: None
welkin

Senior Member

Joined: Mar 2007

Posts: 132
#2

25-06-2009, 10:18

i would rather call this a "huge security issue" than a "huge improvement". Right now you can limit the commands which can be executed in the agent conf. If the configuration of remote commands is stored server side only the server limits the commands executed by zabbix agent, so if the zabbix server gets compromised the attacker has shell access to all servers with agents installed.

regards welkin
Comment
Calimero

Senior Member

Joined: Nov 2006

Posts: 481
#3

25-06-2009, 15:51

Originally posted by Eric

Hello All,

I would like to suggest storing extended agent data collection, (i.e., UserParameter=xxx) in the zabbix data base instead of the agent.conf file and sending the information to the agent automatically would be an *huge* improvment. Making management of the system and also the ability to 'veiw' the actual command used to collect the data an easy task.

Also, if implemented, we would not have to update the zabbix_agent.conf unless we changed 'agent' configuration (ip address, logging, debug level)

That already exists and is called "remote commands". See item 'system.run' ... that allows you to run any command and have zabbix_agent return the output.

But as said welkin keep in mind that this comes at at cost in terms of security.
Comment
Eric

Junior Member

Joined: Mar 2006

Posts: 10
#4

25-06-2009, 20:48

Welkin,

1) The agent should only respond to the server which is in its' .conf file. If there are ways to get around that it should be covered under the topic of security such as adding ssl communications.

2) as Calimero points out, the zabbix server can already execute command by clicking on a a host name which displays a pop up with a list of scripts that are configured on the server side. This is not at all what I am talk about. I would like to all UserParameter commands moved from the agent conf file into the zabbix data base.

Eric
Comment
Calimero

Senior Member

Joined: Nov 2006

Posts: 481
#5

26-06-2009, 09:27

Originally posted by Eric

This is not at all what I am talk about. I would like to all UserParameter commands moved from the agent conf file into the zabbix data base.

As I said, that already exists: use 'system.run[]' instead of UserParameters.
Comment
Eric

Junior Member

Joined: Mar 2006

Posts: 10
#6

02-07-2009, 21:38

Salut Calimero,

It appears that system.run[] returns text only. If so, this is not very useful for collecting numeric performance data. I still think that having so many external config files is a maintenance issue for large deployments. I am open to other suggestions.

Eric
Comment
Calimero

Senior Member

Joined: Nov 2006

Posts: 481
#7

03-07-2009, 09:45

Nope. You can store values as floats or integers... You can do anything you want with system.run[]/remote commands.
Comment
Eric

Junior Member

Joined: Mar 2006

Posts: 10
#8

07-07-2009, 23:19

Calimero,

I see that my original request is already on the wiki requests page (see below).

system.run does not function correctly. I'll wait for the request below.

Thanks for you help.

Eric

http://www.zabbix.com/wiki/doku.php?id=contrib:ideas

.
.

Agent configuration management

There should be a possibility to change agent configuration centrally, from the Zabbix server. Parts that should be centrally manageable:

*
all of the agent configuration, including user parameters (maybe as a separate file that takes precedence over default config, so that this does not interfere with normal packaging ?);
*
script management

Decent security model is critical.
Comment
Tenzer

Senior Member

Joined: Nov 2007

Posts: 316
#9

08-07-2009, 09:59

I think that you should make it as a ticket in the Zabbix feature requests Jira, found at https://support.zabbix.com/browse/ZBXNEXT instead. It seems to be the place used for such requests.
Comment
Calimero

Senior Member

Joined: Nov 2006

Posts: 481
#10

17-07-2009, 13:37

Originally posted by Eric

I see that my original request is already on the wiki requests page (see below).

system.run does not function correctly. I'll wait for the request below.

You should file bug reports if system.run doesn't work.

Originally posted by Eric

Agent configuration management

There should be a possibility to change agent configuration centrally, from the Zabbix server. Parts that should be centrally manageable:

*
all of the agent configuration, including user parameters (maybe as a separate file that takes precedence over default config, so that this does not interfere with normal packaging ?);
*
script management

Decent security model is critical.

Unless we have a "decent security model", for example SSL certificate security, it seems like a rather lousy idea to have zabbix agent remotely configured because that means you essentially give remote code execution permission to anyone able to spoof a IP on your network.

And using remote commands currently sucks too.

I'm not sure zabbix_agent should be turned into a file deployment / configuration management tool (because that's the problem: deploying monitoring scripts. Running them is not a problem). There are tools much better suited for that task (puppet, cfengine for the open-source players, but there are many others) and if you have lots of hosts you probably already use those very tools to manage every other aspect of your system.
Comment

Previous template Next

Working...