Active agent error message

Hi there,

I found this information on my window's client log - is something else I need to do on the linux side to allow access ?

103800.169 Get active checks error: *** Cannot connect to [x.x.x.x]:10051 [No connection could be made because the target machine actively refused it.]
5984:20101109:103800.169 In process_active_checks('x.x.x.x',10051)
5984:20101109:103800.169 In get_min_nextcheck()

Active Agent config & log activity

I've pasted below the config for the agentd running on windows and some of the log file. It would appear it connects to the server by virtue of the information in the log file but I don't know what else to see to understand what is working or not. I've configured some active items (windows) but can't see any log information to prove them being read. Help please.

Agent Config
# This is a config file for Zabbix Agent (Windows)
# To get more information about Zabbix, go to http://www.zabbix.com

############ GENERAL PARAMETERS #################

### Option: DebugLevel
# Specifies debug level
# 0 - no debug
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
#
# Mandatory: no
# Range: 0-4
# Default:
DebugLevel=4

### Option: LogFile
# Name of log file.
# If not set, Windows Event Log is used.
#
# Mandatory: no
# Default:
LogFile=c:\tmp\agent.log

### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1

### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=

### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
# Mandatory: no
# Default:
EnableRemoteCommands=1
# ping
##### Passive checks related

### Option: Server
# List of , delimited IP addresses (or hostname) of Zabbix servers.
# No spaces allowed. 1 entry used 4 receiving list of & send check.
# Note that hstnmes must resolve hostname->IP addr & IP addr-> hst.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
#
# Mandatory: yes
# Default:
# Server=

Server=X.X.X.X

### Option: Hostname
# Unique, case sensitive hostname.
# Required for active checks & must match hostn configured on srv.
#
# Default:
# Hostname=system.uname

Hostname=Zabbix

### Option: ListenPort
# Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
ListenPort=10050

### Option: ListenIP
# Agent will listen on the specified interface.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0

# ListenIP=127.0.0.1

### Option: DisablePassive
# Disable passive checks. The agent will not listen on any TCP port.
# Only active checks will be processed.
# 0 - do not disable
# 1 - disable
#
# Mandatory: no
# Default:
DisablePassive=0

##### Active checks related

### Option: DisableActive
# Disable active checks. The agent will work in passive mode listening for server.
#
# Mandatory: no
# Default:
DisableActive=0


### Option: ServerPort
# Server port for retrieving list of and sending active checks.
#
# Mandatory: no
# Default:
ServerPort=10051

### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 60-3600
# Default:
RefreshActiveChecks=60

### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5

### Option: BufferSize
# Maximum number of values in a memory buffer. The agent will send
# all collected data to Zabbix Server or Proxy if the buffer is full.
#
# Mandatory: no
# Range: 2-65535
# Default:
# BufferSize=100

### Option: MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing 'log', 'logrt' and 'eventlog' active checks.
# The provided value will be overridden by the parameter 'maxlines',
# provided in 'log', 'logrt' or 'eventlog' item keys.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxLinesPerSecond=100

############ ADVANCED PARAMETERS #################

### Option: StartAgents
# Number of pre-forked instances of zabbix_agentd that process passive checks.
#
# Mandatory: no
# Range: 1-16
# Default:
# StartAgents=3

### Option: Timeout
# Spend no more than Timeout seconds on processing
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3

### Option: Include
# You may include individual files or all files in a directory in the configuration file.
#
# Mandatory: no
# Default:
# Include=

# Include=c:\zabbix\zabbix_agent.userparams.conf
# Include=c:\zabbix\zabbix_agentd\

####### USER-DEFINED MONITORED PARAMETERS #######

### Option: UnsafeUserParameters
# Allow all characters to be passed in arguments to user-defined parameters.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Range: 0-1
# Default:
# UnsafeUserParameters=0

### Option: UserParameter
# User-defined parameter to monitor. There can be several user-defined parameters.
# Format: UserParameter=<key>,<shell command>
# Note that shell command must not return empty string or EOL only.
# Example: UserParameter=system.test,echo 1
#UserParameter=system.test,echo 1




log Activity.

3924:20101110:145830.552 Sending [{
"request":"active checks",
"host":"Zabbix"}]
3924:20101110:145830.552 Before read
3924:20101110:145830.615 Got [{
"response":"success",
"data":[]}]
3924:20101110:145830.615 In parse_list_of_checks()
3924:20101110:145830.615 In disable_all_metrics()
3924:20101110:145830.615 In process_active_checks('X.X.X.X',10051)
3924:20101110:145830.615 In get_min_nextcheck()
3924:20101110:145830.615 Sleeping for 1 seconds
2148:20101110:145831.521 In collect_cpustat()
3924:20101110:145831.615 In send_buffer() host:'X.X.X.X' port:10051 values:0/100
3924:20101110:145831.615 End of send_buffer():SUCCEED
3924:20101110:145831.615 Sleeping for 1 seconds
2148:20101110:145832.521 In collect_cpustat()

Can you build a telnet session from the client to the server, on port 10051?
(please post the output)

Telnet session

Thanks. I've tried to telnet to my server telnet <server name> 10051 and the telnet commandline session did not respond back. I will have another go and do a dump as you requested so it times out with a response.

I am using SUSE 11 on an Amazon Clould. The amazon cloud has a security group which allows both ports of 10050 and 10051 access. I know this group works because PING was not working before and I configured the security group with this ICMP and it got through in the end. I am not using a firewall on SUSE.

I am new to SUSE and Zabbix so I have plenty of books to hand and being the book worm and testing as the same time.

Thanks for your assistance.

Lazarus,

Your problem is likely firewall.

You need to be sure that you can allow inbound connections to port 10051 on the Zabbix server.

Thanks

Seems like I will need to look under the hood my engine and see where it is being blocked ; even though the firewall is off, it could be that there is a default 'off' for the ports.

I will rebuild my SUSE environment as the yast environment seems to be corrupt as I can't configure SUSE

Thanks for the support.. Will update the thread in a few days with the results of my rebuild and your recommendations.

many thanks
Lazarus

Also check to make sure you have enabled at least one trapper on your server. That is controlled by the zabbix_server.conf file

in addition what does the following command yield (it needs to be run as root)
netstat -tlnp

Do you see port 10051 and zabbix?

netstat -tlnp

I ran the the command and received the following output. I;ve rebuilt my server under Amazon and created an AMI image so if I do experience a problem while testing I can just create a new build instantly without having to reinstall all the s/w for zabbix and dependencies . So I have heavy in test mode to work out what is going on

ip-10-227-139-67:/etc # netstat -tlnp Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3190/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3372/master
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 3532/zabbix_agentd
tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN 3540/zabbix_server
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2003/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1922/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3425/httpd2-prefork
ip-10-227-139-67:/etc #

thanks
Lazarus

It appears that your agent and server are running. Can you check the logfiles for any strange errors?

Can you also give output of:

grep 'StartTrapper' /etc/zabbix/zabbix_server.conf

and

iptables -L ?

Update: if you still can't connect using a telnet from the client to the server on port 10051, your problem might be very well related to a closed port by Amazon. You would have to enable it possibly with something like "ec2-authorize default -p 10051", if you're on the Amazon EC cloud.

output from grep &amp; iptables

1. out from Grep 'StartTrapper' /etc/zabbix/zabbix_server.conf

### Option: StartTrappers
# StartTrappers=5

2. Output from iptables -L
ip-10-227-139-67:~/zabbix/zabbix-1.8.3 # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

thanks
Lazarus.

if you still can't connect using a telnet from the client to the server on port 10051, your problem might be very well related to a closed port by Amazon. You would have to enable it possibly with something like "ec2-authorize default -p 10051", if you're on the Amazon EC cloud.

EC2 changes

There is a security group which is associated with the server SUSE running Zabbix in Amazon. In this group is the 10051 port. However I will post a entry on Amazon to see if there is an issue with that port or range.

I will post something here soon when I get a response back from Amazon though they are not great at responding so I will.

Thanks for all your help, will update soon.

Kind regards
Lazarus.

output from EC2-describe-group

I've connected to the region where I am running in the Zabbix SUSE server and obtain the information on the groups used to open up the ports from a Amazon perspective.

I'm scratching my head now. On Suse 11 unix it has AppAmor some sort of added security in addition to the Firewall system, but I don;t know how that works yet.

Any suggestions? Thanks in advance.
Lazarus,

GROUP 855336263726 default default group
PERMISSION 855336263726 default ALLOWS all FROM USER 855336263726 GRPNAME default
PERMISSION 855336263726 default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
GROUP 855336263726 SuseRemoteAccess Remote Access for Suse
PERMISSION 855336263726 SuseRemoteAccess ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
PERMISSION 855336263726 SuseRemoteAccess ALLOWS tcp 23 23 FROM CIDR 0.0.0.0/0
PERMISSION 855336263726 SuseRemoteAccess ALLOWS tcp 25 25 FROM CIDR 0.0.0.0/0
PERMISSION 855336263726 SuseRemoteAccess ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
PERMISSION 855336263726 SuseRemoteAccess ALLOWS tcp 443 443 FROM CIDR 0.0.0.0/0
PERMISSION 855336263726 SuseRemoteAccess ALLOWS tcp 3306 3306 FROM CIDR 0.0.0.0/0
PERMISSION 855336263726 SuseRemoteAccess ALLOWS tcp 10050 10050 FROM CIDR 0.0.0.0/0
PERMISSION 855336263726 SuseRemoteAccess ALLOWS tcp 10051 10051 FROM CIDR 0.0.0.0/0
PERMISSION 855336263726 SuseRemoteAccess ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0

Resolved issue with ACTIVE agents

I feel embrassed but to say this but the problem was not to do with any of the network configurations or tables, or SUSE Linux ........

It was my understanding of how to configure the Zabbix_Agent.win.conf file.
The mistake was that the all the Hosts were pointing to the Zabbix server for its hostname which is wrong.

Which is how the host get to read what active items it needs to send back.

What a lesson! I only found it out when I was ready the book on configuring Zabbix I went to page 85 and I was trying to understand why it was saying
"Unique host name required for active checks"

It was then it dawned on me that each Agent config's (zabbix_agentd.win.conf) hostname needs to correspond to each host document's name.

Thanks to everyone who helped me on this.