Ad Widget

Collapse

Zabbix Agent system.run

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • markfree
    Senior Member
    • Apr 2019
    • 868
    #1

    Zabbix Agent system.run

    I was trying to monitor my router temperatures but I keep getting an error with my "system.run[comand]".
    I'm using a RT-AC86U Asus router and I can check its CPU and wireless chips temperatures while at the routers command line without a problem.

    CPU, Radio 1 and Radio 2:
    Code:
    # cat /sys/devices/virtual/thermal/thermal_zone0/temp
73364

# wl -i eth5 phy_tempsense | awk '{ print $1/2+20 }'
55.5

# wl -i eth6 phy_tempsense | awk '{ print $1/2+20 }'
58.5
    When I test with "system.run[]" key, I receive a command and zabbix error:
    Code:
    # zabbix_agentd -t [B]system.run[wl -i eth6 phy_tempsense | awk '{print $1/2+20}'][/B]
awk: cmd. line:1: Unexpected token
zabbix_agentd [22129]: invalid option -- i
    I tried quote marks which gave "awk" command error:
    Code:
    # zabbix_agentd -t [B]"system.run[wl -i eth6 phy_tempsense | awk '{print $1/2+20}']"[/B]
zabbix_agentd [23284]: Warning: Executing command 'wl -i eth6 phy_tempsense | awk '{print /2+20}''
system.run[wl -i eth6 phy_tempsense | awk '{print /2+20}'] [t|awk: cmd. line:1: Unexpected end of string]
    Also tried spaced quotes that, this time, gives zabbix wrong item key format:
    Code:
    # zabbix_agentd -t [B]" system.run[wl -i eth6 phy_tempsense | awk '{print $1/2+20}'] "[/B]
system.run[wl -i eth6 phy_tempsense | awk '{print /2+20}'] [m|ZBX_NOTSUPPORTED] [Invalid item key format.]
    Then I tried testing from my server side with "zabbix_get". But it also gave me a strange error
    Code:
    $ zabbix_get -s <hostname> -p 10050 -k [B]system.run[wl -i eth5 phy_tempsense | awk '{print $1}'][/B]
awk: line 1: syntax error at or near ]
zabbix_get [7578]: invalid option -- i
    At the server side, adding quotes gave me a different error, a "wl" error:
    Code:
    $ zabbix_get -s <hostname> -p 10050 -k [B]"system.run[wl -i eth5 phy_tempsense | awk '{print $1}']"[/B]
wl: wl driver adapter not found
    And adding space to those quote marks, gives me the same zabbix not supported error.
    So, it seems to me that the issue is related to the agent sintax, but I don't see my error.

    Have you guys seens this before?
    Last edited by markfree; 01-06-2020, 16:18.
    Tags: agent, format, system.run, zabbix_agentd, zabbix_get
    • tim.mooney
      Senior Member
      • Dec 2012
      • 1427
      #2
      Originally posted by markfree
      At the server side, adding quotes gave me a different error, a "wl" error:
      Code:
      $ zabbix_get -s diasdm -p 10050 -k [B]"system.run[wl -i eth5 phy_tempsense | awk '{print $1}']"[/B]
wl: wl driver adapter not found
      The last one, where you're quoting system.run and you're quoting the awk statement actually worked, so that quoting was fine.

      The problem is that your 'wl' command apparently works for 'root' but doesn't work for a non-privileged user.

        Comment

        • markfree
          Senior Member
          • Apr 2019
          • 868
          #3
          Oh I see now. You're right!
          Do you happen to know how can I give the zabbix user privileges to use "wl" command?

            Comment

            • kloczek
              Senior Member
              • Jun 2006
              • 1771
              #4
              BTW why do yoiu want to use stsrem.run[] which requires enable remote commands iof you can just read file content nad do process of the content in filer regexyp?
              http://uk.linkedin.com/pub/tomasz-k%...zko/6/940/430/
              https://kloczek.wordpress.com/
              zapish - Zabbix API SHell binding https://github.com/kloczek/zapish
              My zabbix templates https://github.com/kloczek/zabbix-templates

                Comment

                • markfree
                  Senior Member
                  • Apr 2019
                  • 868
                  #5
                  kloczek , do you mean to use "vfs.file.contents" instead of "system.run"?

                  That was a great idea for CPU temperature readings! I didn't remember that. Now I switched keys and it works flawlessly.

                  As to other readings, I guess I still need "system.run", so I must enable "remote commands". But I'm still figuring out how to enable zabbix user to use "wl" command on my router.
                  Last edited by markfree; 31-05-2020, 16:04.

                    Comment

                    • tim.mooney
                      Senior Member
                      • Dec 2012
                      • 1427
                      #6
                      If you're running the agent anyway, I much prefer to define custom item keys via UserParameter, rather than using system.run[]

                      As far as allowing the 'zabbix' user to do whatever is needed for the 'wl' command, I'm not familiar with that router so I don't know anything about the OS it's using or what you might need to do to grant whatever privileges are needed. Is it some version of Linux under the hood?

                        Comment

                        • markfree
                          Senior Member
                          • Apr 2019
                          • 868
                          #7
                          Originally posted by tim.mooney
                          If you're running the agent anyway, I much prefer to define custom item keys via UserParameter, rather than using system.run[]
                          I don't see much avantage to "userparameter" over "system.run" key, but, indeed, It is also a good way to collect data from a host.

                          To test your suggestion I created two user parameters in my agent configuration file, as followed.
                          Code:
                          UserParameter=temp.wireless2,[I]wl -i eth5 phy_tempsense | awk '{ print $1/2+20 }'[/I]
UserParameter=temp.wireless5,[I]wl -i eth6 phy_tempsense | awk '{ print $1/2+20 }'[/I]
                          When I test these custom keys with the host's agent it gives me correct results.
                          Code:
                          # zabbix_agentd -t temp.wireless2
[COLOR=#2980b9]temp.wireless2 [t|55][/COLOR]
# zabbix_agentd -t temp.wireless5
[COLOR=#2980b9]temp.wireless5 [t|57.5][/COLOR]
                          So I tried testing at the server side, but once again "wl" command gave me an error.
                          Code:
                          $ zabbix_get -s <hostname> -p 10050 -k temp.wireless2
[COLOR=#e74c3c]wl: wl driver adapter not found[/COLOR]
$ zabbix_get -s <hostname> -p 10050 -k temp.wireless5
[COLOR=#e74c3c]wl: wl driver adapter not found[/COLOR]
                          As for the router's OS, it is a limited Linux under the hood. It is a ASUSWRT "fork".
                          Code:
                          # uname -a
Linux <hostname> 4.1.27 #2 SMP PREEMPT Fri Jan 31 19:53:09 EST 2020 aarch64 ASUSWRT-Merlin
                          Anyway, I am still looking for a clean way to collect those wireless chips temperatures.

                            Comment

                            • vendrusculo
                              Junior Member
                              • Jul 2015
                              • 26
                              #8
                              I would suggest to create the UserParameter a syou did... but for the command try to user the complet path to the "wl" like /usr/bin/wl or any other according with your system

                              Thanks,
                              Leo

                                Comment

                                • markfree
                                  Senior Member
                                  • Apr 2019
                                  • 868
                                  #9
                                  Good idea vendrusculo . Let me try...

                                  My wireless command is found under "/usr/sbin/".

                                  But had no success with "system.run".
                                  Code:
                                  $ zabbix_get -s diasdm -p 10050 -k "system.run[[B]/usr/sbin/wl[/B] -i eth5 phy_tempsense | awk '{print $1}']"
[COLOR=#e74c3c]/usr/sbin/wl: wl driver adapter not found[/COLOR]
                                  Neither with "userparameters".
                                  Code:
                                  # nano /opt/etc/zabbix_agentd.conf
UserParameter=temp.wireless2,[B]/usr/sbin/[/B][I][B]wl[/B] -i eth5 phy_tempsense | awk '{ print $1/2+20 }'[/I]

$ zabbix_get -s diasdm -p 10050 -k temp.wireless2
[COLOR=#e74c3c]/usr/sbin/wl: wl driver adapter not found[/COLOR]
                                  I found a way to make it work though. I enabled zabbix to use root by modifying "AllowRoot" parameter.
                                  Code:
                                  # nano /opt/etc/zabbix_agentd.conf
AllowRoot=1
                                  After that it started working fine.
                                  It might not be the best solution, but, for now, I'll be using it.

                                  If I find a better way, I'll certainly post here.

                                    Comment

                                    • tim.mooney
                                      Senior Member
                                      • Dec 2012
                                      • 1427
                                      #10
                                      I would prefer setting up a sudo entry for /usr/sbin/wl so that the zabbix user can run it with NOPASSWD . See sudoers(4) for more info on that.

                                      Ultimately, I think the best thing to do would be to use capabilities(7) and assign a limited set of Linux capabilities ( https://www.incibe-cert.es/en/blog/l...apabilities-en , https://linux-audit.com/linux-capabilities-101/ ) to the command. The difficult part with capabilities is identifying which of the granular permissions the command actually needs to function correctly.

                                        Comment

                                        • markfree
                                          Senior Member
                                          • Apr 2019
                                          • 868
                                          #11
                                          tim.mooney Capabiliteis are a great option, indeed, but my router does not have any of these commands.
                                          "setcap"
                                          "getcap"
                                          "capsh"

                                          Also, I searched BusyBox documentation and could not find any Capabilities support. Since ASUSWRT is based on BusyBox, I can only conclude it does not have support.
                                          I guess the only way is to use "AllowRoot" parameter.

                                            Comment

                                            • tim.mooney
                                              Senior Member
                                              • Dec 2012
                                              • 1427
                                              #12
                                              Good info on the lack of capabilities for this install. I'm not familiar with the ASUSWRT distro, but it makes sense that it would have stripped out a number of things that are part of a full Linux distro.

                                              If it has sudo present, you could still use sudo with NOPASSWD to avoid the need for AllowRoot, but ultimately it's your install and you're the person that needs to make the security assessment about what's best for your environment.

                                                Comment

                                                • markfree
                                                  Senior Member
                                                  • Apr 2019
                                                  • 868
                                                  #13
                                                  Tim, it does not have sudo. It is basically only root capable.
                                                  As you said, Asuswrt is very limited. I use Asuswrt-Merlin, wich is a enhanced version, thanks to the developer "Merlin".
                                                  With Entware on top of Asuswrt I was able to install Zabbix-agent.

                                                  Now, thanks to Zabbix for being so flexible and capable of monitoring even this small router I have.

                                                  This was all very educational to me. Thanks a lot.

                                                    Comment

                                                    • Emisorasde
                                                      Junior Member
                                                      • Jun 2021
                                                      • 1
                                                      #14
                                                      your 'wl' command seems to work for 'robots but not for unprivileged users. CPU, Radio 1 and Radio 2 have Zabbiz error, can you please contact Zabbiz to grant radio users zabbix privileges using "wl" command. You can visit this site to check out the online radio station emisorasderadioonline.es it updates news about technology as well as informatics, the station updates many things such as music on local and foreign news.
                                                      Last edited by Emisorasde; 21-06-2021, 04:04.

                                                        Comment

                                                        Previous template Next
                                                        Working...