Ad Widget

**aib** · 19-06-2020, 15:18

Open "Template OS Windows" -> Discovery rules -> Windows Service Discovery -> tab "Filters" -> check @Windows service names for discovery
Open Administration -> General -> choose "Regular Expressions" in top right corner -> find "Windows service names for discovery" and add "BITS"

**ultrajones** · 19-06-2020, 15:46

Greetings. I have been struggling with this same issue for a few months now. I'll read similar suggestions, but the solutions don't seem to work.

I have the following regex defined in Administration -> General -> "Regular Expressions" > Windows service names for discovery".

^(TrustedInstaller|SonosLibraryService.*|OneSyncSv c_.*|BITS.*|MMCSS|gupdate| SysmonLog|clr_optimization_v2.0.50727_32|clr_optim ization_v4.0.30319_32)$

Do I need to take any other action to update the existing monitored windows hosts so they stop alerting on BITS and the TrustedInstaller Windows Services?

Regards,
Ultrajones

**aib** · 19-06-2020, 15:54

You assume that symbol asterisk "*" in regex has the same meaning that in Windows command line
It is wrong.
Check https://www.zabbix.com/documentation...ry_rule_filter - especially Filters description

Remove all "*" and try to discover again

**ultrajones** · 19-06-2020, 16:26

I think the proves my point. There is no much misinformation on this topic. I think this is a pain point many users experience. It would be helpful if someone could post a how-to on how to exclude those Windows Services from generating an alert.

Regards,
Ultrajones

**aib** · 19-06-2020, 18:24

It's easy to stop generating alerts.
Just Disable previously discovered Triggers for all Windows services that you hate.

It's more about how to stop auto-creating of Windows Services Items/Triggers/Graps/etc for useless services.

**ultrajones** · 20-06-2020, 14:57

Thank you. I disabled the previously discovered triggers as you suggested. It seems to have worked.

Regards,
Ultrajones

**ascholdan** · 29-06-2020, 08:02

Hello

I've tested the solution, but it seems that zabbix dosent rediscovery windows service after i exclude them.
my string look like:

^(MMCSS|gupdate|SysmonLog|clr_optimization_v2.0.50 727_32|clr_optimization_v4.0.30319_32|BITS|WbioSrv c)$

Or do i need to remove all the old triggers and this only apply's to new once?

**astol** · 08-07-2020, 05:55

for me, in v5.0.1, the Template Module Windows services by Zabbix agent active contains a macro "{$SERVICE.NAME.NOT_MATCHES}" with this in it by default:

Code:

^RemoteRegistry|MMCSS|gupdate|SysmonLog|clr_optimization_v.+|clr_optimization_v.+|sppsvc|gpsvc|Pml Driver HPZ12|Net Driver HPZ12|MapsBroker|IntelAudioService|Intel\(R\) TPM Provisioning Service|dbupdate|DoSvc$

also i have set up 2 Regex items with expression type Result is FALSE which contain

Code:

^(AppHostSvc|BFE|BITS|BrokerInfrastructure|CryptSvc|DcomLaunch|Dfs|Dhcp|DiagTrack|Dnscache|DPS|EventLog|EventSystem|iphlpsvc|LanmanServer|LanmanWorkstation|lmhosts|LSM|ManageEngine UEMS -Agent|MpsSvc|MSDTC|Netlogon|NlaSvc|nscp|nsi|OneSyncSvc[0-9._]*)$

and

Code:

^(PeerDistSvc|Power|ProfSvc|RpcEptMapper|RpcSs|SamSs|Schedule|SENS|ShellHWDetection|SmbHash|Spooler|SystemEventsBroker|Themes|TrkWks|TrustedInstaller|UALSVC|VGAuthService|Wcmsvc|Winmgmt|WinRM|tiledatamodelsvc|WbioSrvc)$

as it wouldnt all fit into one

i have a host to test with that i then removed all previously discoved windows services, yet upon re-discovery it found all the same services, inclusing those that are listed in regex and the macro.

my end goal is to disable/not discover these services for dozens of hosts so doing them one by one is not an option im happy to work with

**xNeWeLx** · 14-07-2020, 07:39

Hello Astol,

have you figured out how to solve your problem with windows service discovery?
I tried the same thing but it doesn't work.

**csmall** · 16-07-2020, 06:38

With zabbix 5 you can use overrides. At the template level, add an override to set services that match a name to either be discovered and not enabled or not discovered at all.

https://www.reddit.com/r/zabbix/comm...m_source=share

**chrisme** · 11-09-2020, 14:48

I add the services i dont want to discover to the {$SERVICE.NAME.NOT_MATCHES} macro of the official Template Module Windows services by Zabbix agent active. This worked for me very well, but the text field has an 255 character restriction and i can not add more services?!

**ComputerHabit** · 03-11-2020, 21:38

This still doesn't work. How do you exclude services?

**wuppi** · 05-03-2021, 20:52

Hi,
I am afaid I run into the same problem. I installed a vanilla Windows 2019 Server and the Zabbix actual agent 5.2.5 and frequently get an alert saying that BITS is not running.
As I am newbe I am afraid I can't really follow the above howto and corret that.
Honestly I am a bit astonished that this pops up as I guess every windows server user will experience this, or not?
There should be a standard procedure to cope with it.

I would be happy to learn it.

Best regards

Wuppi

**ComputerHabit** · 08-03-2021, 19:59

Ad Widget

Change the default discovery of windows services

Change the default discovery of windows services

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment