Ad Widget

Collapse

Disabling alerts for certain services

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • paulhazo
    Junior Member
    • Aug 2022
    • 9
    #1

    Disabling alerts for certain services

    Hi, I have recently set up a Zabbix server (6.2.1) in our environment to monitor a couple of hundred workstations using the Windows by Zabbix agent active. Also, I have configured a user to receive the notifications to a Slack channel.

    I know this has been asked multiple times, as I was searching for a solution for it. But, it doesn't seem to be working for me.

    I want to stop receiving alerts for a couple of services that are not running: (below are 2 as an example)

    Problem: "dmwappushservice" (Device Management Wireless Application Protocol (WAP) Push message Routing Service) is not running (startup type automatic delayed)
    Problem: "edgeupdate" (Microsoft Edge Update Service (edgeupdate)) is not running (startup type automatic delayed)

    I tried the following: (each alone and not together)
    1. Configuration -> Templates -> Windows by Zabbix agent active -> Macros -> adding the service names in {$SERVICE.NAME.NOT_MATCHES} or creating a new macro and adding it to the Discovery Rules filters. Both didn't solve my problem.Click image for larger version Name: image.png Views: 8207 Size: 39.5 KB ID: 450398 Click image for larger version Name: image.png Views: 8443 Size: 56.4 KB ID: 450397
    2. Administration -> General -> Regular Expressions -> Windows service names for discovery -> adding the service names in the already existing expression or creating a new one with Return is FALSE type. Both didn't work for me.Click image for larger version Name: image.png Views: 8245 Size: 23.9 KB ID: 450400
    Is there something I'm missing that's not solving my problem? Or is there any other way to go about fixing this?

    I appreciate your help and sorry if I'm sounding like a n00b, that's because I am!

    Thanks!
    Attached Files
    Tags: None
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4807
      #2
      That number 2, regex in Admin/General... that shoudl not be touched, your templtes do not use it.

      I think your logic in that filter is wrong, if you want to use 2 separate exclude macros... (A and B and C) ... it will never become true, if you think a little here.
      I think it should be (A and (B or C)) .

        Comment

        • paulhazo
          Junior Member
          • Aug 2022
          • 9
          #3
          Thanks for the response cyber. I have joined them all under the same macro now to make it easier but I'm still getting alerted.
          Click image for larger version Name: image.png Views: 7920 Size: 47.9 KB ID: 450408

            Comment

            • zpsgpm
              Junior Member
              • Nov 2022
              • 1
              #4
              Hi paulhazo

              Did you solve your problem? I've the same and also tried adding "edgeupdate" to $SERVICE.NAME.NOT_MATCHES, but had no luck.

              So far I couldn't find another solution...

                Comment

                • jhboricua
                  Senior Member
                  • Dec 2021
                  • 113
                  #5
                  For managing my exclusions, I use the 'Windows Services names for discovery' regex under Administration -> General -> Regular Expressions rather than {$SERVICE.NAME.NOT_MATCHES} as I found the former to be more flexible and easier to manage. This is what my 'Windows services discovery' Filters section looks like:

                  Click image for larger version Name: Screenshot from 2023-03-21 14-03-15.png Views: 7208 Size: 63.2 KB ID: 461526

                  And the regex:

                  Click image for larger version Name: Screenshot from 2023-03-21 14-04-42.png Views: 7209 Size: 122.5 KB ID: 461527

                  This works well for me and excludes the services I don't wan't discovered. And IMHO, it is easier to read and manage.

                    Comment

                    • cyber
                      Senior Member
                      Zabbix Certified SpecialistZabbix Certified Professional
                      • Dec 2006
                      • 4807
                      #6
                      So "matches everything that does not match another rule"... my brain does not work that way..
                      Having such a long list to ignore, I would go already opposite way... match only those, what are needed and ignore everything else..​

                        Comment

                        • jhboricua
                          Senior Member
                          • Dec 2021
                          • 113
                          #7
                          Originally posted by cyber
                          Having such a long list to ignore, I would go already opposite way... match only those, what are needed and ignore everything else..​
                          I'd love to go that route, but unfortunately on large windows deployments that list becomes even worse IHMO.

                            Comment

                            • Yarin Levy
                              Junior Member
                              • Aug 2018
                              • 4
                              #8
                              Does it take time to remove the alerts? I set up mine as you guys said but alerts are still there...

                                Comment

                                • jhboricua
                                  Senior Member
                                  • Dec 2021
                                  • 113
                                  #9
                                  By default the discovery keeps lost items for 30 days before they are removed from the monitored host:
                                  Click image for larger version Name: image.png Views: 6428 Size: 25.8 KB ID: 464754

                                  You can temporarily change the 'Keep lost resources period' value to 0 and manually execute a discovery on the hosts so they immediately drop the excluded services and alerts.

                                    Comment

                                    • Yarin Levy
                                      Junior Member
                                      • Aug 2018
                                      • 4
                                      #10
                                      Ohh thanks!

                                        Comment

                                        Previous template Next
                                        Working...