ZABBIX 2.4 – Windows-specific item keys

April 12, 2014 Raj ZABBIX 2.4 0

Please Like Us!!!
DesiGoogly.com > Zabbix > ZABBIX 2.4 > ZABBIX 2.4 – Windows-specific item keys

Windows-specific item keys

Item keys

The table provides details on the item keys that you can use with Zabbix Windows agent only.

On a 64-bit system, a 64-bit Zabbix agent version is required for all checks related to running 64-bit processes to work correctly.

Key
Description Return value Comments
eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxlines>,<mode>]
Monitoring of event logs. Log.

name – name of event log
regexp – regular expression describing the required pattern
severity – regular expression describing severity
The parameter accepts the following values:
“Information”, “Warning”, “Error”, “Critical”, “Verbose” (On Zabbix 2.2 running on Windows Vista or newer versions)
“Information”, “Warning”, “Error”, “Failure Audit”, “Success Audit” (On older Zabbix versions running on any Windows version)
source – regular expression describing source identifier (regular expression is supported from Zabbix 2.2 version)
eventid – regular expression describing the event identifier(s)
maxlines – maximum number of new lines per second the agent will send to Zabbix server or proxy. This parameter overrides the value of 'MaxLinesPerSecond' in zabbix_agentd.win.conf
mode – possible values:
all (default), skip (skip processing of older data).
The mode parameter is supported from version 2.0.

The item must be configured as an active check.

Examples:
eventlog[Application]
eventlog[Security,,"Failure Audit",,^(529|680)$]
eventlog[System,,"Warning|Error"]
eventlog[System,,,,^1$]
eventlog[System,,,,@TWOSHORT] – here a custom regular expression named TWOSHORT is referenced (defined as a Result is TRUE type, the expression itself being ^1$|^70$).

“Windows Eventing 6.0” is supported from Zabbix 2.2 version.

net.if.list
List of network interfaces: Type Status IPv4 Description String. Supported since Zabbix agent version 1.8.1. Multi-byte interface names supported since Zabbix agent version 1.8.6. Disabled interfaces are not listed.

Note that enabling/disabling some components may change their ordering in the Windows interface name.

perf_counter[counter,<interval>]
Value of any Windows performance counter, where “counter” is the counter path, and “interval” is the time period for storing the average value.
See also: Windows performance counters. 		Average value of the “counter” during last “interval” seconds. Default value, if not given, for “interval” is 1. Performance Monitor can be used to obtain list of available counters. Until version 1.6 this parameter will return correct value only for counters that require just one sample (like \System\Threads). It will not work as expected for counters that require more that one sample – like CPU utilisation. Since 1.6 interval is used, so the check returns an average value for last “interval” seconds every time.
proc_info[<process>,<attribute>,<type>]
Different information about specific process(es). <process> – process name (same as in proc_cnt[] parameter)
<attribute> – requested process attribute.
<type> – representation type (meaningful when more than one process with the same name exists) 		The following attributes are currently supported:
vmsize – Size of process virtual memory in Kbytes
wkset – Size of process working set (amount of physical memory used by process) in Kbytes
pf – Number of page faults
ktime – Process kernel time in milliseconds
utime – Process user time in milliseconds
io_read_b – Number of bytes read by process during I/O operations
io_read_op – Number of read operation performed by process
io_write_b – Number of bytes written by process during I/O operations
io_write_op – Number of write operation performed by process
io_other_b – Number of bytes transferred by process during operations other than read and write operations
io_other_op – Number of I/O operations performed by process, other than read and write operations
gdiobj – Number of GDI objects used by process
userobj – Number of USER objects used by process

Valid types are:
min – minimal value among all processes named <process>
max – maximal value among all processes named <process>
avg – average value for all processes named <process>
sum – sum of values for all processes named <process>

Examples:
proc_info[iexplore.exe,wkset,sum] – to get the amount of physical memory taken by all Internet Explorer processes
proc_info[iexplore.exe,pf,avg] – to get the average number of page faults for Internet Explorer processes

Note: io_*, gdiobj and userobj attributes are available only on Windows 2000 and later versions of Windows, not on Windows NT 4.0.

service_state[*]
State of service. Parameter is service name. 0 – running
1 – paused
2 – start pending
3 – pause pending
4 – continue pending
5 – stop pending
6 – stopped
7 – unknown
255 – no such service 		Parameter must be real service name as seen in service properties under “Name:” or name of EXE file.
services[<type>,<state>,<exclude>]
List of services, separated by a newline or 0, if list would be empty. type – one of all (default), automatic, manual, disabled
state – one of all (default), stopped, started, start_pending, stop_pending, running, continue_pending, pause_pending, paused
exclude – list of services to exclude it from the result.
Excluded services should be written in double quotes, separated by comma, without spaces.
This parameter is supported starting from version 1.8.1. 		Examples:
services[,started] – list of started services
services[automatic, stopped] – list of stopped services, that should be run
services[automatic, stopped, "service1,service2,service3"] – list of stopped services, that should be run, excluding services with names service1, service2 and service3
wmi.get[<namespace>,<query>]
Execute WMI query and return the first selected object. namespace – WMI namespace
query – WMI query returning a single object 		This key is supported starting with Zabbix 2.2.0.

Examples:
wmi.get[root\cimv2,select status from Win32_DiskDrive where Name like '%PHYSICALDRIVE0%'] – returns the status of the first physical disk

Monitoring Windows services

This tutorial provides step-by-step instructions for setting up the monitoring of Windows services. It is assumed that Zabbix server and agent are configured and operational.

To monitor the up/down status of a service you need to perform the following steps:

Step 1

Get the service name.

You can get that name by going to the services mmc and bringing up the properties of the service. In the General tab you should see a field called 'Service name'. The value that follows is the name you will use when setting up an item for monitoring.

For example, if you wanted to monitor the “workstation” service then your service might be: lanmanworkstation.

Step 2

Configure an item for monitoring the service, with:

  • Key: service_state[lanmanworkstation]
  • Type of information: Numeric (unsigned)
  • Show value: select the Windows service state value mapping

Data source: Zabbix

Reviews & Comments

About Raj 68871 Articles
Enjoy!