ZABBIX 1.8 – 11 Discovery

April 13, 2014 Raj ZABBIX 1.8 0

Please Like Us!!!
> Zabbix > ZABBIX 1.8 > ZABBIX 1.8 – 11 Discovery

11 Discovery

1 Goals

There are several goals of Zabbix network discovery module:

  • Simplify deployment

Network discovery can be used to significantly simplify and speed up Zabbix deployment. It also makes possible creation of user friendly appliances.

  • Simplify administration

Properly configured network discovery can simplify administration of Zabbix system a lot.

  • Support of changing environments

Network discovery makes possible use of Zabbix in rapidly changing environments with no excessive administration.

2009/08/13 17:37
· richlv

2 Overview

Zabbix provides effective and very flexible network discovery functionality. Zabbix network discovery is based on the following information:

  • IP ranges
  • Availability of external services (FTP, SSH, WEB, POP3, IMAP, TCP, etc)
  • Information received from Zabbix agent
  • Information received from SNMP agent

It does NOT provide:

  • Discovery of network topology

Every service and host (IP) checked by Zabbix network discovery module generates events which may be used to create rules for the following actions:

  • Generating user notifications
  • Adding and removing hosts
  • Enabling and disabling hosts
  • Adding hosts to a group
  • Removing hosts from a group
  • Linking hosts to a template
  • Unlinking hosts from a template
  • Executing remote scripts

The actions can be configured to respect host or service uptime and downtime.

If Zabbix server is compiled with IPv6 support and fping6 utility is missing, ICMP checks will fail for IPv4 devices as well. Only since Zabbix 1.8.2 IPv4 addresses are still processed by located fping.

2009/08/13 17:38
· richlv

3 How it works

Network discovery basically consists of two phases: Discovery and Actions.

First, we discover a host or a service, and generate discovery event or several events.

Then we process the events and apply certain actions depending of type of discovered device, IP, its status, up/down time, etc.

3.1 Discovery

Zabbix periodically scans IP ranges defined in network discovery rules. Frequency of the check is configurable for each rule individually.

Each rule defines set of service checks to be performed for IP range.

Events generated by network discovery module have Event Source “Discovery”.

Zabbix generates the following events:

Event When generated
Service Up Every time Zabbix detects active service.
Service Down Every time Zabbix cannot detect service.
Host Up If at least one of the services is UP for the IP.
Host Down If all services are not responding.
Service Discovered If the service is back after downtime or discovered for the first time.
Service Lost If the service is lost after being up.
Host Discovered If host is back after downtime or discovered for the first time.
Host Lost If host is lost after being up.

3.2 Actions

For a description of all conditions available for network discovery based events see action conditions.

For a description of all operations available for network discovery based events see operations.

2009/08/13 19:17
· richlv

4 Network discovery rule

Network discovery rule is a rule used by Zabbix to discover hosts and services.

Parameters of network discovery rule:

Parameter Description
Name Name of the rule. For example, “Local network”.
IP range Range of IP addresses for discovery. It may have the following formats:
Single IP: 192.168.1.33
Range of IP addresses: 192.168.1.1-255
IP mask: 192.168.4.0/24
Supported IP masks:
/16 – /32 for IPv4 addresses
/112 – /128 for IPv6 addresses
List: 192.168.1.1-255,192.168.2.1-100,192.168.2.200,192.168.4.0/24
Delay (in sec) This parameter defines how often Zabbix should execute this rule.
Checks Zabbix will use this list of checks for discovery of hosts and services.
List of supported checks: SSH, LDAP, SMTP, FTP, HTTP, POP, NNTP, IMAP, TCP, ZABBIX Agent, SNMPv1 Agent, SNMPv2 Agent, SNMPv3 Agent
Parameter Ports may be one of following:
Single port: 22
Range of ports: 22-45
List: 22-45,55,60-70
Device uniqueness criteria Uniqueness criteria may be:
IP address (no processing multiple-IP devices)
One of discovery check of the rule. Will be based either on a SNMP or Zabbix Agent check.
Status Active – the rule is active and will be execute by Zabbix server
Disabled – the rule is not active. It won't be executed.

Each IP address should be included only once, having multiple rules for a single IP address can have unexpected behaviour such as having deadlocks and/or duplicate hosts in the database. The same could happen if two hosts having the same DNS name are included in separate discovery rules.

2009/08/13 19:20
· richlv

5 Real life scenario

Suppose we would like to set up network discovery for local network having IP range of 192.168.1.1-192.168.1.255. In our scenario we want to:

  • discover those hosts that have Zabbix Agent running
  • run discovery every 10 minutes
  • add host to monitoring if host uptime is more than 1 hour
  • remove hosts if host downtime is more than 24 hours
  • use Template_Windows for Windows hosts
  • use Template_Linux for Linux hosts
  • add Linux hosts to “Linux servers” group
  • add Windows hosts to “Windows servers” group
Step 1

Define a network discovery rule for our IP range (Configuration → Discovery → Create rule button)

Zabbix will try to discover hosts in IP range of 192.168.1.1-192.168.1.255 by connecting to Zabbix Agents and getting value from system.uname key. A value received from an agent can be used to apply different actions for different operating systems. For example, link Windows servers to Template_Windows, Linux servers to Template_Linux.

The rule will be executed every 10 minutes (600 seconds).

When the rule is added, Zabbix will automatically start discovery and generation of discovery-based events for further processing.

Step 2

Define an action for adding newly-discovered Linux servers to the respective group/template. (Configuration → Actions → Create Action button)

The action will be activated if:

  • “Zabbix agent” service is “Up”
  • value of system.uname (the Zabbix Agent's key we used in rule definition) contains “Linux”
  • Uptime is more than 1 hour (3600 seconds)

The action will execute the following operations:

  • add the newly discovered host to “Linux servers” group (also add host if it wasn't added previously)
  • link host to “Template_Linux” template. Zabbix will automatically start monitoring the host using items and triggers from “Template_Linux”.
Step 3

Define an action for adding newly-discovered Windows servers to the respective group/template.

Step 4

Define an action for removing lost servers.

A server will be removed if “Zabbix agent” service is “Down” for more than 24 hours (86400 seconds).

2009/08/13 19:25
· richlv

Data source: Zabbix

Reviews & Comments

About Raj 68871 Articles
Enjoy!