Monitor Your Network with Zabbix

Special Thanks: This article was made possible by support from Linux Professional Institute

Zabbix is a network monitoring application that lets you stay on top of all your network activities. The app is very scalable and can work on networks of any size, from a home network with a couple of computers to an enterprise with dozens. It’s cross-platform and will keep track of machines running Linux, Windows, or Mac OS X. You can use it to keep a close eye on every aspect of these machines. You can ask Zabbix to report on several aspects including free disk space, CPU load, network traffic statistics, memory consumption, application status, and much more.

Zabbix keeps all the collected information in databases, such as MySQL, although you can also plug it into PostgreSQL and SQLite databases as well. Zabbix is very adept at sending out alerts and creating graphs. It can send out alerts via the Jabber/XMPP instant messaging protocol or email. Unlike other monitoring apps, Zabbix also lets you set up actions on remote machines that are triggered automatically on predefined events. Zabbix also excels at visualizing your network. It can generate real-time graphing of monitored events and offers graphs, network maps, screens, and even slideshows, making it suitable for complex networks, whose sys admins prefer to see graphical data representations.

Zabbix Components

A monitoring app primarily performs two functions: It collects data on all of the network's devices and reports the data to a central controlling authority. Zabbix relies on two key components for these functions: zabbix-server and zabbix-agent.

As the name suggests, you install zabbix-agent onto all the machines you wish to monitor on the network. The agent can monitor hardware resources, as well as applications, and pushes all the collected information to zabbix-server. The zabbix-agent is available for Linux, FreeBSD, OpenBSD, NetBSD, HP-UX, Mac OS X, Solaris, and various Windows versions. The other component, zabbix-server, is responsible for polling and trapping data. In case of problems or downtime, the server sends notifications to the configured accounts. You only need to install one instance of zabbix-server on your network.

In addition to zabbix-agent, Zabbix can also monitor devices via the SNMP protocol. While zabbix-agent can monitor physical and virtual machines, you can use SNMP to monitor network devices like routers and switches, as well as servers as long as you’ve configured them to respond to SNMP events.

With Zabbix, you get a centralized web interface that you can use to control the events that are monitored across the network. Due to its vast number of features, the interface may at times seem too complex and cumbersome to many first time users. However, the app is well-documented and intuitive to operate, and the interface will grow on you over time.

Prepare the Base

There are two ways to install Zabbix. You can compile and install Zabbix from source, or you can install Zabbix packages if your distribution supports them. Installing the packages is faster and makes things easier to maintain, while installing from source takes longer but optimizes the app for your server. In this tutorial, I’ll use precompiled binaries from the official Zabbix repository. Although I prefer to deploy server software atop CentOS, I’m setting up Zabbix on top of Ubuntu 18.04 LTS because of dependency issues in CentOS 7.

Use the following commands to add and install the Zabbix repository:

$ wget https://repo.zabbix.com/zabbix/4.2/ubuntu/pool/main/z/
  zabbix-release/zabbix-release_4.2-1+bionic_all.deb
$ sudo dpkg -i zabbix-release_4.2-1+bionic_all.deb
$ sudo apt update

Once the repository has been installed, use it to install Zabbix server with the MariaDB database, along with the Zabbix front end:

$ sudo apt install zabbix-server-mysql
$ sudo apt install zabbix-frontend-php

Before proceeding any further, I’ll set a password for the root user of the MariaDB server using a script that will also run through some common security configuration options:

$ sudo mysql_secure_installation

Now use the newly defined credentials for the database server to create a database for Zabbix:

$ sudo mysql -uroot -p

From inside the MariaDB monitor, create the database for Zabbix:

MariaDB> create database zabbix character set utf8 collate utf8_bin;

Create a new database user called zabbix to access the new zabbix database:

MariaDB> grant all privileges on zabbix.* to zabbix@localhost identified
  by 'Password';
MariaDB> flush privileges;
MariaDB> quit

Remember to replace 'Password' with the credentials you wish to use for the zabbix user.

The Zabbix installation ships with the schema for the initial database that you can import into the newly created zabbix database with a single command:

$ sudo zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz |
  mysql -uzabbix -p zabbix

Once the command has completed and populated the database, it’s time to point the Zabbix server to the database:

$ sudo nano /etc/zabbix/zabbix_server.conf

Scroll down the file and make sure the server has the correct authentication information for the zabbix database by editing the following parameters:

DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=<password>

One of the advantages of using the Zabbix binaries is that they automatically install the Apache web server and also create a virtual host file for Zabbix. You will however need to tweak the virtual host file to update some settings:

$ sudo nano /etc/apache2/conf-enabled/zabbix.conf

Since we are using PHP 7, scroll down to the <IfModule mod_php7.c> section and change the following parameters to the values mentioned below:

php_value max_execution_time 600
php_value memory_limit 128M
php_value post_max_size 32M
php_value upload_max_filesize 16M
php_value max_input_time 600
php_value max_input_vars 10000
php_value always_populate_raw_post_data -1
php_value date.timezone Europe/Berlin

Substitute the time zone with the one for your location using the values from the PHP documentation. When you are done, restart the Apache web server before starting the Zabbix server:

$ sudo systemctl restart apache2.service
$ sudo systemctl start zabbix-server.service
$ sudo systemctl enable zabbix-server.service

The last command will make the Zabbix server automatically start at boot.

Configure the Installation

Now that the Zabbix server is up and running, we’ll switch to the browser-based front end. Fire up a web browser and head to http://localhost/zabbix to bring up the front end. Replace localhost with the Zabbix server's IP address in case you are accessing it from another computer on the network. Since this is the first time you are accessing the interface, it will guide you through a short setup wizard. The process will check your PHP configuration (Figure 1). You’ll also be prompted for the details of the zabbix database. Before the front end establishes the connection to the Zabbix server and the database server, it will allow you to review the settings (Figure 2).

Figure 1: The screen displays the current values in the file along with the required minimums.

Figure 2: Review all settings and use the Back button to make any changes before proceeding further.

Once the front end has been configured and can connect to the Zabbix server and the database, it will automatically take you to the login screen. You can log in using the default credentials for the Zabbix Super Admin with Admin as the username and zabbix as the password.

The first order of business is to create a user to delegate some administrative control. Head to Administration | Users and click the Create user button in the top right-corner of the interface. In addition to the required details, make sure the user is added to one of the existing user groups, for example Zabbix administrators (Figure 3).

Figure 3: User groups help assign access permissions. Head to Administration | User groups to add custom user groups.

Before you add the user, you should also assign a notification delivery method to the user. Switch to the Media tab and click the Add button. Use the Type pull-down menu to select the notification method you want to use. I prefer the default option, which is email. Now enter the user's email address and click the Add button to save the settings and create the new user (Figure 4).

Figure 4: You can select multiple media types and specify a time for when they’ll be active.

Next up, you’ll need to define the host access permissions for this user. For this, click the user's group of in the Groups column, which is Zabbix administrators for the user we just created, and switch to the Permissions tab. Here, click the Select button and then select the groups from the pop-up list of groups. Click the Read button to give this user read-only permission to the selected groups. Save the settings for the new user by clicking the Update button in the user group properties screen.

Add Machines to Monitor

Now that the infrastructure is all deployed and configured, you can put it to real use by setting up a client for monitoring. The first machine to monitor will be the one on which you’ve set up the Zabbix server.

Since you’ve already added the Zabbix repository in this Ubuntu 18.04 installation, you will simply pull in the Zabbix agent:

$ sudo apt install zabbix-agent

Once it’s installed, start the agent, and set it up to start automatically at boot:

$ sudo systemctl start zabbix-agent
$ sudo systemctl enable zabbix-agent

All network devices that Zabbix monitors are known as hosts. The Zabbix server host that you’ve just installed the agent on is disabled by default; you’ll need to enable it manually before it can receive data from the agent. To do this head to Configuration | Hosts. The page will only list a single host named Zabbix server. Select the entry before clicking the Enable button to bring the monitoring server online.

Adding the local Zabbix server as a host is very simple and straightforward since there isn’t any real configuration installed. The agent is installed locally, so it requires no configuration, and there’s no need to take steps to send the data over an encrypted channel.

Zabbix Agent on a Remote Host

The process for monitoring a remote host is a little more involved. Begin the process by first adding the official Zabbix repository to the remote host you wish to monitor. Follow the instructions in the Zabbix manual to grab the relevant repository packages for either the RPM or DEB based distribution. Once you’ve installed the Zabbix repository, use the package management tools to pull in the zabbix-agent package.

After installing the packages, open the Zabbix agent’s configuration file:

$ sudo nano /etc/zabbix/zabbix_agentd.conf

Scroll the file to find lines mentioned below and uncomment them to point to your Zabbix server and give it a unique name:

Server=192.168.0.50
Hostname=FedoraWorkstation

Make sure you modify the entries as per your environment. After making the modification, start the agent and enable it just as you did earlier on the Zabbix server. Remember that if the remote host is behind a firewall, you’ll also need to open the 10050/TCP port for the agent to talk to the Zabbix server. On Ubuntu you can do this with:

$ sudo ufw allow 10050/tcp

In a production environment, it’s advisable to use certificates or pre-shared keys to encrypt the connection between the clients and the Zabbix server. Again, the Encryption chapter in the official Zabbix documentation covers the topic in detail. For now, I’ll just add the remote hosts without any encryption.

Head back to the Zabbix server and fire up the Zabbix front end. Login and navigate to Configuration | Hosts and click on the Create Host button in the top right corner. Here, you’ll need to enter the hostname of the monitored zabbix-agent machine. Make sure this is the same as the one you’ve mentioned in the agent configuration file earlier. Next, you’ll need to select the group in which you want to add the system. Since we are running the Zabbix agent to monitor a basic Linux server, we can choose the Linux server group. Enter the IP address of the remote host on which the Zabbix agent is running and also optionally enter a brief description of the host.

Now, switch to the new host interface's Template tab to add a template for the remote host. In this case, I’ll choose the Template OS Linux (Figure 5), which best describes our remote host. Click on Add to assign the template to the host. Once done, you can click the Add button to add the new host to the Zabbix server.

Figure 5: You can assign several templates to one host.

After a few minutes, the ZBX button under availability will turn green (Figure 6). This signifies that the host is available using the Zabbix agent and actively sending events from the host computer to the Zabbix server.

Figure 6: If the ZBX availability turns red, weed out any errors in the server and agent logfiles.

That’s it, you can now head to the monitoring tab to view all kinds of details about the server (Figure 7). I’ve just scratched the surface of the Zabbix monitoring app, and there’s a lot more you can do with it. For instance, manually adding agents isn’t feasible in a network with dozens of hosts. To aid mass deployment, here’s how you can automatically register Zabbix clients. Also make sure you read through the official Zabbix documentation to fully appreciate Zabbix's capabilities.

Figure 7: Use the pull-down menus under Monitoring | Graphs to view the monitored parameters for the selected host.