ZABBIX platform deployment and use

ZABBIX platform deployment and use

1 Prepare the zabbix platform environment

• Create a new CentOS7 virtual host, set the host name zbx.sss.cn, IP address: 192.168.10.156/24
• Modify the /etc/hosts file and add the local domain name mapping record of zbx.tedu.cn
• Install and enable the LAMP platform
• Disable firewall and SELinux protection mechanisms

2 deployment steps

Step 1: Server address setting

1) Configure the host name as zbx.sss.cn

[root@centos7 ~]# hostnamectl set-hostname zbx.sss.cn	//设置主机名

Exit the current command line terminal and reopen it, and the host name in the command line prompt information will also change.

[root@zbx ~]# hostnamectl 
   Static hostname: zbx.sss.cn
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 74cf90f94eb1465ca75cf06c07ccdaf2
           Boot ID: e47660f510bd4fc3833b81e3b20a6c76
    Virtualization: vmware
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-1127.el7.x86_64
      Architecture: x86-64
[root@zbx ~]# 

2) Configure the IP address 192.168.10.156/24

[root@zbx ~]# nmcli connection show		//查看设备、连接名（比如ens33）
NAME    UUID                                  TYPE      DEVICE 
ens33   99c20005-a856-4f56-bc7f-e9cc8664389d  ethernet  ens33  
virbr0  cb9f2d6b-ac80-4d32-9bc4-8cca3f37d499  bridge    virbr0 
[root@zbx ~]#
[root@zbx ~]# nmcli  connection  modify  ens33  ipv4.method  manual  ipv4.addresses  "192.168.10.156/24"  connection.autoconnect  yes	//配置IP地址

[root@zbx ~]# nmcli connection up ens33 	//激活连接
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/6）
[root@zbx ~]#

3) Add local host mapping records for quick access.

[root@zbx ~]# vim /etc/hosts	//编辑该文件，添加以下内容
	......
	192.168.10.156  zbx     zbx.sss.cn
	
[root@zbx ~]# ping zbx.sss.cn	//确认修改结果
PING zbx (192.168.10.156) 56(84) bytes of data.
64 bytes from zbx (192.168.10.156): icmp_seq=1 ttl=64 time=0.049 ms	
64 bytes from zbx (192.168.10.156): icmp_seq=2 ttl=64 time=0.114 ms
64 bytes from zbx (192.168.10.156): icmp_seq=3 ttl=64 time=0.096 ms
64 bytes from zbx (192.168.10.156): icmp_seq=4 ttl=64 time=0.069 ms
^C
--- zbx ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.049/0.082/0.114/0.024 ms
[root@zbx ~]#

Step 2: Install and enable the LAMP platform.

1) Install LAMP platform components

[root@zbx ~]# yum -y install httpd mariadb-server mariadb php php-mtsql
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
软件包 httpd-2.4.6-93.el7.centos.x86_64 已安装并且是最新版本
软件包 1:mariadb-server-5.5.65-1.el7.x86_64 已安装并且是最新版本
软件包 1:mariadb-5.5.65-1.el7.x86_64 已安装并且是最新版本
软件包 php-5.4.16-48.el7.x86_64 已安装并且是最新版本
没有可用软件包 php-mtsql。
无须任何处理
[root@zbx ~]#

2) Enable LAMP platform related services

[root@zbx ~]# systemctl enable httpd mariadb --now	//设置开机自运行，并立即开启服务
[root@zbx ~]#

Step 3: Disable firewall and SELinux protection mechanisms

[root@zbx ~]# systemctl stop firewalld.service 		//立即停止防火墙
[root@zbx ~]# systemctl disable firewalld.service 	//禁止开机自动运行
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@zbx ~]#

2) Turn off the SELinux mechanism

[root@zbx ~]# setenforce 0		//使SELinux失效
[root@zbx ~]# vim /etc/selinux/config		//开机时禁用
	SELINUX=disable

Step 3: Install and enable zabbix master

1) Install dependent packages + components

[root@zbx ~]#yum -y install net-snmp net-snmp-devel curl curl-devel libxml2 libxml2-devel libevent-devel.x86_64 javacc.noarch  javacc-javadoc.noarch javacc-maven-plugin.noarch javacc*

[root@zbx ~]# yum -y install php-bcmath php-mbstring	//安装php支持zabbix组件

[root@zbx ~]# rpm -ivh http://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm  #会自动生成ZABBIX相关的yum源文件，保证系统可以上网
[root@zbx ~]# yum install zabbix-server-mysql zabbix-web-mysql -y    #安装zabbix组件

2) Prepare the ZABBIX database and users.

[root@zbx ~]# mysql -uroot -p
Enter password: 
......
MariaDB [(none)]> create  database  zabbix  character set utf8 collate utf8_bin;
MariaDB [(none)]> grant  all  on  zabbix.*  to  zabbix@localhost  identified  by  'sss@123';

3) Import data into the database zabbix

[root@zbx ~]# zcat /usr/share/doc/zabbix-server-mysql-4.0.27/create.sql.gz | mysql -uzabbix -p -h localhost zabbix
Enter password: 
[root@zbx ~]#

If you forget the zabbix database password, you can edit the following files to change the password

[root@zbx ~]# vim /etc/zabbix/zabbix_server.conf	//编辑ZABBIX配置文件
[root@zbx ~]# grep -n '^'[a-Z] /etc/zabbix/zabbix_server.conf	//确认修改结果

4) Configure the time zone, and set to join the boot-up self-start zabbix-server

[root@zbx ~]# vim /etc/httpd/conf.d/zabbix.conf
将#php_value date.timezone Europe/Riga 变更成 php_value date.timezone Asia/Shanghai
[root@zbx ~]# systemctl enable zabbix-server --now	//设置开机自启，并立即启动ZABBIX服务
[root@zbx ~]# netstat -anpt | grep zabbix	//监听在10051端口上,如果没监听成功，可重启zabbix-server服务试试

Step 4: Install the Web front-end system monitored by zabbix

1) Restart the httpd service to update the zabbix web page configuration

[root@zbx ~]# systemctl restart httpd
[root@zbx ~]#

2) Access the http://192.168.10.156/zabbix/ front-end page from the browser

Click the Next step button and follow the prompts to install the Web front-end system monitored by Zabbix.

All check items in the above picture must be OK! ! !

Enter the user name and password created earlier.

On this page, you can name your zabbix system in Name, or click Next Step to continue without naming.

3) Confirm the installation settings and complete the installation of the Web front-end system

See the "Congratulations!" prompt, indicating that the installation has been successful, click Finish to end the installation.

Step 5: Install and enable zabbix controlled machine

Here I use KALI as the controlled machine.

root@KALI:~# apt-get -y install zabbix-agent

Step 6: Adjust the configuration of the controlled machine to allow the master machine 192.168.10.156 to collect data

Adjust the zabbix-agent configuration file to allow the zabbix master (only allows itself 127.0.0.1 by default) to collect data.

root@KALI:~# vim /etc/zabbix/zabbix_agentd.conf		//编辑被控端文件
	Server=192.168.10.156			//添加主控机地址，多个地址以逗号分隔
	ServerActive=192.168.10.156	//添加主控机地址，多个地址以逗号分隔
	Hostname=KALI.sss.cn	//本机的主机名
root@KALI:~# grep -n '^'[a-Z] /etc/zabbix/zabbix_agentd.conf	//确认结果

Step 7: Start the zabbix-agent charged service

The controlled terminal service zabbix-agent is mainly responsible for communicating with the controlled terminal's zabbix-server, reporting and providing the required monitoring data, which is equivalent to an "undercover agent" placed on the controlled machine.
In order to monitor smoothly, the zabbix-agent service needs to be enabled.

root@KALI:~# systemctl enable zabbix-agent.service --now	//开机自启,并立即运行服务
Synchronizing state of zabbix-agent.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable zabbix-agent
Created symlink /etc/systemd/system/multi-user.target.wants/zabbix-agent.service → /lib/systemd/system/zabbix-agent.service.
root@KALI:~#

3 Manage monitoring items

Step 1: Confirm the zabbix login page and start the zabbix-server master service

1) Log in to the Zabbix platform as the default administrator Admin

After a successful login, you can see the English version of the zabbix monitoring webpage.

2) Change the interface language to "Chinese (zh_CN)"

Click the avatar logo on the upper right of the zabbix monitoring page to open the property setting page of the current user.
Click the drop-down arrow to the right of "Language", select "Chinese (zh_CN)", and then click the "Update" button below to update the user attributes.

After the update is successful, the zabbix monitoring page will become Chinese.

Step 2: Check the monitoring items of "Zabbix Server"

1) View the monitored host

Click "Configuration" –> "Host" on the zabbix monitoring page to list the monitored hosts. By default, the Zabbix platform has added this machine as the monitored object. Click Create Host in the upper right corner to add the controlled machine KALI.
Note: The hostname is the system hostname of KALI
At the same time, it is best to make corresponding mappings under /etc/hosts.

root@KALI:~# hostnamectl 
   Static hostname: KALI.sss.cn		//主机名称
         Icon name: computer-vm
           Chassis: vm
        Machine ID: d6b913ac13654f269ae1a362b219135b
           Boot ID: 8e18278fd39147198f9e8d5b921bc85b
    Virtualization: vmware
  Operating System: Kali GNU/Linux Rolling
            Kernel: Linux 5.5.0-kali2-amd64
      Architecture: x86-64
root@KALI:~# vim /etc/hosts
	......
	192.168.10.128	KALI	KALI.sss.cn	
	192.168.10.156	zbx		zbx.sss.cn

In the same way, corresponding mapping should be done on ZABBIX.

Create the controlled machine:

2) Add monitoring item template for KALI

Click on the name of KALI to select a template in a new window.

Select a template for the Linux system.

3) Select the monitoring item of Zabbix Server

You can see various monitoring items of this host.

By default, zabbix has been associated with relevant monitoring templates, and dozens of monitoring items have been automatically added.

For example, the availability of the controlled host (check whether zabbix-agent is communicating normally), available memory, CPU load, number of logged-in users, number of running processes, etc., can refer to the following information.

• Host availability: name Agent ping, key value agent.ping
• Available memory: name Available memory, key value vm.memory.size[available]
• CPU load (last 1 minute): name Processor load (1 min average per core), key value s system.cpu.load[percpu,avg1]
• CPU load (last 1 minute): name Processor load (1 min average per core), key value s system.cpu.load[percpu,avg1]
• CPU load (last 1 minute): name Processor load (1 min average per core), key value s system.cpu.load[percpu,avg1]
• Number of logged in users: name Number of logged in users, key value system.users.num
• Number of running processes: name Number of processes, key value proc.num[]

4) Control monitoring items

On the monitoring item management page, you can not only view monitoring items, but also disable specified monitoring items, or delete automatically discovered monitoring items that are not used. For example, the automatically discovered monitoring item for the virtual interface virbr0 can be deleted.

Step 3: Confirm/add the monitoring of inbound traffic and outbound traffic of the local network card (such as eth0)

Commonly used network traffic monitoring items use net.if.in[interface name] and net.if.out[interface name], which represent inbound traffic and outbound traffic respectively. For example, to monitor the traffic of network card ens33, you can configure the following monitoring items:

• Inbound traffic: name Incoming network traffic on ens33, key value net.if.in[ens33]
• Outbound traffic: name Outgoing network traffic on ens33, key value net.if.out[ens33]

Monitoring items such as network interface traffic information can be automatically discovered after a few minutes. Automatically discovered monitoring items will be marked with the word "discovery" in orange before the name.
If not, you can create it yourself:

Step 4: Configure icmpping to check the survival status of the device

1) Add a monitoring item on Zabbix Server to detect whether router 102 can be pinged

On the monitoring item management page, click the "Create Monitoring Item" page in the upper right corner, specify the name "Router 102 Survival Status" in the next setting page, select "Simple Check" for the type, and then select the icmpping key value and modify it correctly Detect the parameters, then click "Add" at the bottom and that's it. Here KALI is used as a router.

2) Add another monitoring item to check whether the switch 103 can be pinged

Here 192.168.10.2 is the gateway, used to simulate a switching device

4 Using Monitor Graphics

Step 1: Access the "Graphics" management page

Click "Configuration" --> "Host" --> Select the monitored host --> "Graphics" in the zabbix platform, and you can see the monitoring graphics that have been created (by default, they are all created from templates).

The default drawing font of zabbix is ​​located in /usr/share/zabbix/assets/fonts/graphfont.ttf, but this font does not support writing Chinese characters in pictures. Therefore, it is best to replace it with a Chinese font file that can normally support Chinese characters (such as Wenquanyi-Zhenghei).
Garbled code solution:

[root@zbx ~]# cp /usr/share/fonts/wqy-zenhei/wqy-zenhei.ttc /usr/share/zabbix/assets/fonts/graphfont.ttf 
cp：是否覆盖"/usr/share/zabbix/assets/fonts/graphfont.ttf"？ y
[root@zbx ~]#

Then press the F5 key to refresh the graphics viewing page, and the Chinese characters in the graphics can be displayed normally.

Step 2: Create "Network Card Traffic Analysis" to integrate inbound/outbound traffic data

1) Add "network card traffic analysis" graphics

Through the "Configuration" –> "Host" –> "Graphics" –> Create Graphics" of the zabbix monitoring page, use the two monitoring items of the inbound traffic and outbound traffic of the network card ens33 to create a "network card traffic analysis" monitoring graphic.

2) View the graphical results of "Network Card Traffic Analysis"

Click "Monitoring" -> "Graphics" -> select "Network Card Traffic Analysis" graphic on the zabbix platform, and you can see a very intuitive and dynamic traffic graphic.

Step 3: Create "router 102 status" to monitor the survival status of router 102

1) Add "Router 102 Status" graphic

Through the "Monitoring" -> "Graphics" -> "Create Graphics" of the zabbix monitoring page, use the "Router 102 Survival Status" monitoring item to create a "Router 102 Status" monitoring graphic.

2) View the graphical results of "Router 102 Status"

Click "Monitoring" on the zabbix platform --> "Graphics" --> select the "Router 102 Status" graph to see the monitoring results.A line with a value of 1 means the device can be pinged, a line with a value of 0 (if any) means that the ping cannot be done.

5 Configure zabbix email alert

Set a serious event alarm for the Zabbix server. When the number of logged-in users exceeds 5 or the number of running processes exceeds 500, an alarm email is sent to the root user of the zabbix server.

• Configure the alarm medium, alarm medium type, and action in sequence
• Configure monitoring items and triggers
• The number of simulated user logins exceeds the limit (for example, 7 users are logged in at the same time)
• Receive the mail of the root user on the zabbix server, and you can see the warning message

plan

The event notification mechanism of the zabbix monitoring system.

Step 1: Configure the alarm media type (who is responsible for sending the alarm email and how to send it)

Correctly set the server information and sender's email address that can be used to send emails. Take my QQ mailbox as an example.
In order to ensure that the QQ mailbox can normally send emails through SMTP, it needs to be set in the QQ mailbox used to send alarm information.
Log in to the homepage of QQ mailbox, select "Settings" --> Account –> POP3/IMAP/SMTP/Exchange/CardDAV/CalDAV service: the second

IMAP/SMTP is generally closed by default, and you need to use the mobile phone number associated with the mailbox to send before opening message to the specified number.

After the mobile phone sends a text message, click "I have sent" and a string of authorization codes will be returned.This authorization code is used for the password to log in to the mailbox when creating the sender in ZABBIX Server later.
For security reasons, third parties cannot use the original password of the QQ mailbox to log in to the QQ mailbox.

Manage –> Alarm Media Type –> Email, create the sender of the email alarm.
The password filled in here is the authorization code obtained in the above picture, remember! ! !

Step 2: Configure the alarm medium (to whom the alarm email is sent)

Manage –> User –> Select User XX –> Alarm Medium –> Add.

Step 3: Configure actions

Configure –> Action –> Create Action.
For example, an alarm is sent when the warning level is above "General Severity".

Step 4: Configure monitoring items and triggers

Configure –> Host –> Select Host –> Trigger –> Create Trigger.
For example, when the number of logged-in users exceeds 5 and the number of processes exceeds 200, a "generally serious" event message is generated.



verify results:

Step 5: The number of simulated user logins exceeds the standard

Open multiple command line terminals on the Zabbix server of the controlled host at the same time, or use SecureCRT, Putty and other tools to remotely log in to the Zabbix server service to simulate the situation where more than 5 users log in.
The specific process is omitted.
Log in to 7 terminals

View the current number of tasks, you can see that the current number of tasks is greater than 200.

Step 6: Check that the user has received an alert email message

When the set action meets the conditions, the corresponding email alarm operation will be initiated, and the recipient's email address corresponding to the user alarm medium will receive a notification email.
Log in to the recipient's mailbox to receive an alarm email.



At the same time, through the "Monitoring" -> "Dashboard" page on the ZABBIX Server, you will also see the corresponding problem report.