Distributed open source monitoring Zabbix actual combat

As a distributed open source monitoring software, Zabbix has inherent advantages in the traditional monitoring field, with flexible data collection, customized alarm strategy, rich chart display, high availability and scalability. This article briefly introduces the characteristics, overall architecture and workflow of Zabbix, as well as the process of installation and deployment, and performs monitoring configuration in combination with actual combat.

---

1. Introduction to Zabbix

Zabbix is ​​an enterprise-level distributed open source monitoring solution that can monitor various network parameters as well as server health and integrity. It was created by Alexei Vladishev and is currently under continuous development and support by Zabbix SIA. Based on Web pages, Zabbix provides distributed system monitoring and network monitoring functions, provides multiple monitoring methods, and supports full-stack monitoring under complex system architectures.

1.1 Zabbix features

1) Flexibility of monitoring data collection

Zabbix supports a variety of data collection methods, including automatic discovery, agent, snmp, JMX, telnet collection methods, and data transmission in active and passive modes. At the same time, it also supports user-defined plug-ins and custom interval data collection.

• Extensive collection of data sources: collect data from terminals such as infrastructure, databases, applications, sensors, etc.
• The flexibility of data collection: the interval and strategy of data collection, and the types of data collected include text, binary and structured JSON, CSV and other data formats
• Support agent and agentless monitoring: use Zabbix Agent agent for in-depth monitoring; agentless monitoring supports monitoring protocols such as SNMP, IPMI, ODBC and Prometheus
• Support the standardization and conversion of collected data: convert the format of collected data, verify the accuracy of data, etc.

2) Custom configuration of alarm information

Zabbix can set the cycle, level, recovery notification, period threshold, etc. of alarm information, and supports maintenance cycle and stand-alone shutdown. At the same time, it supports multi-condition alarm, alarm information push, etc.

• Anomaly detection and trend prediction based on incoming data streams, custom alarm levels and classifications
• Push alarm information to different platforms, support alarm platform, mailbox and communication platform, etc.
• Fault alarm automatic repair function, realize fault self-healing function for some scenarios, such as automatic restart, automatic scaling of resources

3) Data visualization display

Zabbix can customize monitoring views, network topology, custom panels and IT service time and availability.

• Support personalized display of collected data, realize drag and drop zoom, dashboard, various charts and other functions
• Support geographical environment and infrastructure topology display, showing the overall situation of the entire cluster
• Generate customized reports and send them regularly

4) Architecture High Availability and Scalability

Zabbix's monitoring system has low requirements on equipment performance, supports proxy distributed monitoring, distributed centralized management, automatic monitoring and open interfaces, and has strong scalability.

• Zabbix high-availability deployment architecture prevents data loss and improves front-end user experience
• Support distributed monitoring by deploying Zabbix Proxy and support unlimited scalability

5) Security Audit Policy Guarantee

Zabbix supports security user audit logs, permission authentication and user restrictions to allow maintenance of the list.

• Communication between Zabbix components is transmitted through encryption and supports different encryption algorithms
• User permissions define different levels, and users are divided into different roles for management
• Restrict access to sensitive information of collected data, etc.

In addition to the above features, Zabbix supports rapid deployment and configuration on local or cloud platforms, seamless docking of different software and hardware platforms, and multi-tenant management.

1.2 Zabbix monitoring collection method

Zabbix supports monitoring various system platforms, including mainstream operating systems such as Linux and Windows, and can also monitor routing and switching devices with the help of SNMP or SSH protocols.

• Hardware monitoring: Zabbix IPMI Interface, monitor through the IPMI interface, monitor the physical characteristics of the monitored object, such as voltage, temperature, fan status, power status, etc.
• System monitoring: Zabbix Agent Interface, monitoring through a dedicated agent program, easy to deploy, low performance consumption, the preferred monitoring method is recommended.
• Java monitoring: Zabbix JMX Interface, monitor the JVM virtual machine through JMX (java management extensions) (java management extensions).
• Network device monitoring: Zabbix SNMP Interface, communicates with the monitored object through the SNMP protocol, and is used to monitor network devices such as routers and switches.
• Application service monitoring: Zabbix Agent UserParameter
• MySQL database monitoring: percona-monitoring-plulgins
• URL Monitoring: Zabbix Web Monitoring

1.3 Zabbix and Prometheus monitoring comparison

Prometheus is also a popular distributed monitoring tool nowadays, compared with Zabbix, as shown in the following table:

name	release time	Development language	performance	community support	container support	Enterprise use	deployment difficulty
Zabbix	2012	C+PHP	The upper limit is about 1w nodes	active	poor	Traditional monitoring such as server monitoring has obvious advantages	Different monitoring deployment methods for multiple systems
Prometheus	2016	Go	in thousands	active	Support cloud native, K8S and other monitoring	Container-related monitoring preferred	Simple, one command to get it done

In comparison, Prometheus has a stronger support for container monitoring, and is the preferred solution for container-related monitoring such as cloud native and K8S; Zabbix, as a traditional monitoring method, has a high degree of system stability and maturity, and is capable of monitoring infrastructure such as servers. The advantage, the disadvantage is that as the complexity of the architecture increases, customization becomes more difficult.

2. Zabbix architecture principle

2.1 Zabbix overall architecture

Zabbix's architecture is divided into server, Proxy layer and client parts, mainly including the following parts:

• Zabbix Server: The core component responsible for collecting and receiving data from monitored devices and communicating with Zabbix Agents, Zabbix proxy and Zabbix Database.
• Zabbix Database: used to store Zabbix data.
• Zabbix Agents: Installed on the monitored server, responsible for collecting local data and sending it to Zabbix Server.
• Zabbix Proxy: An optional component, often used in a distributed environment with many monitoring nodes. The proxy Server collects some data and forwards it to the Server, which can reduce the pressure on the Server.
• Zabbix GUI: Zabbix's Web front-end management interface, users can view the data collected by Zabbix Server through the Web front-end page, and can also configure Zabbix Server.

2.2 Zabbix main working process

In Zabbix, there are the following main processes:

• zabbix_agentd: Zabbix client daemon process, mainly responsible for collecting client monitoring item data.
• zabbix_server: Zabbix server daemon process, mainly responsible for collecting Zabbix client data.
• zabbix_proxy: Zabbix proxy process, its function is similar to Server, and its function is similar to a transfer station, which will eventually submit the collected data to zabbix_server again.
• zabbix_get: A Zabbix tool, usually running on zabbix server or zabbix proxy, used to remotely obtain client information, usually used for troubleshooting.
• zabbix_sender: A Zabbix tool that usually runs on the zabbix client for time-consuming checks, and its role is to actively send data.
• zabbix_java_gateway: A new function introduced after Zabbix2.0, which can be used for JAVA devices, but it can only actively obtain data, not passively.

In addition, there are processes such as alerter, configuration syncer, data sender, and database watchdog. Different processes play different roles and tasks in the Zabbix system, and can be flexibly configured and expanded as needed.

2.3 Zabbix workflow

Zabbix regularly collects data on the monitoring device through the client and sends it to the zabbix server; the zabbix server stores the data sent by the zabbix client in the database, and zabbix web displays and draws on the front end based on the data. Zabbix's data collection modes mainly include two types:

• Poller mode (active polling): Zabbix Server will actively poll Zabbix Agent or Zabbix Proxy to obtain monitoring data. The advantage of this method is that it can actively obtain data, and the timeliness of data collection is relatively high, but the disadvantage is that in an environment with a large number of servers, Zabbix Server cannot obtain the latest data in time.
• Trapper mode (active capture): Zabbix Agent or Zabbix Proxy actively sends data to Zabbix Server. This method can obtain real-time monitoring data without actively polling Zabbix Server, but the disadvantage is that Agent needs to be installed on the monitored server Or Proxy, which increases the operation and maintenance cost.

2.4 Zabbix monitoring framework

The deployment architecture of Zabbix can be selected and configured according to the needs of the actual monitoring environment. There are three common architectures:

• Server-Client architecture: The simplest architecture, the monitoring device and the monitored device are directly connected, and the Zabbix Server and Zabbix Agent directly perform data interaction. It is suitable for the monitoring environment with relatively simple network and relatively few devices.
• Server-Proxy-Client architecture: Proxy is a communication bridge between Server and Client. Proxy itself does not store data, but temporarily stores the data sent by Agent, and then submits it to Server. This architecture is often compared with the Master-Node-Client architecture, and is generally applicable to the monitoring of medium-sized network architectures across computer rooms and networks.
• Master-Node-Client architecture: the most complex monitoring architecture, suitable for large-scale environments that span networks, computer rooms, and many devices. Each Node is also a Server. The Node can be connected to a Proxy or directly to a Client.

3. Zabbix deployment actual combat

3.1 Zabbix source code installation and deployment

3.1.1 Deployment Architecture

This installation and deployment adopts the Server-client deployment architecture, as shown in the figure, the server is directly connected to the agent.

3.1.2 Install Server

Since Zabbix 6.0 and later versions do not support Server deployment on Centos 7, this time we tested with Zabbix 5.0 version.

1) System environment configuration

#1、关闭selinux
动态生效setenforce 0
配置/etc/selinux/config中SELINUX=设置为disabled

#2、关闭防火墙
关闭防火墙# systemctl stop firewalld
#systemctl disable firewalld

#3、准备mysql环境

2) Download the installation package warehouse

rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
Retrieving https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
warning: /var/tmp/rpm-tmp.eaB8GC: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:zabbix-release-5.0-1.el7         ################################# [100%]

At this time, there will be a zabbix.repo file under /etc/yum.repos.d/

3) Install Server, mysql database and Web front end

#yum install zabbix-server-mysql zabbix-agent -y
Resolving Dependencies
--> Running transaction check
---> Package zabbix-agent.x86_64 0:5.0.36-1.el7 will be installed
---> Package zabbix-server-mysql.x86_64 0:5.0.36-1.el7 will be installed
…
Installed:
  zabbix-agent.x86_64 0:5.0.36-1.el7                                               zabbix-server-mysql.x86_64 0:5.0.36-1.el7                                              
Dependency Installed:
  OpenIPMI.x86_64 0:2.0.27-1.el7         OpenIPMI-libs.x86_64 0:2.0.27-1.el7             OpenIPMI-modalias.x86_64 0:2.0.27-1.el7         fping.x86_64 0:3.16-1.el7        
  libevent.x86_64 0:2.0.21-4.el7         net-snmp-libs.x86_64 1:5.7.2-49.el7_9.2         unixODBC.x86_64 0:2.3.1-14.el7                 
Complete!

4) Install the front-end software package

# yum install centos-release-scl -y
#编辑zabbix.repo
[zabbix-frontend]
...
enabled=1
...
#安装前端软件包
yum install zabbix-web-mysql-scl zabbix-apache-conf-scl -y

5) Initialize database configuration

#1、在mysql数据库中创建数据库用户并授权
# mysql -uroot -p -A
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> create user 'zabbix'@'%' identified with mysql_native_password by 'password';
mysql> grant all privileges on zabbix.* to 'zabbix'@'%';
mysql> set global log_bin_trust_function_creators = 1;
mysql> quit;

#2、导入初始架构和数据
# zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix

6) Configure the database for Zabbix server

#编辑配置文件/etc/zabbix/zabbix_server.conf
DBPassword=password

7) Configure the correct time zone for Zabbix

#编辑配置文件/etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf
php_value[date.timezone] = Asia/Shanghai    #亚洲/上海 

8) Start the Zabbix service and check

#启动Zabbix server和agent进程，并为它们设置开机自启：
systemctl restart zabbix-server zabbix-agent httpd rh-php72-php-fpm
systemctl enable zabbix-server zabbix-agent httpd rh-php72-php-fpm

View the startup status of zabbix service

# netstat -nltp |grep zabbix
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN      1028/zabbix_agentd  
tcp        0      0 0.0.0.0:10051           0.0.0.0:*               LISTEN      1623/zabbix_server  
tcp6       0      0 :::10050                :::*                    LISTEN      1028/zabbix_agentd  
tcp6       0      0 :::10051                :::*                    LISTEN      1623/zabbix_server

9) Exception handling

#1、连接数据库失败，指定的socket有误
#错误信息：connection to database 'zabbix' failed: [2002] Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'
#解决办法：由于mysql配置的socket和zabbix默认的socket路径不同，修改zabbix配置文件/etc/zabbix/zabbix_server.conf中的DBSocket选项
DBSocket=/tmp/mysql.sock

#2、连接数据库失败，提示加密插件caching_sha2_password.so找不到
#错误信息：cannot be loaded: /usr/lib64/mysql/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
#解决办法：在创建用户时指定mysql的加密插件with mysql_native_password
create user 'zabbix'@'%' identified with mysql_native_password by 'password';

3.1.3 Configure the web page

1) Log in to the web access page http://192.168.112.121/zabbix

2) Configure database connection

3) Enter server details

4) Complete the installation

5) Web interface login, the default user is Admin, password is zabbix

6) Modify the interface language to Chinese

3.1.4 The monitored object installs the Agent agent

1) System environment configuration

#1、关闭selinux
动态生效setenforce 0
配置/etc/selinux/config中SELINUX=设置为disabled

#2、关闭防火墙
关闭防火墙# systemctl stop firewalld
#systemctl disable firewalld

2) Download the Agent installation package repository

rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rp

3) Install zabbix-agent

# yum install zabbix-agent -y

4) Modify the agent configuration file and specify the zabbix server address

# vi /etc/zabbix/zabbix_agentd.conf
Server=192.168.112.121

5) Start the service and set the boot to start

systemctl start zabbix-agent
systemctl enable zabbix-agent

6) Check the zabbix-agent port status

# netstat -nltp |grep zabbix
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN      1814/zabbix_agentd  
tcp6       0      0 :::10050                :::*                    LISTEN      1814/zabbix_agentd

3.2 Zabbix monitoring page configuration

3.2.1 Add host

Add the host to be monitored in "Configuration->Host" and select the monitoring template indicator

After the addition is complete, see the host information

In Monitoring -> Host, you can see the monitoring data. At the same time, you can see the number of current hosts in the dashboard

3.2.2 Custom Topology Map

Edit topology map information in "Monitor->Topology Map", such as adding server nodes, establishing link relationships, network traffic, etc.

Fill in the label "{Zabbix server:net.if.out["ens33"].last(0)}" in the link information, and you can get the monitoring information in "Host->Configuration->Monitoring Items".

The above is the introduction of the characteristics of distributed monitoring Zabbix, the introduction of the architecture process, and the actual installation and deployment. Zabbix has a lot of functions and needs to be familiarized with in the actual use process.

---

References:

1. https://www.zabbix.com/cn/
2. https://blog.51cto.com/u_16099217/6370557
3. https://blog.csdn.net/SmileLife_/article/details/126535575