Build your server

Zabbix monitoring system overview

Zabbix monitoring system overview 22 November 2022

In any host with more than one server, the administrator needs to have a complete picture of happens. The monitoring systems used to simplify this task in the large networks. Such systems include universal Zabbix tool, which is able to monitor the dynamics of servers and network equipment, to respond quickly with the emergency situations and prevent possible load problems. Zabbix monitoring system could also collect the statistics in the specified work environment and operate in the certain cases in a concrete way.

How Zabbix works and its architecture

The Zabbix architecture includes four main tools allowing monitor a specific production environment and collect a complete package of data about it to optimize a performance. These tools include:

  • server - the core storing all system data, including statistical, operational and configuration data. Remotely manages network services, notifies the administrator about emerging problems with equipment under supervision;
  • proxy service that works on behalf of a server and collects data on the availability and performance of devices. The data then saved to a buffer and loaded on the server into a separate database (MySQL, PostgreSQL, SQLite or Oracle). A proxy service to reduce the load on a server, on a processor and on a hard disk;
  • agent - a program (demon) that actively monitors the operation of local resources (drives, RAM, processor), applications and the collects statistics on them. The reflection of a current state’s physical server is carried out by Zabbix agent using such metrics as a core load (Processor load), resource wait time (CPU io wait time), swap space (Total swap space).
  • web interface is a part of the system server and often runs on the same physical host as Zabbix.

ZABBIX architecture

The main logical unit of Zabbix architecture is the network nodes (host), the servers under supervision. Each server assigns a description and an address - dns or ip. It is acceptable to use both and with the ability to choose what to use for a connection. Nodes can be organized into groups, such as the web servers or the database servers, to display only certain servers when monitored. At the same time, each node has several data elements (items) – the monitored parameters.

Data collection by Zabbix system is carried out most often in the following ways:

  • Zabbix agent - when the server collects an information from the agent on its own, connecting at a certain interval;
  • Simple check - the simple operations, including a ping;
  • Zabbix trapper – collection an information from the trappers that are bridges between the used services and the system itself;
  • Zabbix aggregate (Zabbix-complex) - a process that involves the collection of aggregate information from a database;
  • SSH agent (SSH agent) - the system connects via SSH works using the specified commands;
  • Calculate - checks that the system makes by comparing the available data, including after the previous collections.

Zabbix functionality includes the general checks for most common services - DBMS, SSH, Telnet, VMware, NTP, POP, SMTP, FTP. If the standard system settings are not enough, you can change them yourself or use the add-on through API. Also, the standard functions of a system include: control of the load on a processor - applies to both general and individual processes; collection of data on the amount of free RAM and physical memory; hard drive activity monitoring and network activity monitoring; ping to check the availability of nodes on the network.

The checks have predefined templates making it easy to create the new calculations. There are several types of the templates - standardized templates for network devices, HTTP template configuration, IPMI template configuration, ODBC template configuration.

For data processing, Zabbix uses triggers - logical expressions with the values ​​FALSE, TRUE and UNKNOWN could be created manually and tested on arbitrary values ​​before a use. Each trigger has a threat severity level, which is color-coded and audible in the web interface. For example:

  • Not classified - grey;
  • Information - light blue;
  • Warning - yellow;
  • Average - orange;
  • High - light red;
  • Disaster - red.

In a monitoring system the triggers using to identify the possible problems and to warn an administrator about the likelihood of their occurrence. This makes it possible to prevent the peaks in the load on the equipment or running out of hard disk space.

Action – the reaction to an event. Action could set automatically or manually both for one of the events and for a whole group. Action options:

  • Name - action name;
  • Event source - event source. Event sources are Discovery Events, Auto registration Events, or a specified Trigger Events;
  • Enable escalations - permission to escalate events;
  • Period - time period for the escalation step, specified in seconds;
  • Default subject - indicates who is notified by default;
  • Default message - standard message text;
  • Recovery message - notification text after a problem is solved;
  • Recovery subject - the subject to be notified after the operation;
  • Status - status of action, could be "active" or "disabled".

After the trigger is processed, the operations apply the subsequent automatic actions. The user can specify an operation or a group of operations for the events. The following operation parameters are distinguished: Step - when events are escalated; Operation type - actions at a certain step, for example, "Send message" or "Execute command"; Event Source - event source; Send message to - single message (Single user) or group (User group); Default message - default text; Subject – a person who notifies a system; Message - message text; Remote command - a command for the remote control.

Installing and configuring Zabbix

Zabbix system is easy to install and configure. It’s a server, a proxy and the agent are written in C#, the web interface is written in PHP. At the same time an installation of Zabbix Server and Zabbix Proxy is possible only on Linux systems, and Zabbix agent can be installed with almost any OS and platforms.

Zabbix Server installation package consists of:

  • zabbix_server binary (usually runs as a service);
  • MySQL (MariaDB)/PostgreSQL databases;
  • Apache2/Nginx web server with PHP handler;
  • files of the frontend site itself (.php, .js, .css)

The Zabbix installation scheme includes the following steps:

  • installing Zabbix Server on Linux (Ubuntu, CentOS) via a package manager. Select on the download page a repository suitable for distribution, for example: Zabbix Version (4.4) - OS Distribution (Ubuntu) - OS Version (18.04 Bionic) - Database (MySQL) - Web server (Nginx or Apache) to download and add it.

# wget

# dpkg -i zabbix-release_4.4-1+bionic_all.deb

# apt update

  • then the necessary packages install (# apt install zabbix-server-mysql zabbix-frontend-php zabbix-nginx-conf zabbix-agent), a database is created and the user’s rights are set (mysql -uroot mysql create database zabbix character set utf8 collate utf8_bin; mysql grant all privileges on zabbix.* to zabbix@localhost identified by 'YourPassword'; mysql quit;);
  • next, the database is imported zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p Zabbix and the service is added to autostart (# systemctl enable zabbix-server zabbix-agent nginx php7.2-fpm

# systemctl restart zabbix-server zabbix-agent nginx php7.2-fpm);

Zabbix web interface is configured as follows. The previously specified zabbix server URL (for example, a specified domain) opens in the browser. You need to register it in your hosts file or on the DNS server). At the same time, it is important to open both ports that the Zabbix system uses by default - TCP 10050 (port of passive agent, on which the zabbix server polls clients) and TCP 10051 (the port that the zabbix server receives a data from the clients - active agent).

Which version to choose. What's new in Zabbix 5.0.

Nowadays, Zabbix 4.2, Zabbix 4.4 and Zabbix 5.0 versions are in demand. Zabbix 4.2 version has the following features:

  • high-frequency throttling monitoring that scales and boosts NVPS faster problem detection and alerting without Zabbix heavy load;
  • collecting a data with HTTP agent;
  • data collection support with Prometheus Pro;
  • pre-processing supporting a validation and JavaScript and allowing transform any collected data;
  • pre-processing the proxy side providing more efficient scaling using a proxy;
  • improved tag management - meta-information at the level of events and issues that are convenient to work with, since the tags are supported both at the template level and at the level of hosts.

Zabbix 4.4 is equipped with:

  • new Zabbix agent;
  • Webhook system to support the alerts and notifications allowing an integration with the external systems;
  • Timescale DB support system;
  • built-in knowledge base for metrics and triggers visible to Zabbix users. For example, users can use the description of items and triggers in Monitoring Latest data.
  • new standard for the templates.

The LTS release of Zabbix 5.0, which will be supported for 5 years, differs from the versions 4.2 and 4.4 in the following ways:

  • HTTP proxy support for webhook allows to make the connections from Zabbix server to the external ones more manageable and secure;
  • the ability to choose which checks should be available on a particular agent. For example, you can limit the number of checks by actually creating white and black lists, define supported keys;
  • the ability to select encryption algorithms for all Zabbix components, in order to avoid a use of the insecure ciphers for TLS connections. This is important for monitoring the environments where certain security standards apply.
  • support the encrypted connections to database. Encrypted connection with PostgreSQL and MySQL is currently available;
  • switching from MD5 to SHA256 for storing user password hashes in the database, since this is currently the most secure algorithm;
  • support the secret user macros with the storing any confidential information (passwords and API tokens) where the last users don’t have an access;
  • SAML supports provide a single point of authentication against a trusted identity provider allowing a user credentials to be stored behind a firewall. SAML supports allow Zabbix to be integrated with the various on-premises and cloud identity providers such as Microsoft ADFS, OpenAM, SecurAuth, Okta, Auth0, as well as Azure, AWS or Google Cloud Platform.

In addition, Zabbix 5.0 has a user interface optimized for the wide screens, provides the ability to copy the widgets from the panel and export graphs, the filtering by tags, a support for modules to extend Zabbix interface, a support the custom macros for IPMI’s username and password.

All of these factors make Zabbix 5.0 the optimal and preferred solution for the organizing monitoring systems.

How much does it cost to deploy Zabbix

The cost of deploying and configuring Zabbix systems depends on the type of solution (lightweight, basic, advanced, professional version or individual package), as well as on the complexity of the installation and customer requirements (architecture description, list of metrics, monitored devices, systems and applications, the need for remote access).

Prices for these works range from $1,000 to $10,000.

Why is it worth to choose Zabbix, what are its advantages?

The choice in favor of Zabbix allows to make its capabilities:

  • automatically discovery of the servers and the network devices;
  • low-level monitoring and distributed monitoring, monitoring without an administrator;
  • support and capture mechanisms;
  • sending e-mail notifications about predefined events;
  • resource control and recording audit log files.

Compared to other monitoring systems, Zabbix allows to configure a system through API, as well as through the interface, provides the ability to store the settings in a database that allows to apply all the changes made to the configuration on the fly. It has the high-quality visualization tools and the stores history. Because of it greatly simplifies a number of the monitoring tasks. Among other features, Zabbix has strong support for the user parameters such as alerts, thresholds, reactions, as well as support for monitoring logs and JMX in its base package.

Zabbix Software Manual