Zabbix ローレベルディスカバリ(LLD)の拡張①
Zabbix ローレベルディスカバリ(LLD)の拡張②
Zabbix ローレベルディスカバリ(LLD)の拡張③
Zabbix ローレベルディスカバリ(LLD)の拡張④
Zabbix ローレベルディスカバリ(LLD)の拡張⑤
追記
Zabbix3.0ではLLDアイテムキー「service.discovery」がサポートされるため、本対応は不要になります。
■ 3.6 Discovery of Windows services
https://www.zabbix.com/documentation/3.0/manual/discovery/low_level_discovery
#Windowsサービスの自動登録
windowsサービスの監視には以下の2つのアイテムが用意されています。
service_state[*]
services[<type>,<state>,<exclude>]
【自動起動に設定されているものを全て監視対象としたい】場合、アイテムのキーにservices[automatic,stopped] とすれば一つのアイテムとトリガーだけで済むので登録は楽ですが、2点問題があります。
- 一つのサービスが停止状態になりトリガーが「異常」状態になっている場合に、2つ目のサービスが停止してもアラートを上げることが出来ない。
- servicesアイテムで得られるのはサービスの実名であり、表示名とは異なるため分かりづらい。例)表示名「Trend ServerProtect」⇒ 実名「SpntSvc」
もう一つのservice_stateを使う場合、サービス別に登録が必要であり非常に手間です。
上記を解決するためにローレベルディスカバリを使い、サービス個別に登録しつつ表示名でアラート通知されるようにしたいと思います。
zabbix_agnetd.conf(エージェント側)での設定
UserParameter=services.discovery,cscript /nologo "C:\Program Files\zabbix\services.discovery.vbs" | "C:\Program Files\zabbix\nkf32.exe" -w
※2バイトのサービス名がある場合、文字化けしてしまうので、nkfツールを使って変換します。
nkf.exe nkf32.dll Windows用(Vector)
WebGUIでの設定
| ディスカバリルール | |
|---|---|
| 名前 | win32サービスのディスカバリ |
| タイプ | Zabbixエージェント |
| キー | services.discovery |
| アイテムのプロトタイプ | |
|---|---|
| 名前 | Windowsサービス[{#SERVICE_NAME}] |
| タイプ | Zabbixエージェント |
| キー | service_state[{#SERVICE_NAME}] |
WMIでの取得スクリプト
StartMode = "Auto" のものを列挙
services.discovery.vbs
computerName = "\\."
sql = "select * from Win32_Service"
FIRST= "1"
Set obj = GetObject("winmgmts:{impersonationLevel=impersonate}!" & computerName & "\root\cimv2").ExecQuery(sql)
WScript.Echo "{"
WScript.Echo " ""data"":["
For Each serviceName In obj
If serviceName.StartMode = "Auto" Then
If FIRST = 1 Then
WScript.Echo ""
FIRST= "0"
Else
WScript.Echo ","
End If
WScript.StdOut.Write " { ""{#SERVICE_NAME}"":""" & serviceName.Name &""" , ""{#SERVICE_DISPLAYNAME}"":""" & serviceName.DisplayName & """ }"
End If
Next
WScript.Echo ""
WScript.Echo " ]"
WScript.Echo "}"
出力結果
# zabbix_get -s 192.168.0.1 -p 10050 -k services.discovery
{
"data":[
{ "{#SERVICE_NAME}":"AeLookupSvc" , "{#SERVICE_DISPLAYNAME}":"Application Experience Lookup Service" },
{ "{#SERVICE_NAME}":"CryptSvc" , "{#SERVICE_DISPLAYNAME}":"Cryptographic Services" },
{ "{#SERVICE_NAME}":"DcomLaunch" , "{#SERVICE_DISPLAYNAME}":"DCOM Server Process Launcher" },
{ "{#SERVICE_NAME}":"Dhcp" , "{#SERVICE_DISPLAYNAME}":"DHCP Client" },
{ "{#SERVICE_NAME}":"dmserver" , "{#SERVICE_DISPLAYNAME}":"Logical Disk Manager" },
{ "{#SERVICE_NAME}":"Dnscache" , "{#SERVICE_DISPLAYNAME}":"DNS Client" },
{ "{#SERVICE_NAME}":"ERSvc" , "{#SERVICE_DISPLAYNAME}":"Error Reporting Service" },
{ "{#SERVICE_NAME}":"Eventlog" , "{#SERVICE_DISPLAYNAME}":"Event Log" },
{ "{#SERVICE_NAME}":"EventSystem" , "{#SERVICE_DISPLAYNAME}":"COM+ Event System" },
{ "{#SERVICE_NAME}":"helpsvc" , "{#SERVICE_DISPLAYNAME}":"Help and Support" },
{ "{#SERVICE_NAME}":"ImeDictUpdateService" , "{#SERVICE_DISPLAYNAME}":"Microsoft IME Dictionary Update" },
{ "{#SERVICE_NAME}":"lanmanserver" , "{#SERVICE_DISPLAYNAME}":"Server" },
{ "{#SERVICE_NAME}":"lanmanworkstation" , "{#SERVICE_DISPLAYNAME}":"Workstation" },
{ "{#SERVICE_NAME}":"LmHosts" , "{#SERVICE_DISPLAYNAME}":"TCP/IP NetBIOS Helper" },
{ "{#SERVICE_NAME}":"MDM" , "{#SERVICE_DISPLAYNAME}":"Machine Debug Manager" },
{ "{#SERVICE_NAME}":"MSDTC" , "{#SERVICE_DISPLAYNAME}":"Distributed Transaction Coordinator" },
{ "{#SERVICE_NAME}":"Netlogon" , "{#SERVICE_DISPLAYNAME}":"Net Logon" },
{ "{#SERVICE_NAME}":"PlugPlay" , "{#SERVICE_DISPLAYNAME}":"Plug and Play" },
{ "{#SERVICE_NAME}":"PolicyAgent" , "{#SERVICE_DISPLAYNAME}":"IPSEC Services" },
{ "{#SERVICE_NAME}":"ProtectedStorage" , "{#SERVICE_DISPLAYNAME}":"Protected Storage" },
{ "{#SERVICE_NAME}":"RemoteRegistry" , "{#SERVICE_DISPLAYNAME}":"Remote Registry" },
{ "{#SERVICE_NAME}":"RpcSs" , "{#SERVICE_DISPLAYNAME}":"Remote Procedure Call (RPC)" },
{ "{#SERVICE_NAME}":"SamSs" , "{#SERVICE_DISPLAYNAME}":"Security Accounts Manager" },
{ "{#SERVICE_NAME}":"Schedule" , "{#SERVICE_DISPLAYNAME}":"Task Scheduler" },
{ "{#SERVICE_NAME}":"seclogon" , "{#SERVICE_DISPLAYNAME}":"Secondary Logon" },
{ "{#SERVICE_NAME}":"SENS" , "{#SERVICE_DISPLAYNAME}":"System Event Notification" },
{ "{#SERVICE_NAME}":"SharedAccess" , "{#SERVICE_DISPLAYNAME}":"Windows Firewall/Internet Connection Sharing (ICS)" },
{ "{#SERVICE_NAME}":"ShellHWDetection" , "{#SERVICE_DISPLAYNAME}":"Shell Hardware Detection" },
{ "{#SERVICE_NAME}":"SpntSvc" , "{#SERVICE_DISPLAYNAME}":"Trend ServerProtect" },
{ "{#SERVICE_NAME}":"Spooler" , "{#SERVICE_DISPLAYNAME}":"Print Spooler" },
{ "{#SERVICE_NAME}":"SysmonLog" , "{#SERVICE_DISPLAYNAME}":"Performance Logs and Alerts" },
{ "{#SERVICE_NAME}":"TrkWks" , "{#SERVICE_DISPLAYNAME}":"Distributed Link Tracking Client" },
{ "{#SERVICE_NAME}":"W32Time" , "{#SERVICE_DISPLAYNAME}":"Windows Time" },
{ "{#SERVICE_NAME}":"winmgmt" , "{#SERVICE_DISPLAYNAME}":"Windows Management Instrumentation" },
{ "{#SERVICE_NAME}":"WZCSVC" , "{#SERVICE_DISPLAYNAME}":"Wireless Configuration" },
{ "{#SERVICE_NAME}":"ZABBIX Agent" , "{#SERVICE_DISPLAYNAME}":"ZABBIX Agent" },
{ "{#SERVICE_NAME}":"JavaQuickStarterService" , "{#SERVICE_DISPLAYNAME}":"Java Quick Starter" }
]
}