Collecting events from Zabbix¶
TeskaLabs LogMan.io Collector can collect events from Zabbix through Zabbix API.
- Zabbix Metrics Source collects history and events.
- Zabbix Security Source collects alerts and events.
Zabbix Metrics Source¶
Zabbix Metrics Source periodically sends event.get and history.get requests.
The event.get request is used to retrieve event data from the Zabbix server. Events in Zabbix represent significant occurrences within the monitored environment, such as triggers firing, discovery actions, or internal Zabbix events.
The history.get request is used to retrieve historical data from Zabbix, which includes various types of monitoring data, such as numeric values, text logs, and more.
Configuration¶
Example of minimal required configuration:
input:ZabbixMetrics:<SOURCE_ID>:
url: https://192.0.0.5/api_jsonrpc.php # URL for Zabbix API
auth: b03.......6f # Authorization token for Zabbix API
output: <output_id>
output:<type>:<output_id>:
...
Optionally, you can configure properties of requests:
interval: 60 # (optional, default: 60) Time interval between requests in seconds
max_requests: 100 # (optional, default: 50) Number of concurrent requests
request timeout: 10 # (optional, default: 10) Timeout for requests in seconds
sleep_on_error: 10 # (optional, default: 10) When error occurs, LMIO Collector waits for some time and then sends the requests again
You can also change the encoding of incoming events:
encoding: utf-8 # (optional) Encoding of incoming events
History types¶
In Zabbix, a history object represents a recorded piece of data associated with a metric item over time. These history objects are fundamental for analyzing the performance and status of monitored entities, as they store the actual collected data points. Each history object is associated with a specific item and includes a timestamp indicating when the data was collected. The history objects are used to track and analyze trends, generate graphs, and trigger alerts based on historical data.
Multiple different history object types can be returned in events. See the official documentation for more info.
| History object type | Name | Usage |
|---|---|---|
| 0 | numeric float | metrics like CPU load, temperature, etc. |
| 1 | character | log entries, service statuses, etc. |
| 2 | log | system and application logs |
| 3 | (default) numeric unsigned | free disk space, network traffic, etc. |
| 4 | text | descriptions, messages, etc. |
| 5 | binary | binary messages |
History types are configured in the following way:
histories_to_return: "0,1,3" # (optional, default: '0,3') List of history types
Metric items¶
A metric item in Zabbix specifies the type of data to be gathered from a monitored host. Each item is associated with a key that uniquely identifies the data to be collected, as well as other attributes such as the data type, collection frequency, and units of measurement. Items can represent various types of data, including numerical values, text, log entries, and more.
The Zabbix server typically contains a large amount of hosts from which histories will be collected. To filter for specific metric items, do the following steps:
- Create a CSV file with the list of metric types, each on separate line:
Uptime
Number of processes
Number of threads
FortiGate: System uptime
VMware: Uptime
CPU utilization
CPU user time
...
- Configure the path in LogMan.io Collector Zabbix Metrics Source configuration:
items_list_filename: conf/items.csv
Tip
We recommend to filter for a small subset of metric types to prevent Zabbix server overloading.
Zabbix Security Source¶
Zabbix Security Source periodically sends event.get and alert.get requests.
The event.get request is used to retrieve event data from the Zabbix server. Events in Zabbix represent significant occurrences within the monitored environment, such as triggers firing, discovery actions, or internal Zabbix events.
The alert.get request is used to retrieve alert data from the Zabbix server. Alerts in Zabbix are notifications generated in response to certain conditions or events, such as trigger status changes, discovery actions, or internal system events. These alerts can be configured to notify administrators or take automated actions to address issues.
Required configuration¶
Example of minimal required configuration:
input:ZabbixSecurity:<SOURCE_ID>:
url: https://192.0.0.5/api_jsonrpc.php # URL for Zabbix API
auth: b03.......6f # Authorization token for Zabbix API
output: <output_id>
output:<type>:<output_id>:
...
Optionally, you can configure properties of requests:
interval: 60 # (optional, default: 60) Time interval between requests in seconds
request timeout: 10 # (optional, default: 10) Timeout for requests in seconds
sleep_on_error: 10 # (optional, default: 10) When error occurs, LMIO Collector waits for some time and then sends the requests again
You can also change the encoding of incoming events:
encoding: utf-8 # (optional) Encoding of incoming events