Главная » Linux

Zabbix system uptime windows

Содержание
  1. Мониторинг процесса Windows с помощью Zabbix?
  2. Zabbix: мониторим всё подряд (на примере Redis’а)
  3. Базовые понятия
  4. Сервер и агенты
  5. Параметры мониторинга
  6. События
  7. Действия и Оповещения
  8. Шаблоны
  9. Постановка задачи для плагина
  10. Начальное положение
  11. Создание собственного плагина
  12. Параметры мониторинга
  13. Основной элемент данных
  14. Зависимый элемент данных
  15. Вычисляемый элемент данных
  16. Триггеры
  17. Настройка агента
  18. Генерация JSON’а
  19. Файл userparameter_XXX.conf
  20. Резюме
  21. Zabbix + Windows
  22. Windows
  23. Available solutions
  24. Windows CPU by Zabbix agent
  25. Overview
  26. Setup
  27. Zabbix configuration
  28. Macros used
  29. Template links
  30. Discovery rules
  31. Items collected
  32. Triggers
  33. Feedback
  34. Windows memory by Zabbix agent
  35. Overview
  36. Setup
  37. Zabbix configuration
  38. Macros used
  39. Template links
  40. Discovery rules
  41. Items collected
  42. Triggers
  43. Feedback
  44. Windows filesystems by Zabbix agent
  45. Overview
  46. Setup
  47. Zabbix configuration
  48. Macros used
  49. Template links
  50. Discovery rules
  51. Items collected
  52. Triggers
  53. Feedback
  54. Windows physical disks by Zabbix agent
  55. Overview
  56. Setup
  57. Zabbix configuration
  58. Macros used
  59. Template links
  60. Discovery rules
  61. Items collected
  62. Triggers
  63. Feedback
  64. Windows generic by Zabbix agent
  65. Overview
  66. Setup
  67. Zabbix configuration
  68. Macros used
  69. Template links
  70. Discovery rules
  71. Items collected
  72. Triggers
  73. Feedback
  74. Windows network by Zabbix agent
  75. Overview
  76. Setup
  77. Zabbix configuration
  78. Macros used
  79. Template links
  80. Discovery rules
  81. Items collected
  82. Triggers
  83. Feedback
  84. Windows services by Zabbix agent
  85. Overview
  86. Setup
  87. Zabbix configuration
  88. Macros used
  89. Template links
  90. Discovery rules
  91. Items collected
  92. Triggers
  93. Feedback
  94. Windows by Zabbix agent
  95. Overview
  96. Setup
  97. Zabbix configuration
  98. Template links
  99. Discovery rules
  100. Items collected
  101. Triggers
  102. Feedback
  103. Windows CPU by Zabbix agent active
  104. Overview
  105. Setup
  106. Zabbix configuration
  107. Macros used
  108. Template links
  109. Discovery rules
  110. Items collected
  111. Triggers
  112. Feedback
  113. Windows memory by Zabbix agent active
  114. Overview
  115. Setup
  116. Zabbix configuration
  117. Macros used
  118. Template links
  119. Discovery rules
  120. Items collected
  121. Triggers
  122. Feedback
  123. Windows filesystems by Zabbix agent active
  124. Overview
  125. Setup
  126. Zabbix configuration
  127. Macros used
  128. Template links
  129. Discovery rules
  130. Items collected
  131. Triggers
  132. Feedback
  133. Windows physical disks by Zabbix agent active
  134. Overview
  135. Setup
  136. Zabbix configuration
  137. Macros used
  138. Template links
  139. Discovery rules
  140. Items collected
  141. Triggers
  142. Feedback
  143. Windows generic by Zabbix agent active
  144. Overview
  145. Setup
  146. Zabbix configuration
  147. Macros used
  148. Template links
  149. Discovery rules
  150. Items collected
  151. Triggers
  152. Feedback
  153. Windows network by Zabbix agent active
  154. Overview
  155. Setup
  156. Zabbix configuration
  157. Macros used
  158. Template links
  159. Discovery rules
  160. Items collected
  161. Triggers
  162. Feedback
  163. Windows services by Zabbix agent active
  164. Overview
  165. Setup
  166. Zabbix configuration
  167. Macros used
  168. Template links
  169. Discovery rules
  170. Items collected
  171. Triggers
  172. Feedback
  173. Windows by Zabbix agent active
  174. Overview
  175. Setup
  176. Zabbix configuration
  177. Template links
  178. Discovery rules
  179. Items collected
  180. Triggers
  181. Feedback
  182. Windows SNMP
  183. Overview
  184. Setup
  185. Zabbix configuration
  186. Template links
  187. Discovery rules
  188. Items collected
  189. Triggers
  190. Feedback
  191. Known Issues

Мониторинг процесса Windows с помощью Zabbix?

Как организовать мониторинг процессов windows c помощью zabbix? Интересует способ узнать сколько процентов от общего ресурса процессора потребляет тот или иной процесс.

Версия Windows: Windows 10 pro 1909 x64
Версия zabbix сервера: 4.4.3
Способ снятия метрик: активный агент

  • Вопрос задан более года назад
  • 1211 просмотров

1.открываем perfmon.msc (не перепутайте с perfmon.exe — это немного другая программа.)
2.в «системном мониторе» (сейчас под рукой руссифицированная ось, поэтому ищите аналогичное на английском, благо монитор по умолчанию там один) нажимаем «добавить счетчики»
3. выбираем Process и ваш процесс, нужные метрики.
Все это только для понимания «что» вы будете мониторить.
теперь «как»: идем и внимательно читаем:
https://www.zabbix.com/documentation/4.2/ru/manual.
https://www.zabbix.com/documentation/4.2/ru/manual.
В последней статье ищем proc_info — это оно и есть
Если есть какие то перфкаунтеры которых вы не нашли в заббикс — в 1й статье в конце есть как добавить нужные через user parameters

Почему perfcounters а не WMI? Потому что обращение к WMI — довольно дорогая операция, часто не позапрашиваешь (а если залезть в глубины того что доступно через WMI — выяснится что там те же перфкаунтеры, облагороженные и обогащенные) — частое обращение довольно сильно жрет CPU
Почему не сторонняя программа? Потому что Win уже собирает данные процессов и основная задача — добраться до них

Zabbix: мониторим всё подряд (на примере Redis’а)

Zabbix — замечательный продукт для администраторов крупных программно-аппаратных комплексов. Он настолько хорош, что может использоваться не только крупным бизнесом, но и средне-малым бизнесом, и даже в pet -проекте. В общем, у меня есть небольшой опыт работы с Zabbix’ом и я смело могу рекомендовать его к использованию.

Правда я не могу сказать, что понимаю «философию Zabbix’а«. Несмотря на обширную подробную документацию на русском языке, мне было сложно погружаться в мир Zabbix’а — создавалось ощущение, что мы с разработчиками одни и те же вещи называем разными именами. Возможно потому, что Zabbix создавался админами для админов, а я всё-таки больше разработчик и пользователь.

Тем не менее, для запуска Zabbix’а и для мониторинга основных параметров компьютерных систем (процессор, память и т.п.) навыков обычного linux-пользователя хватает. Есть большое количество плагинов от сторонних разработчиков, расширяющих возможности Zabbix’а. Для моих нужд мне потребовалось настроить мониторинг Redis-сервера. Я немного покопался в коде имеющихся плагинов и на их примере выяснил, что архитектура Zabbix’а позволяет достаточно просто подключать к мониторингу любые параметры информационных систем, которые могут быть выражены в числовом виде.

Под катом — пример Zabbix-плагина с моим пояснением по терминологии Zabbix’а. Кому-то этот пример покажется наивным, ну а кому-то поможет проще освоиться с понятиями. В любом случае, Zabbix достаточно велик для того, чтобы ощупать его с разных сторон.

Базовые понятия

Кратко о некоторых понятиях, которые используются в Zabbix’е: agents, items, triggers, actions, notifications, templates.

Сервер и агенты

С точки зрения пользователя Zabbix делится на две большие части: сервер и агенты. Сервер располагается на одной машине, которая собирает и хранит статистические данные, а агенты — на тех машинах, данные с которых собираются:

Параметры мониторинга

Любая величина, которая может выражена в числовом или строковом виде, называется в терминологии Zabbix’а — элементом данных (item). Каждый элемент связывается с уникальным ключом (именем). Вот примеры элементов данных:

  • system.cpu.load[percpu,avg1]: 0.1167
  • system.uname: «Linux supru 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64»

Значения этих элементов данных (параметров мониторинга) привязываются ко времени, история значений параметров сохраняется в базе сервера.

События

При наступлении некоторого события в Zabbix’е срабатывает триггер. Например,

  • >10 — среднее значение параметра за последние 5 минут превысило «10»
  • >0 — текущее значение параметра не равно предыдущему значению

По сути, триггеры — это формулы, в которых переменными выступают параметры мониторинга (текущие и сохранённые), и которые на выходе дают true / false .

Действия и Оповещения

В случае наступления события (срабатывания тригера) сервер может выполнить действие. Например, отправить оповещение по email’у на заданный адрес («Problem: host is unreachable for 5 minutes«). Также действие может быть выполнено в случае возвращения триггера в исходное состояние («Resolved: host is unreachable for 5 minutes«). Все события (переключения триггера) логируются на стороне сервера.

Шаблоны

Zabbix даёт возможность как настроить правила мониторинга для отдельного хоста, так и создать шаблон правил (template), который можно применять к различным хостам:

На примере видно, что шаблон «Template App SSH Service» описывает одно приложение (Applications), один параметр мониторинга (Items), один триггер (Triggers). Также доступны описания для графиков, экранов, правил обнаружения и web-сценариев.

Постановка задачи для плагина

Начальное положение

Сам Zabbix предлагает свой собственный плагин для мониторинга состояния Redis’а, но на моей версии сервера (4.2.8) мне не удалось его задействовать (плагин для версии 4.4 и выше). Также предлагаются решения от третьих лиц (около десятка вариантов под различные версии Zabbix’а, на картинке только первых три):

Каждый из них обладал своими плюсами-минусами, пришлось заглянуть внутрь, чтобы выбрать. Лучшим, на мой взгляд, оказался плагин Shakeeljaveed/zabbix-redis-userparamaters, состоявший из двух файлов:

Немножко пришлось поработать «ручками», но зато на его примере стало чуть понятнее, как данные от агента попадают на сервер. По предложению автора Javeed Shakeel состояние Redis’а каждые 2 минуты сбрасывалось кроном в файл /tmp/redismetric :

А затем каждый параметр мониторинга извлекался агентом из файла /tmp/redismetric при помощи средств самой операционной системы. Инструкции для этого размещались в конфигурации Zabbix-агента /etc/zabbix/zabbix_agent.conf.d/userparameter_redis.conf . Например, вот так выглядят инструкция для извлечения параметра used_memory (использование памяти Redis-сервером):

То есть, в файле /tmp/redismetric с выводом redis-cli INFO по ключу used_memory ищется строка ( grep -w . )

которая затем разбивается на столбцы по разделителю «:» ( cut -d: -f2 ). На выходе агент получает число 7153216 и присваивает его параметру used_memory .

Остаётся через web-интерфейс настроить сервер, чтобы он периодически отправлял запросы агенту на получение данных по параметру used_memory , после чего данные начинают литься на сервер, сохраняться в базе, по ним можно строить графики и создавать триггера, реагирующие на изменения этого параметра.

Задачей мониторинга состояния любой системы явлется не только сбор статистики, но и предупреждение о возникновении ситуаций, требующих вмешательства человека. Так как с Redis’ом я работаю на уровне очень начинающего пользователя, то пришлось поискать информацию, на какие параметры «здоровья» обращать внимание и что они значат. Наиболее достойной показалась статья «6 Crucial Redis Monitoring Metrics You Need To Watch». Проанализировав её, я пришёл к выводу, что «для полного счастья» мне нужно собирать данные для обнаружения следующих событий:

  • Memory fragmentation: used_memory_rss / used_memory > 1.5
  • Low cache hit ratio: (keyspace_hits)/ (keyspace_hits + keyspace_misses) 0
  • Evicted keys: evicted_keys > 0

Также я хотел собирать статистику по дополнительным параметрам (версия Redis’а, uptime и т.п.). В общем, имея общее представление о том, каким образом данные собираются агентом и передаются на сервер, «хотелки» можно сильно не ограничивать. В итоге получился список параметров для мониторинга из 12 позиций.

Создание собственного плагина

Параметры мониторинга

Плагин, который я анализировал, предполагал выполнение отдельной команды для получения отдельного параметра (элемента данных, item’а):

Т.е., для получения данных по 12 параметрам агент должен будет 12 раз выполнить различные наборы команд. А если мне нужно мониторить параметры, которые сложно извлечь цепочкой команд и нужно будет писать отдельный shell-скрипт или полноценную программу? Для таких «хотелок» Zabbix предлагает вариант с зависимыми элементами данных. Суть его в том, что на стороне агента скриптом формируется набор данных (например, в формате JSON), который передаётся на сервер в виде строкового параметра. Затем на стороне сервера происходит разбор полученных данных и вычленение из них отдельных элементарных параметров.

Основной элемент данных

Я описал основной элемент данных redis.info строкового типа с периодом обновления в 1 мин., без сохранения истории изменений:

Предположительно, на стороне агента должен генерироваться такой JSON:

после чего этот текст должен попадать на сервер в виде элемента данных redis.info , но не сохраняться, а служить базой для других элементов данных (параметров мониторинга).

Зависимый элемент данных

Тестовый параметр redis.info.version зависит от redis.info и сохраняет свои значения в базе в течение 90 дней. Периодичность мониторинга параметра зависит от базового элемента ( redis.info ):

Значение параметра redis.info.version извлекается из значения redis.info при помощи инструкций JSONPath:

По аналогичной схеме описываются остальные зависимые элементы данных (параметры мониторинга), которые передаются в виде JSON’а. Вот пример описания числового параметра redis.info.used_memory :

Всё достаточно прозрачно, за исключением Units и Trend storage period . Со вторым пунктом я не разбирался, оставил по-умолчанию, а единицы измерения объяснены в документации. В данном случае значение redis.info.used_memory измеряется в байтах и в web-интерфейсе сворачивается до кило/мега/гига/. -байт.

Формула для извлечения значения из JSON’а: JSONPath = $.used_memory

Вычисляемый элемент данных

Для вычисления фрагментации памяти используется отношение used_memory_rss / used_memory и на его базе определяется триггер, срабатывающий при превышении отношением значения 1.5. В Zabbix’е есть вычисляемый тип элементов данных:

Значение для параметра redis.info.used_memory_ratio вычисляется каждую минуту на основании последних значений двух других параметров ( redis.info.used_memory_rss и redis.info.used_memory ), сохраняется в базе в течение 90 дней и т.д.

Триггеры

Вот пример триггера, срабатывающего при излишней фрагментации памяти:

Ничего необычного, за исключением формата выражений, используемого в формуле изменения состояния триггера. В Zabbix’е есть конструктор форм, можно воспользоваться им или обратиться к документации/примерам (список триггеров доступен через web-интерфейс по адресу «Configuration / Templates / $ / Triggers«).

Триггер может базироваться на любых элементах данных (item’ах) вне зависимости от их типа (основной, зависимый, вычисляемый).

Настройка агента

Генерация JSON’а

Для получения значений параметров мониторинга и формирования JSON’а я использую вот такой shell-скрипт:

Этот скрипт я поместил в файл /var/lib/zabbix/user_parameter/redis/get_info.sh на сервере с Redis’ом, на котором уже установлен агент Zabbix’а. Пользователь, под которым запускается Zabbix-агент (обычно zabbix ) должен иметь права на выполнение файла get_info.sh .

Файл userparameter_XXX.conf

На стороне агента дополнительные параметры мониторинга прописываются в файлах userparameter_*.conf в каталоге /etc/zabbix/zabbix_agentd.d . Поэтому для того, чтобы агент узнал о том, каким образом ему нужно собирать данные по параметру redis.info , я создал файл /etc/zabbix/zabbix_agentd.d/userparameter_redis.conf с таким содержимым:

Т.е., для получения данных по параметру redis.info агент должен запустить скрипт /var/lib/zabbix/user_parameter/redis/get_info.sh и передать на сервер результат выполнения.

После рестарта Zabbix-агента ( sudo service zabbix-agent restart ) у него появляется возможность собирать данные для параметра redis.info и отправлять их на сервер.

UPDATE: коллега banzayats обратил внимание, что текстовые данные с хоста можно получить без создания промежуточного скрипта userparameter_*.conf — при помощи параметра » system.run » и проводить постпроцессинг уже на стороне zabbix-сервера.

Резюме

Понимание Zabbix’а ко мне приходило (и всё ещё приходит) достаточно тяжело. Тем не менее я считаю его прекрасным инструментом, особенно после того, как для меня открылась простота добавления собственных параметров мониторинга (элементов данных). По большому счёту, достаточно добавить один файл на сервер с агентом ( userparameter_XXX.conf ) с shell-командой для сбора данных и настроить Zabbix-сервер на получение этих данных через web-интерфейс. И всё — можно накапливать данные, строить графики, анализировать изменения и создавать триггера, реагирующие на эти изменения.

Код шаблона, файла userparameter_redis.conf и скрипта get_info.sh можно посмотреть в проекте flancer32/zabbix_plugin_redis.

Спасибо всем, кто дочитал до конца, а особенно тем, кто нашёл в публикации что-то полезное для себя.

Zabbix + Windows

Windows

Microsoft Windows is a group of several graphical operating system families, all of which are developed, marketed, and sold by Microsoft.

Available solutions

Windows CPU by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The critical threshold of the % Interrupt Time counter.

The threshold of the % Privileged Time counter.

The threshold of the Processor Queue Length counter.

The critical threshold of the CPU utilization in %.

There are no template links in this template.

Discovery rules

Items collected

CPU utilization in %

The Processor Information\% Interrupt Time is the time the processor spends receiving and servicing

hardware interrupts during sample intervals. This value is an indirect indicator of the activity of

devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication

lines, network interface cards and other peripheral devices. This is an easy way to identify a potential

hardware failure. This should never be higher than 20%.

Context Switches/sec is the combined rate at which all processors on the computer are switched from one thread to another.

Context switches occur when a running thread voluntarily relinquishes the processor, is preempted by a higher priority ready thread, or switches between user-mode and privileged (kernel) mode to use an Executive or subsystem service.

It is the sum of Thread\Context Switches/sec for all threads running on all processors in the computer and is measured in numbers of switches.

There are context switch counters on the System and Thread objects. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.

The Processor Information\% Privileged Time counter shows the percent of time that the processor is spent

executing in Kernel (or Privileged) mode. Privileged mode includes services interrupts inside Interrupt

Service Routines (ISRs), executing Deferred Procedure Calls (DPCs), Device Driver calls and other kernel-mode

functions of the Windows® Operating System.

Processor DPC time is the time that a single processor spent receiving and servicing deferred procedure

calls (DPCs). DPCs are interrupts that run at a lower priority than standard interrupts. % DPC Time is a

component of % Privileged Time because DPCs are executed in privileged mode. If a high % DPC Time is

sustained, there may be a processor bottleneck or an application or hardware related issue that can

significantly diminish overall system performance.

The Processor Information\% User Time counter shows the percent of time that the processor(s) is spent executing

The number of logical processors available on the computer.

The Processor Queue Length shows the number of threads that are observed as delayed in the processor Ready Queue

and are waiting to be executed.

Group Name Description Type Key and additional info
CPU CPU utilization ZABBIX_PASSIVE system.cpu.util
CPU CPU interrupt time ZABBIX_PASSIVE perf_counter_en[«\Processor Information(_total)\% Interrupt Time»]
CPU Context switches per second ZABBIX_PASSIVE perf_counter_en[«\System\Context Switches/sec»]
CPU CPU privileged time ZABBIX_PASSIVE perf_counter_en[«\Processor Information(_total)\% Privileged Time»]
CPU CPU DPC time ZABBIX_PASSIVE perf_counter_en[«\Processor Information(_total)\% DPC Time»]
CPU CPU user time ZABBIX_PASSIVE perf_counter_en[«\Processor Information(_total)\% User Time»]
CPU Number of cores ZABBIX_PASSIVE wmi.get[root/cimv2,»Select NumberOfLogicalProcessors from Win32_ComputerSystem»]
CPU CPU queue length ZABBIX_PASSIVE perf_counter_en[«\System\Processor Queue Length»]

Triggers

CPU utilization is too high. The system might be slow to respond.

«The CPU Interrupt Time in the last 5 minutes exceeds <$CPU.INTERRUPT.CRIT.MAX>%.»

The Processor Information\% Interrupt Time is the time the processor spends receiving and servicing

hardware interrupts during sample intervals. This value is an indirect indicator of the activity of

devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication

lines, network interface cards and other peripheral devices. This is an easy way to identify a potential

hardware failure. This should never be higher than 20%.

Depends on:

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

The CPU privileged time in the last 5 minutes exceeds <$CPU.PRIV.CRIT.MAX>%.

Depends on:

— CPU interrupt time is too high (over <$CPU.INTERRUPT.CRIT.MAX>% for 5m)

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

The CPU Queue Length in the last 5 minutes exceeds <$CPU.QUEUE.CRIT.MAX>. According to actual observations, PQL should not exceed the number of cores * 2. To fine-tune the conditions, use the macro <$CPU.QUEUE.CRIT.MAX >.

Depends on:

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows memory by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The warning threshold of the Memory Pages/sec counter.

The warning threshold of the Free System Page Table Entries counter.

The warning threshold of the Memory util item.

The warning threshold of the minimum free swap.

There are no template links in this template.

Discovery rules

Items collected

Name Description Expression Severity Dependencies and additional info
High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m) > WARNING
CPU interrupt time is too high (over <$CPU.INTERRUPT.CRIT.MAX>% for 5m)
CPU privileged time is too high (over <$CPU.PRIV.CRIT.MAX>% for 5m)
CPU queue length is too high (over <$CPU.QUEUE.CRIT.MAX>for 5m)

Used memory in Bytes

Total memory in Bytes

Memory utilization in %

Cache Bytes is the sum of the Memory\System Cache Resident Bytes, Memory\System Driver Resident Bytes,

Memory\System Code Resident Bytes, and Memory\Pool Paged Resident Bytes counters. This counter displays

the last observed value only; it is not an average.

The free space of swap volume/file in bytes.

The free space of swap volume/file in percent.

The total space of swap volume/file in bytes.

This indicates the number of page table entries not currently in use by the system. If the number is less

than 5,000, there may well be a memory leak or you running out of memory.

Page Faults/sec is the average number of pages faulted per second. It is measured in number of pages

faulted per second because only one page is faulted in each fault operation, hence this is also equal

to the number of page fault operations. This counter includes both hard faults (those that require

disk access) and soft faults (where the faulted page is found elsewhere in physical memory.) Most

processors can handle large numbers of soft faults without significant consequence. However, hard faults,

which require disk access, can cause significant delays.

This measures the rate at which pages are read from or written to disk to resolve hard page faults.

If the value is greater than 1,000, as a result of excessive paging, there may be a memory leak.

This measures the size, in bytes, of the non-paged pool. This is an area of system memory for objects

that cannot be written to disk but instead must remain in physical memory as long as they are allocated.

There is a possible memory leak if the value is greater than 175MB (or 100MB with the /3GB switch).

A typical Event ID 2019 is recorded in the system event log.

Group Name Description Type Key and additional info
Memory Used memory ZABBIX_PASSIVE vm.memory.size[used]
Memory Total memory ZABBIX_PASSIVE vm.memory.size[total]
Memory Memory utilization CALCULATED vm.memory.util

Expression:

last(«vm.memory.size[used]») / last(«vm.memory.size[total]») * 100
Memory Cache bytes ZABBIX_PASSIVE perf_counter_en[«\Memory\Cache Bytes»]
Memory Free swap space CALCULATED system.swap.free

Expression:

last(«system.swap.size[,total]») — last(«system.swap.size[,total]») / 100 * last(«perf_counter_en[\»\Paging file(_Total)\% Usage\»]»)
Memory Free swap space in % DEPENDENT system.swap.pfree

Preprocessing:

— JAVASCRIPT: return (100 — value)

The used space of swap volume/file in percent.

ZABBIX_PASSIVE perf_counter_en[«\Paging file(_Total)\% Usage»]
Memory Total swap space ZABBIX_PASSIVE system.swap.size[,total]
Memory Free system page table entries ZABBIX_PASSIVE perf_counter_en[«\Memory\Free System Page Table Entries»]
Memory Memory page faults per second ZABBIX_PASSIVE perf_counter_en[«\Memory\Page Faults/sec»]
Memory Memory pages per second ZABBIX_PASSIVE perf_counter_en[«\Memory\Pages/sec»]
Memory Memory pool non-paged ZABBIX_PASSIVE perf_counter_en[«\Memory\Pool Nonpaged Bytes»]

Triggers

The system is running out of free memory.

This trigger is ignored, if there is no swap configured

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

The Memory Free System Page Table Entries is less than <$MEM.PAGE_TABLE_CRIT.MIN>for 5 minutes. If the number is less than 5,000, there may well be a memory leak.

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

The Memory Pages/sec in the last 5 minutes exceeds <$MEM.PAGE_SEC.CRIT.MAX>. If the value is greater than 1,000, as a result of excessive paging, there may be a memory leak.

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows filesystems by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

The critical threshold of the filesystem utilization in percent.

The warning threshold of the filesystem utilization in percent.

There are no template links in this template.

Discovery rules

Name Description Expression Severity Dependencies and additional info
High memory utilization (><$MEMORY.UTIL.MAX>% for 5m) > AVERAGE
High swap space usage (less than <$SWAP.PFREE.MIN.WARN>% free)
Number of free system page table entries is too low (less <$MEM.PAGE_TABLE_CRIT.MIN>for 5m)
The Memory Pages/sec is too high (over <$MEM.PAGE_SEC.CRIT.MAX>for 5m)

Discovery of file systems of different types.

Name Description Type Key and additional info
Mounted filesystem discovery ZABBIX_PASSIVE vfs.fs.discovery

Filter:

Items collected

Used storage in Bytes

Total space in Bytes

Space utilization in % for

Group Name Description Type Key and additional info
Filesystems <#FSNAME>: Used space ZABBIX_PASSIVE vfs.fs.size[<#FSNAME>,used]
Filesystems <#FSNAME>: Total space ZABBIX_PASSIVE vfs.fs.size[<#FSNAME>,total]
Filesystems <#FSNAME>: Space utilization ZABBIX_PASSIVE vfs.fs.size[<#FSNAME>,pused]

Triggers

Two conditions should match: First, space utilization should be above <$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«>.

Second condition should be one of the following:

— The disk free space is less than 5G.

— The disk will be full in less than 24 hours.

Manual close: YES

Two conditions should match: First, space utilization should be above <$VFS.FS.PUSED.MAX.WARN:"<#FSNAME>«>.

Second condition should be one of the following:

— The disk free space is less than 10G.

— The disk will be full in less than 24 hours.

Manual close: YES

Depends on:

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows physical disks by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in physical disks discovery. Can be overridden on the host or linked template level.

This macro is used in physical disks discovery. Can be overridden on the host or linked template level.

Disk read average response time (in s) before the trigger would fire.

The warning threshold of disk time utilization in percent.

Disk write average response time (in s) before the trigger would fire.

There are no template links in this template.

Discovery rules

Name Description Expression Severity Dependencies and additional info
<#FSNAME>: Disk space is critically low (used > <$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«>%) ,pused].last()>><$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«> and ((,total].last()>-,used].last()>) AVERAGE ,pused].last()>><$VFS.FS.PUSED.MAX.WARN:"<#FSNAME>«> and ((,total].last()>-,used].last()>) WARNING

Discovery of installed physical disks.

Name Description Type Key and additional info
Physical disks discovery ZABBIX_PASSIVE perf_instance_en.discovery[PhysicalDisk]

Preprocessing:

Filter:

Items collected

Rate of read operations on the disk.

Rate of write operations on the disk.

Current average disk queue, the number of requests outstanding on the disk at the time the performance data is collected.

This item is the percentage of elapsed time that the selected disk drive was busy servicing read or writes requests.

The average time for read requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.

The average time for write requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.

Average disk read queue, the number of requests outstanding on the disk at the time the performance data is collected.

Average disk write queue, the number of requests outstanding on the disk at the time the performance data is collected.

Group Name Description Type Key and additional info
Storage <#DEVNAME>: Disk read rate ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Disk Reads/sec»,60]
Storage <#DEVNAME>: Disk write rate ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Disk Writes/sec»,60]
Storage <#DEVNAME>: Disk average queue size (avgqu-sz) ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Current Disk Queue Length»,60]
Storage <#DEVNAME>: Disk utilization ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\% Disk Time»,60]
Storage <#DEVNAME>: Disk read request avg waiting time ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk sec/Read»,60]
Storage <#DEVNAME>: Disk write request avg waiting time ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk sec/Write»,60]
Storage <#DEVNAME>: Average disk read queue length ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk Read Queue Length»,60]
Storage <#DEVNAME>: Average disk write queue length ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk Write Queue Length»,60]

Triggers

The disk appears to be under heavy load

Manual close: YES

Depends on:

— <#DEVNAME>: Disk read request responses are too high (read > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«>s for 15m

— <#DEVNAME>: Disk write request responses are too high (write > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«>s for 15m)

This trigger might indicate disk <#DEVNAME>saturation.

Manual close: YES

This trigger might indicate disk <#DEVNAME>saturation.

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows generic by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The threshold for difference of system time in seconds.

There are no template links in this template.

Discovery rules

Items collected

Name Description Expression Severity Dependencies and additional info
<#DEVNAME>: Disk is overloaded (util > <$VFS.DEV.UTIL.MAX.WARN>% for 15m)
<#DEVNAME>: Disk read request responses are too high (read > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«>s for 15m )\Avg. Disk sec/Read»,60].min(15m)> > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«> WARNING
<#DEVNAME>: Disk write request responses are too high (write > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«>s for 15m) )\Avg. Disk sec/Write»,60].min(15m)> > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«> WARNING

System local time of the host.

System host name.

The number of threads used by all running processes.

Operating system architecture of the host.

Group Name Description Type Key and additional info
General System local time ZABBIX_PASSIVE system.localtime
General System name ZABBIX_PASSIVE system.hostname

Preprocessing:

System description of the host.

ZABBIX_PASSIVE system.uname

Preprocessing:

The number of processes.

ZABBIX_PASSIVE proc.num[]
General Number of threads ZABBIX_PASSIVE perf_counter_en[«\System\Threads»]
Inventory Operating system architecture ZABBIX_PASSIVE system.sw.arch

Preprocessing:

System uptime in ‘N days, hh:mm:ss’ format.

ZABBIX_PASSIVE system.uptime

Triggers

The host system time is different from the Zabbix server time.

Manual close: YES

System name has changed. Ack to close.

Manual close: YES

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows network by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

Name Description Expression Severity Dependencies and additional info
System time is out of sync (diff with Zabbix server > <$SYSTEM.FUZZYTIME.MAX>s)
System name has changed (new name: )
Host has been restarted (uptime WARNING Miniport|Virtual|Teredo|Kernel|Loopback|Bluetooth|HTTPS|6to4|QoS|Layer

There are no template links in this template.

Discovery rules

Discovery of installed network interfaces.

Name Description Type Key and additional info
Network interfaces discovery DEPENDENT net.if.discovery

Preprocessing:

— JAVASCRIPT: Text is too long. Please see the template.

Filter:

Items collected

Incoming traffic on the network interface.

Outgoing traffic on the network interface.

The number of incoming packets dropped on the network interface.

The number of outgoing packets dropped on the network interface.

The number of incoming packets with errors on the network interface.

The number of outgoing packets with errors on the network interface.

Estimated bandwidth of the network interface if any.

The type of the network interface.

The operational status of the network interface.

Raw data of win32_networkadapter.

Group Name Description Type Key and additional info
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Bits received ZABBIX_PASSIVE net.if.in[«<#IFNAME>«]

Preprocessing:

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Bits sent ZABBIX_PASSIVE net.if.out[«<#IFNAME>«]

Preprocessing:

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Inbound packets discarded ZABBIX_PASSIVE net.if.in[«<#IFNAME>«,dropped]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Outbound packets discarded ZABBIX_PASSIVE net.if.out[«<#IFNAME>«,dropped]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Inbound packets with errors ZABBIX_PASSIVE net.if.in[«<#IFNAME>«,errors]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Outbound packets with errors ZABBIX_PASSIVE net.if.out[«<#IFNAME>«,errors]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Speed DEPENDENT net.if.speed[«<#IFNAME>«]

Preprocessing:

⛔️ON_FAIL: CUSTOM_VALUE -> 0

— JAVASCRIPT: return (value==’9223372036854775807′ ? 0 : value)

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Interface type DEPENDENT net.if.type[«<#IFNAME>«]

Preprocessing:

— JSONPATH: $[?(@.Name == «<#IFNAME>«)].AdapterTypeId.first()

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Operational status DEPENDENT net.if.status[«<#IFNAME>«]

Preprocessing:

— JSONPATH: $[?(@.Name == «<#IFNAME>«)].NetConnectionStatus.first()

Zabbix_raw_items Network interfaces WMI get ZABBIX_PASSIVE wmi.getall[root\cimv2,»select Name,Description,NetConnectionID,Speed,AdapterTypeId,NetConnectionStatus from win32_networkadapter where PhysicalAdapter=True and NetConnectionStatus>0″]

Triggers

The network interface utilization is close to its estimated maximum bandwidth.

Manual close: YES

Depends on:

Recovers when below 80% of <$IF.ERRORS.WARN:"<#IFNAME>«> threshold

Manual close: YES

Depends on:

This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Ack to close.

Manual close: YES

Depends on:

This trigger expression works as follows:

1. Can be triggered if operations status is down.

2. <$IFCONTROL:\"<#IFNAME>\»>=1 — user can redefine Context macro to value — 0. That marks this interface as not important.

No new trigger will be fired if this interface is down.

3. =1) — trigger fires only if operational status is different from Connected(2).

WARNING: if closed manually — won’t fire again on next poll, because of .diff.

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows services by Zabbix agent

Overview

For Zabbix version: 5.4 and higher
Special version of services template that is required for Windows OS.

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in Service discovery. Can be overridden on the host or linked template level.

This macro is used in Service discovery. Can be overridden on the host or linked template level.

Name Description Expression Severity Dependencies and additional info
Interface <#IFNAME>(<#IFALIAS>): High bandwidth usage (> <$IF.UTIL.MAX:"<#IFNAME>«>% ) («].avg(15m)>>(<$IF.UTIL.MAX:"<#IFNAME>«>/100)*«].last()> or «].avg(15m)>>(<$IF.UTIL.MAX:"<#IFNAME>«>/100)*«].last()>) and «].last()>>0

«].avg(15m)>

 WARNING
Interface <#IFNAME>(<#IFALIAS>): High error rate (> <$IF.ERRORS.WARN:"<#IFNAME>«> for 5m) «,errors].min(5m)>><$IF.ERRORS.WARN:"<#IFNAME>«> or «,errors].min(5m)>><$IF.ERRORS.WARN:"<#IFNAME>«>

«,errors].max(5m)>

 WARNING
Interface <#IFNAME>(<#IFALIAS>): Ethernet has changed to lower speed than it was before <$IFCONTROL:"<#IFNAME>«>=1 and («].last()><>2 and «].diff()>=1)

«].last()>=2 or <$IFCONTROL:"<#IFNAME>«>=0

 AVERAGE ^RemoteRegistry|MMCSS|gupdate|SysmonLog|clr_optimization_v.+|clr_optimization_v.+|sppsvc|gpsvc|Pml Driver HPZ12|Net Driver HPZ12|MapsBroker|IntelAudioService|Intel\(R\) TPM Provisioning Service|dbupdate|DoSvc$

This macro is used in Service discovery. Can be overridden on the host or linked template level.

This macro is used in Service discovery. Can be overridden on the host or linked template level.

^manual|disabled$

There are no template links in this template.

Discovery rules

Discovery of Windows services of different types as defined in template’s macros.

Name Description Type Key and additional info
Windows services discovery ZABBIX_PASSIVE service.discovery

Filter:

Items collected

Group Name Description Type Key and additional info
Services State of service «<#SERVICE.NAME>» (<#SERVICE.DISPLAYNAME>) ZABBIX_PASSIVE service.info[«<#SERVICE.NAME>«,state]

Triggers

The service has a state other than «Running» for the last three times.

Name Description Expression Severity Dependencies and additional info
«<#SERVICE.NAME>» (<#SERVICE.DISPLAYNAME>) is not running (startup type <#SERVICE.STARTUPNAME>) «,state].min(#3)><>0 AVERAGE

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows by Zabbix agent

Overview

For Zabbix version: 5.4 and higher
New official Windows template. Requires agent of Zabbix 4.4 and newer.

This template was tested on:

  • Windows, version 7 and newer.
  • Windows Server, version 2008 R2 and newer.

Setup

Install Zabbix agent on Windows OS according to Zabbix documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Name
Windows CPU by Zabbix agent
Windows filesystems by Zabbix agent
Windows generic by Zabbix agent
Windows memory by Zabbix agent
Windows network by Zabbix agent
Windows physical disks by Zabbix agent
Windows services by Zabbix agent
Zabbix agent

Discovery rules

Items collected

Group Name Description Type Key and additional info

Triggers

Name Description Expression Severity Dependencies and additional info

Feedback

Please report any issues with the template at https://support.zabbix.com

You can also provide a feedback, discuss the template or ask for help with it at ZABBIX forums.

Windows CPU by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The critical threshold of the % Interrupt Time counter.

The threshold of the % Privileged Time counter.

The threshold of the Processor Queue Length counter.

The critical threshold of the CPU utilization in %.

There are no template links in this template.

Discovery rules

Items collected

CPU utilization in %

The Processor Information\% Interrupt Time is the time the processor spends receiving and servicing

hardware interrupts during sample intervals. This value is an indirect indicator of the activity of

devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication

lines, network interface cards and other peripheral devices. This is an easy way to identify a potential

hardware failure. This should never be higher than 20%.

Context Switches/sec is the combined rate at which all processors on the computer are switched from one thread to another.

Context switches occur when a running thread voluntarily relinquishes the processor, is preempted by a higher priority ready thread, or switches between user-mode and privileged (kernel) mode to use an Executive or subsystem service.

It is the sum of Thread\Context Switches/sec for all threads running on all processors in the computer and is measured in numbers of switches.

There are context switch counters on the System and Thread objects. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.

The Processor Information\% Privileged Time counter shows the percent of time that the processor is spent

executing in Kernel (or Privileged) mode. Privileged mode includes services interrupts inside Interrupt

Service Routines (ISRs), executing Deferred Procedure Calls (DPCs), Device Driver calls and other kernel-mode

functions of the Windows® Operating System.

Processor DPC time is the time that a single processor spent receiving and servicing deferred procedure

calls (DPCs). DPCs are interrupts that run at a lower priority than standard interrupts. % DPC Time is a

component of % Privileged Time because DPCs are executed in privileged mode. If a high % DPC Time is

sustained, there may be a processor bottleneck or an application or hardware related issue that can

significantly diminish overall system performance.

The Processor Information\% User Time counter shows the percent of time that the processor(s) is spent executing

The number of logical processors available on the computer.

The Processor Queue Length shows the number of threads that are observed as delayed in the processor Ready Queue

and are waiting to be executed.

Group Name Description Type Key and additional info
CPU CPU utilization ZABBIX_ACTIVE system.cpu.util
CPU CPU interrupt time ZABBIX_ACTIVE perf_counter_en[«\Processor Information(_total)\% Interrupt Time»]
CPU Context switches per second ZABBIX_ACTIVE perf_counter_en[«\System\Context Switches/sec»]
CPU CPU privileged time ZABBIX_ACTIVE perf_counter_en[«\Processor Information(_total)\% Privileged Time»]
CPU CPU DPC time ZABBIX_ACTIVE perf_counter_en[«\Processor Information(_total)\% DPC Time»]
CPU CPU user time ZABBIX_ACTIVE perf_counter_en[«\Processor Information(_total)\% User Time»]
CPU Number of cores ZABBIX_ACTIVE wmi.get[root/cimv2,»Select NumberOfLogicalProcessors from Win32_ComputerSystem»]
CPU CPU queue length ZABBIX_ACTIVE perf_counter_en[«\System\Processor Queue Length»]

Triggers

CPU utilization is too high. The system might be slow to respond.

«The CPU Interrupt Time in the last 5 minutes exceeds <$CPU.INTERRUPT.CRIT.MAX>%.»

The Processor Information\% Interrupt Time is the time the processor spends receiving and servicing

hardware interrupts during sample intervals. This value is an indirect indicator of the activity of

devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication

lines, network interface cards and other peripheral devices. This is an easy way to identify a potential

hardware failure. This should never be higher than 20%.

Depends on:

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

The CPU privileged time in the last 5 minutes exceeds <$CPU.PRIV.CRIT.MAX>%.

Depends on:

— CPU interrupt time is too high (over <$CPU.INTERRUPT.CRIT.MAX>% for 5m)

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

The CPU Queue Length in the last 5 minutes exceeds <$CPU.QUEUE.CRIT.MAX>. According to actual observations, PQL should not exceed the number of cores * 2. To fine-tune the conditions, use the macro <$CPU.QUEUE.CRIT.MAX >.

Depends on:

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows memory by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The warning threshold of the Memory Pages/sec counter.

The warning threshold of the Free System Page Table Entries counter.

The warning threshold of the Memory util item.

The warning threshold of the minimum free swap.

There are no template links in this template.

Discovery rules

Items collected

Name Description Expression Severity Dependencies and additional info
High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m) > WARNING
CPU interrupt time is too high (over <$CPU.INTERRUPT.CRIT.MAX>% for 5m)
CPU privileged time is too high (over <$CPU.PRIV.CRIT.MAX>% for 5m)
CPU queue length is too high (over <$CPU.QUEUE.CRIT.MAX>for 5m)

Used memory in Bytes

Total memory in Bytes

Memory utilization in %

Cache Bytes is the sum of the Memory\System Cache Resident Bytes, Memory\System Driver Resident Bytes,

Memory\System Code Resident Bytes, and Memory\Pool Paged Resident Bytes counters. This counter displays

the last observed value only; it is not an average.

The free space of swap volume/file in bytes.

The free space of swap volume/file in percent.

The total space of swap volume/file in bytes.

This indicates the number of page table entries not currently in use by the system. If the number is less

than 5,000, there may well be a memory leak or you running out of memory.

Page Faults/sec is the average number of pages faulted per second. It is measured in number of pages

faulted per second because only one page is faulted in each fault operation, hence this is also equal

to the number of page fault operations. This counter includes both hard faults (those that require

disk access) and soft faults (where the faulted page is found elsewhere in physical memory.) Most

processors can handle large numbers of soft faults without significant consequence. However, hard faults,

which require disk access, can cause significant delays.

This measures the rate at which pages are read from or written to disk to resolve hard page faults.

If the value is greater than 1,000, as a result of excessive paging, there may be a memory leak.

This measures the size, in bytes, of the non-paged pool. This is an area of system memory for objects

that cannot be written to disk but instead must remain in physical memory as long as they are allocated.

There is a possible memory leak if the value is greater than 175MB (or 100MB with the /3GB switch).

A typical Event ID 2019 is recorded in the system event log.

Group Name Description Type Key and additional info
Memory Used memory ZABBIX_ACTIVE vm.memory.size[used]
Memory Total memory ZABBIX_ACTIVE vm.memory.size[total]
Memory Memory utilization CALCULATED vm.memory.util

Expression:

last(«vm.memory.size[used]») / last(«vm.memory.size[total]») * 100
Memory Cache bytes ZABBIX_ACTIVE perf_counter_en[«\Memory\Cache Bytes»]
Memory Free swap space CALCULATED system.swap.free

Expression:

last(«system.swap.size[,total]») — last(«system.swap.size[,total]») / 100 * last(«perf_counter_en[\»\Paging file(_Total)\% Usage\»]»)
Memory Free swap space in % DEPENDENT system.swap.pfree

Preprocessing:

— JAVASCRIPT: return (100 — value)

The used space of swap volume/file in percent.

ZABBIX_ACTIVE perf_counter_en[«\Paging file(_Total)\% Usage»]
Memory Total swap space ZABBIX_ACTIVE system.swap.size[,total]
Memory Free system page table entries ZABBIX_ACTIVE perf_counter_en[«\Memory\Free System Page Table Entries»]
Memory Memory page faults per second ZABBIX_ACTIVE perf_counter_en[«\Memory\Page Faults/sec»]
Memory Memory pages per second ZABBIX_ACTIVE perf_counter_en[«\Memory\Pages/sec»]
Memory Memory pool non-paged ZABBIX_ACTIVE perf_counter_en[«\Memory\Pool Nonpaged Bytes»]

Triggers

The system is running out of free memory.

This trigger is ignored, if there is no swap configured

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

The Memory Free System Page Table Entries is less than <$MEM.PAGE_TABLE_CRIT.MIN>for 5 minutes. If the number is less than 5,000, there may well be a memory leak.

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

The Memory Pages/sec in the last 5 minutes exceeds <$MEM.PAGE_SEC.CRIT.MAX>. If the value is greater than 1,000, as a result of excessive paging, there may be a memory leak.

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows filesystems by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

The critical threshold of the filesystem utilization in percent.

The warning threshold of the filesystem utilization in percent.

There are no template links in this template.

Discovery rules

Name Description Expression Severity Dependencies and additional info
High memory utilization (><$MEMORY.UTIL.MAX>% for 5m) > AVERAGE
High swap space usage (less than <$SWAP.PFREE.MIN.WARN>% free)
Number of free system page table entries is too low (less <$MEM.PAGE_TABLE_CRIT.MIN>for 5m)
The Memory Pages/sec is too high (over <$MEM.PAGE_SEC.CRIT.MAX>for 5m)

Discovery of file systems of different types.

Name Description Type Key and additional info
Mounted filesystem discovery ZABBIX_ACTIVE vfs.fs.discovery

Filter:

Items collected

Used storage in Bytes

Total space in Bytes

Space utilization in % for

Group Name Description Type Key and additional info
Filesystems <#FSNAME>: Used space ZABBIX_ACTIVE vfs.fs.size[<#FSNAME>,used]
Filesystems <#FSNAME>: Total space ZABBIX_ACTIVE vfs.fs.size[<#FSNAME>,total]
Filesystems <#FSNAME>: Space utilization ZABBIX_ACTIVE vfs.fs.size[<#FSNAME>,pused]

Triggers

Two conditions should match: First, space utilization should be above <$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«>.

Second condition should be one of the following:

— The disk free space is less than 5G.

— The disk will be full in less than 24 hours.

Manual close: YES

Two conditions should match: First, space utilization should be above <$VFS.FS.PUSED.MAX.WARN:"<#FSNAME>«>.

Second condition should be one of the following:

— The disk free space is less than 10G.

— The disk will be full in less than 24 hours.

Manual close: YES

Depends on:

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows physical disks by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in physical disks discovery. Can be overridden on the host or linked template level.

This macro is used in physical disks discovery. Can be overridden on the host or linked template level.

Disk read average response time (in s) before the trigger would fire.

The warning threshold of disk time utilization in percent.

Disk write average response time (in s) before the trigger would fire.

There are no template links in this template.

Discovery rules

Name Description Expression Severity Dependencies and additional info
<#FSNAME>: Disk space is critically low (used > <$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«>%) ,pused].last()>><$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«> and ((,total].last()>-,used].last()>) AVERAGE ,pused].last()>><$VFS.FS.PUSED.MAX.WARN:"<#FSNAME>«> and ((,total].last()>-,used].last()>) WARNING

Discovery of installed physical disks.

Name Description Type Key and additional info
Physical disks discovery ZABBIX_ACTIVE perf_instance_en.discovery[PhysicalDisk]

Preprocessing:

Filter:

Items collected

Rate of read operations on the disk.

Rate of write operations on the disk.

Current average disk queue, the number of requests outstanding on the disk at the time the performance data is collected.

This item is the percentage of elapsed time that the selected disk drive was busy servicing read or writes requests.

The average time for read requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.

The average time for write requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.

Average disk read queue, the number of requests outstanding on the disk at the time the performance data is collected.

Average disk write queue, the number of requests outstanding on the disk at the time the performance data is collected.

Group Name Description Type Key and additional info
Storage <#DEVNAME>: Disk read rate ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Disk Reads/sec»,60]
Storage <#DEVNAME>: Disk write rate ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Disk Writes/sec»,60]
Storage <#DEVNAME>: Disk average queue size (avgqu-sz) ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Current Disk Queue Length»,60]
Storage <#DEVNAME>: Disk utilization ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\% Disk Time»,60]
Storage <#DEVNAME>: Disk read request avg waiting time ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk sec/Read»,60]
Storage <#DEVNAME>: Disk write request avg waiting time ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk sec/Write»,60]
Storage <#DEVNAME>: Average disk read queue length ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk Read Queue Length»,60]
Storage <#DEVNAME>: Average disk write queue length ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk Write Queue Length»,60]

Triggers

The disk appears to be under heavy load

Manual close: YES

Depends on:

— <#DEVNAME>: Disk read request responses are too high (read > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«>s for 15m

— <#DEVNAME>: Disk write request responses are too high (write > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«>s for 15m)

This trigger might indicate disk <#DEVNAME>saturation.

Manual close: YES

This trigger might indicate disk <#DEVNAME>saturation.

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows generic by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The threshold for difference of system time in seconds.

There are no template links in this template.

Discovery rules

Items collected

Name Description Expression Severity Dependencies and additional info
<#DEVNAME>: Disk is overloaded (util > <$VFS.DEV.UTIL.MAX.WARN>% for 15m)
<#DEVNAME>: Disk read request responses are too high (read > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«>s for 15m )\Avg. Disk sec/Read»,60].min(15m)> > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«> WARNING
<#DEVNAME>: Disk write request responses are too high (write > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«>s for 15m) )\Avg. Disk sec/Write»,60].min(15m)> > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«> WARNING

System local time of the host.

System host name.

The number of threads used by all running processes.

Operating system architecture of the host.

Group Name Description Type Key and additional info
General System local time ZABBIX_ACTIVE system.localtime
General System name ZABBIX_ACTIVE system.hostname

Preprocessing:

System description of the host.

ZABBIX_ACTIVE system.uname

Preprocessing:

The number of processes.

ZABBIX_ACTIVE proc.num[]
General Number of threads ZABBIX_ACTIVE perf_counter_en[«\System\Threads»]
Inventory Operating system architecture ZABBIX_ACTIVE system.sw.arch

Preprocessing:

System uptime in ‘N days, hh:mm:ss’ format.

ZABBIX_ACTIVE system.uptime

Triggers

The host system time is different from the Zabbix server time.

Manual close: YES

System name has changed. Ack to close.

Manual close: YES

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows network by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

Name Description Expression Severity Dependencies and additional info
System time is out of sync (diff with Zabbix server > <$SYSTEM.FUZZYTIME.MAX>s)
System name has changed (new name: )
Host has been restarted (uptime WARNING Miniport|Virtual|Teredo|Kernel|Loopback|Bluetooth|HTTPS|6to4|QoS|Layer

There are no template links in this template.

Discovery rules

Discovery of installed network interfaces.

Name Description Type Key and additional info
Network interfaces discovery DEPENDENT net.if.discovery

Preprocessing:

— JAVASCRIPT: Text is too long. Please see the template.

Filter:

Items collected

Incoming traffic on the network interface.

Outgoing traffic on the network interface.

The number of incoming packets dropped on the network interface.

The number of outgoing packets dropped on the network interface.

The number of incoming packets with errors on the network interface.

The number of outgoing packets with errors on the network interface.

Estimated bandwidth of the network interface if any.

The type of the network interface.

The operational status of the network interface.

Raw data of win32_networkadapter.

Group Name Description Type Key and additional info
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Bits received ZABBIX_ACTIVE net.if.in[«<#IFNAME>«]

Preprocessing:

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Bits sent ZABBIX_ACTIVE net.if.out[«<#IFNAME>«]

Preprocessing:

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Inbound packets discarded ZABBIX_ACTIVE net.if.in[«<#IFNAME>«,dropped]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Outbound packets discarded ZABBIX_ACTIVE net.if.out[«<#IFNAME>«,dropped]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Inbound packets with errors ZABBIX_ACTIVE net.if.in[«<#IFNAME>«,errors]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Outbound packets with errors ZABBIX_ACTIVE net.if.out[«<#IFNAME>«,errors]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Speed DEPENDENT net.if.speed[«<#IFNAME>«]

Preprocessing:

⛔️ON_FAIL: CUSTOM_VALUE -> 0

— JAVASCRIPT: return (value==’9223372036854775807′ ? 0 : value)

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Interface type DEPENDENT net.if.type[«<#IFNAME>«]

Preprocessing:

— JSONPATH: $[?(@.Name == «<#IFNAME>«)].AdapterTypeId.first()

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Operational status DEPENDENT net.if.status[«<#IFNAME>«]

Preprocessing:

— JSONPATH: $[?(@.Name == «<#IFNAME>«)].NetConnectionStatus.first()

Zabbix_raw_items Network interfaces WMI get ZABBIX_ACTIVE wmi.getall[root\cimv2,»select Name,Description,NetConnectionID,Speed,AdapterTypeId,NetConnectionStatus from win32_networkadapter where PhysicalAdapter=True and NetConnectionStatus>0″]

Triggers

The network interface utilization is close to its estimated maximum bandwidth.

Manual close: YES

Depends on:

Recovers when below 80% of <$IF.ERRORS.WARN:"<#IFNAME>«> threshold

Manual close: YES

Depends on:

This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Ack to close.

Manual close: YES

Depends on:

This trigger expression works as follows:

1. Can be triggered if operations status is down.

2. <$IFCONTROL:\"<#IFNAME>\»>=1 — user can redefine Context macro to value — 0. That marks this interface as not important.

No new trigger will be fired if this interface is down.

3. =1) — trigger fires only if operational status is different from Connected(2).

WARNING: if closed manually — won’t fire again on next poll, because of .diff.

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows services by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher
Special version of services template that is required for Windows OS.

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in Service discovery. Can be overridden on the host or linked template level.

This macro is used in Service discovery. Can be overridden on the host or linked template level.

Name Description Expression Severity Dependencies and additional info
Interface <#IFNAME>(<#IFALIAS>): High bandwidth usage (> <$IF.UTIL.MAX:"<#IFNAME>«>% ) («].avg(15m)>>(<$IF.UTIL.MAX:"<#IFNAME>«>/100)*«].last()> or «].avg(15m)>>(<$IF.UTIL.MAX:"<#IFNAME>«>/100)*«].last()>) and «].last()>>0

«].avg(15m)>

 WARNING
Interface <#IFNAME>(<#IFALIAS>): High error rate (> <$IF.ERRORS.WARN:"<#IFNAME>«> for 5m) «,errors].min(5m)>><$IF.ERRORS.WARN:"<#IFNAME>«> or «,errors].min(5m)>><$IF.ERRORS.WARN:"<#IFNAME>«>

«,errors].max(5m)>

 WARNING
Interface <#IFNAME>(<#IFALIAS>): Ethernet has changed to lower speed than it was before <$IFCONTROL:"<#IFNAME>«>=1 and («].last()><>2 and «].diff()>=1)

«].last()>=2 or <$IFCONTROL:"<#IFNAME>«>=0

 AVERAGE ^RemoteRegistry|MMCSS|gupdate|SysmonLog|clr_optimization_v.+|clr_optimization_v.+|sppsvc|gpsvc|Pml Driver HPZ12|Net Driver HPZ12|MapsBroker|IntelAudioService|Intel\(R\) TPM Provisioning Service|dbupdate|DoSvc$

This macro is used in Service discovery. Can be overridden on the host or linked template level.

This macro is used in Service discovery. Can be overridden on the host or linked template level.

^manual|disabled$

There are no template links in this template.

Discovery rules

Discovery of Windows services of different types as defined in template’s macros.

Name Description Type Key and additional info
Windows services discovery ZABBIX_ACTIVE service.discovery

Filter:

Items collected

Group Name Description Type Key and additional info
Services State of service «<#SERVICE.NAME>» (<#SERVICE.DISPLAYNAME>) ZABBIX_ACTIVE service.info[«<#SERVICE.NAME>«,state]

Triggers

The service has a state other than «Running» for the last three times.

Name Description Expression Severity Dependencies and additional info
«<#SERVICE.NAME>» (<#SERVICE.DISPLAYNAME>) is not running (startup type <#SERVICE.STARTUPNAME>) «,state].min(#3)><>0 AVERAGE

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher
New official Windows template. Requires agent of Zabbix 4.4 and newer.

This template was tested on:

  • Windows, version 7 and newer.
  • Windows Server, version 2008 R2 and newer.

Setup

Install Zabbix agent on Windows OS according to Zabbix documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Name
Windows CPU by Zabbix agent active
Windows filesystems by Zabbix agent active
Windows generic by Zabbix agent active
Windows memory by Zabbix agent active
Windows network by Zabbix agent active
Windows physical disks by Zabbix agent active
Windows services by Zabbix agent active
Zabbix agent

Discovery rules

Items collected

Group Name Description Type Key and additional info

Triggers

Name Description Expression Severity Dependencies and additional info

Feedback

Please report any issues with the template at https://support.zabbix.com

You can also provide a feedback, discuss the template or ask for help with it at ZABBIX forums.

Windows SNMP

Overview

For Zabbix version: 5.2 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Name
Generic SNMP
HOST-RESOURCES-MIB SNMP
Interfaces Windows SNMP

Discovery rules

Items collected

Group Name Description Type Key and additional info

Triggers

Name Description Expression Severity Dependencies and additional info

Feedback

Please report any issues with the template at https://support.zabbix.com

Known Issues

Description: Doesn’t support In/Out 64 bit counters even though IfxTable is present: Currently, Windows gets it’s interface status from MIB-2. Since these 64bit SNMP counters (ifHCInOctets, ifHCOutOctets, etc.) are defined as an extension to IF-MIB, Microsoft has not implemented it. https://social.technet.microsoft.com/Forums/windowsserver/en-US/07b62ff0-94f6-40ca-a99d-d129c1b33d70/windows-2008-r2-snmp-64bit-counters-support?forum=winservergen

Description: Doesn’t support ifXTable at all

Description: EtherLike MIB is not supported

Читайте также:  Устройство synaptics не найдено что делать windows 10
Оцените статью
© 2024 Советы по настройке компьютера