Главная » Linux

Zabbix windows server template

Содержание
  1. Присматриваем за окнами. Windows + Zabbix
  2. Введение
  3. Практика «Агента»
  4. Практика SNMP
  5. Заключение
  6. Zabbix + Windows
  7. Windows
  8. Available solutions
  9. Windows CPU by Zabbix agent
  10. Overview
  11. Setup
  12. Zabbix configuration
  13. Macros used
  14. Template links
  15. Discovery rules
  16. Items collected
  17. Triggers
  18. Feedback
  19. Windows memory by Zabbix agent
  20. Overview
  21. Setup
  22. Zabbix configuration
  23. Macros used
  24. Template links
  25. Discovery rules
  26. Items collected
  27. Triggers
  28. Feedback
  29. Windows filesystems by Zabbix agent
  30. Overview
  31. Setup
  32. Zabbix configuration
  33. Macros used
  34. Template links
  35. Discovery rules
  36. Items collected
  37. Triggers
  38. Feedback
  39. Windows physical disks by Zabbix agent
  40. Overview
  41. Setup
  42. Zabbix configuration
  43. Macros used
  44. Template links
  45. Discovery rules
  46. Items collected
  47. Triggers
  48. Feedback
  49. Windows generic by Zabbix agent
  50. Overview
  51. Setup
  52. Zabbix configuration
  53. Macros used
  54. Template links
  55. Discovery rules
  56. Items collected
  57. Triggers
  58. Feedback
  59. Windows network by Zabbix agent
  60. Overview
  61. Setup
  62. Zabbix configuration
  63. Macros used
  64. Template links
  65. Discovery rules
  66. Items collected
  67. Triggers
  68. Feedback
  69. Windows services by Zabbix agent
  70. Overview
  71. Setup
  72. Zabbix configuration
  73. Macros used
  74. Template links
  75. Discovery rules
  76. Items collected
  77. Triggers
  78. Feedback
  79. Windows by Zabbix agent
  80. Overview
  81. Setup
  82. Zabbix configuration
  83. Template links
  84. Discovery rules
  85. Items collected
  86. Triggers
  87. Feedback
  88. Windows CPU by Zabbix agent active
  89. Overview
  90. Setup
  91. Zabbix configuration
  92. Macros used
  93. Template links
  94. Discovery rules
  95. Items collected
  96. Triggers
  97. Feedback
  98. Windows memory by Zabbix agent active
  99. Overview
  100. Setup
  101. Zabbix configuration
  102. Macros used
  103. Template links
  104. Discovery rules
  105. Items collected
  106. Triggers
  107. Feedback
  108. Windows filesystems by Zabbix agent active
  109. Overview
  110. Setup
  111. Zabbix configuration
  112. Macros used
  113. Template links
  114. Discovery rules
  115. Items collected
  116. Triggers
  117. Feedback
  118. Windows physical disks by Zabbix agent active
  119. Overview
  120. Setup
  121. Zabbix configuration
  122. Macros used
  123. Template links
  124. Discovery rules
  125. Items collected
  126. Triggers
  127. Feedback
  128. Windows generic by Zabbix agent active
  129. Overview
  130. Setup
  131. Zabbix configuration
  132. Macros used
  133. Template links
  134. Discovery rules
  135. Items collected
  136. Triggers
  137. Feedback
  138. Windows network by Zabbix agent active
  139. Overview
  140. Setup
  141. Zabbix configuration
  142. Macros used
  143. Template links
  144. Discovery rules
  145. Items collected
  146. Triggers
  147. Feedback
  148. Windows services by Zabbix agent active
  149. Overview
  150. Setup
  151. Zabbix configuration
  152. Macros used
  153. Template links
  154. Discovery rules
  155. Items collected
  156. Triggers
  157. Feedback
  158. Windows by Zabbix agent active
  159. Overview
  160. Setup
  161. Zabbix configuration
  162. Template links
  163. Discovery rules
  164. Items collected
  165. Triggers
  166. Feedback
  167. Windows SNMP
  168. Overview
  169. Setup
  170. Zabbix configuration
  171. Template links
  172. Discovery rules
  173. Items collected
  174. Triggers
  175. Feedback
  176. Known Issues

Присматриваем за окнами. Windows + Zabbix

Введение

Практика «Агента»

Если у Вас установлен Zabbix агент, то общаться мы будем с ОС через него.

При просмотра шаблона Template OS Windows обращаем внимание на элемент данных:
Average disk write queue length perf_counter[\234(_Total)\1404].

Что же означают эти цифры \234(_Total)\1404. ?

В ОС Windows эти цифры обозначают внутренние идентификаторы счетчиков производительности. Но если у Вас установленна база Zabbix с кодировкой UTF8, то ничего не мешает нам использовать русские названия в счетчиках

Получаем счетчики следующим образом:
typeperf -q

А если у нас несколько жестких дисков (интерфейсов и т.п.):
typeperf -qx

Слишком много информации? Фильтруем:
typeperf «\Физический диск(_Total)\»

Другой вариант получить счетчики:
lodctr /s:perfcount.txt
Открыв файл мы увидем идентификаторы и их название в начале на английском, а затем на русском языке.

Практика SNMP

Но что делать, когда нельзя (или нет желания) установить агент?
Для этого, мы будем читать счетчики через SNMP:

snmpwalk -Of -c public -v 2c 192.168.0.1

Если выполнять под ОС Windows, то результат будет вида:
.iso.3.6.1.2.1.1.1.0 = STRING: «Hardware: Intel64 Family 6 Model 44 Stepping 2 AT/AT COMPATIBLE — Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)»

Если выполнять под ОС Linux, то результат будет вида:
.iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0 = STRING: Hardware: Intel64 Family 6 Model 44 Stepping 2 AT/AT COMPATIBLE — Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)

(Также можно поискать соответствие цифр с названиями на http://support.ipmonitor.com/snmp_center.aspx)

Linux вариант более информативный.

Заключение

Осталось подключить необходмые счетки и можно будет следить за производительностью системы.

Zabbix + Windows

Windows

Microsoft Windows is a group of several graphical operating system families, all of which are developed, marketed, and sold by Microsoft.

Available solutions

Windows CPU by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The critical threshold of the % Interrupt Time counter.

The threshold of the % Privileged Time counter.

The threshold of the Processor Queue Length counter.

The critical threshold of the CPU utilization in %.

There are no template links in this template.

Discovery rules

Items collected

CPU utilization in %

The Processor Information\% Interrupt Time is the time the processor spends receiving and servicing

hardware interrupts during sample intervals. This value is an indirect indicator of the activity of

devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication

lines, network interface cards and other peripheral devices. This is an easy way to identify a potential

hardware failure. This should never be higher than 20%.

Context Switches/sec is the combined rate at which all processors on the computer are switched from one thread to another.

Context switches occur when a running thread voluntarily relinquishes the processor, is preempted by a higher priority ready thread, or switches between user-mode and privileged (kernel) mode to use an Executive or subsystem service.

It is the sum of Thread\Context Switches/sec for all threads running on all processors in the computer and is measured in numbers of switches.

There are context switch counters on the System and Thread objects. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.

The Processor Information\% Privileged Time counter shows the percent of time that the processor is spent

executing in Kernel (or Privileged) mode. Privileged mode includes services interrupts inside Interrupt

Service Routines (ISRs), executing Deferred Procedure Calls (DPCs), Device Driver calls and other kernel-mode

functions of the WindowsВ® Operating System.

Processor DPC time is the time that a single processor spent receiving and servicing deferred procedure

calls (DPCs). DPCs are interrupts that run at a lower priority than standard interrupts. % DPC Time is a

component of % Privileged Time because DPCs are executed in privileged mode. If a high % DPC Time is

sustained, there may be a processor bottleneck or an application or hardware related issue that can

significantly diminish overall system performance.

The Processor Information\% User Time counter shows the percent of time that the processor(s) is spent executing

The number of logical processors available on the computer.

The Processor Queue Length shows the number of threads that are observed as delayed in the processor Ready Queue

and are waiting to be executed.

Group Name Description Type Key and additional info
CPU CPU utilization ZABBIX_PASSIVE system.cpu.util
CPU CPU interrupt time ZABBIX_PASSIVE perf_counter_en[«\Processor Information(_total)\% Interrupt Time»]
CPU Context switches per second ZABBIX_PASSIVE perf_counter_en[«\System\Context Switches/sec»]
CPU CPU privileged time ZABBIX_PASSIVE perf_counter_en[«\Processor Information(_total)\% Privileged Time»]
CPU CPU DPC time ZABBIX_PASSIVE perf_counter_en[«\Processor Information(_total)\% DPC Time»]
CPU CPU user time ZABBIX_PASSIVE perf_counter_en[«\Processor Information(_total)\% User Time»]
CPU Number of cores ZABBIX_PASSIVE wmi.get[root/cimv2,»Select NumberOfLogicalProcessors from Win32_ComputerSystem»]
CPU CPU queue length ZABBIX_PASSIVE perf_counter_en[«\System\Processor Queue Length»]

Triggers

CPU utilization is too high. The system might be slow to respond.

«The CPU Interrupt Time in the last 5 minutes exceeds <$CPU.INTERRUPT.CRIT.MAX>%.»

The Processor Information\% Interrupt Time is the time the processor spends receiving and servicing

hardware interrupts during sample intervals. This value is an indirect indicator of the activity of

devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication

lines, network interface cards and other peripheral devices. This is an easy way to identify a potential

hardware failure. This should never be higher than 20%.

Depends on:

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

The CPU privileged time in the last 5 minutes exceeds <$CPU.PRIV.CRIT.MAX>%.

Depends on:

— CPU interrupt time is too high (over <$CPU.INTERRUPT.CRIT.MAX>% for 5m)

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

The CPU Queue Length in the last 5 minutes exceeds <$CPU.QUEUE.CRIT.MAX>. According to actual observations, PQL should not exceed the number of cores * 2. To fine-tune the conditions, use the macro <$CPU.QUEUE.CRIT.MAX >.

Depends on:

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows memory by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The warning threshold of the Memory Pages/sec counter.

The warning threshold of the Free System Page Table Entries counter.

The warning threshold of the Memory util item.

The warning threshold of the minimum free swap.

There are no template links in this template.

Discovery rules

Items collected

Name Description Expression Severity Dependencies and additional info
High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m) > WARNING
CPU interrupt time is too high (over <$CPU.INTERRUPT.CRIT.MAX>% for 5m)
CPU privileged time is too high (over <$CPU.PRIV.CRIT.MAX>% for 5m)
CPU queue length is too high (over <$CPU.QUEUE.CRIT.MAX>for 5m)

Used memory in Bytes

Total memory in Bytes

Memory utilization in %

Cache Bytes is the sum of the Memory\System Cache Resident Bytes, Memory\System Driver Resident Bytes,

Memory\System Code Resident Bytes, and Memory\Pool Paged Resident Bytes counters. This counter displays

the last observed value only; it is not an average.

The free space of swap volume/file in bytes.

The free space of swap volume/file in percent.

The total space of swap volume/file in bytes.

This indicates the number of page table entries not currently in use by the system. If the number is less

than 5,000, there may well be a memory leak or you running out of memory.

Page Faults/sec is the average number of pages faulted per second. It is measured in number of pages

faulted per second because only one page is faulted in each fault operation, hence this is also equal

to the number of page fault operations. This counter includes both hard faults (those that require

disk access) and soft faults (where the faulted page is found elsewhere in physical memory.) Most

processors can handle large numbers of soft faults without significant consequence. However, hard faults,

which require disk access, can cause significant delays.

This measures the rate at which pages are read from or written to disk to resolve hard page faults.

If the value is greater than 1,000, as a result of excessive paging, there may be a memory leak.

This measures the size, in bytes, of the non-paged pool. This is an area of system memory for objects

that cannot be written to disk but instead must remain in physical memory as long as they are allocated.

There is a possible memory leak if the value is greater than 175MB (or 100MB with the /3GB switch).

A typical Event ID 2019 is recorded in the system event log.

Group Name Description Type Key and additional info
Memory Used memory ZABBIX_PASSIVE vm.memory.size[used]
Memory Total memory ZABBIX_PASSIVE vm.memory.size[total]
Memory Memory utilization CALCULATED vm.memory.util

Expression:

last(«vm.memory.size[used]») / last(«vm.memory.size[total]») * 100
Memory Cache bytes ZABBIX_PASSIVE perf_counter_en[«\Memory\Cache Bytes»]
Memory Free swap space CALCULATED system.swap.free

Expression:

last(«system.swap.size[,total]») — last(«system.swap.size[,total]») / 100 * last(«perf_counter_en[\»\Paging file(_Total)\% Usage\»]»)
Memory Free swap space in % DEPENDENT system.swap.pfree

Preprocessing:

— JAVASCRIPT: return (100 — value)

The used space of swap volume/file in percent.

ZABBIX_PASSIVE perf_counter_en[«\Paging file(_Total)\% Usage»]
Memory Total swap space ZABBIX_PASSIVE system.swap.size[,total]
Memory Free system page table entries ZABBIX_PASSIVE perf_counter_en[«\Memory\Free System Page Table Entries»]
Memory Memory page faults per second ZABBIX_PASSIVE perf_counter_en[«\Memory\Page Faults/sec»]
Memory Memory pages per second ZABBIX_PASSIVE perf_counter_en[«\Memory\Pages/sec»]
Memory Memory pool non-paged ZABBIX_PASSIVE perf_counter_en[«\Memory\Pool Nonpaged Bytes»]

Triggers

The system is running out of free memory.

This trigger is ignored, if there is no swap configured

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

The Memory Free System Page Table Entries is less than <$MEM.PAGE_TABLE_CRIT.MIN>for 5 minutes. If the number is less than 5,000, there may well be a memory leak.

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

The Memory Pages/sec in the last 5 minutes exceeds <$MEM.PAGE_SEC.CRIT.MAX>. If the value is greater than 1,000, as a result of excessive paging, there may be a memory leak.

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows filesystems by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

The critical threshold of the filesystem utilization in percent.

The warning threshold of the filesystem utilization in percent.

There are no template links in this template.

Discovery rules

Name Description Expression Severity Dependencies and additional info
High memory utilization (><$MEMORY.UTIL.MAX>% for 5m) > AVERAGE
High swap space usage (less than <$SWAP.PFREE.MIN.WARN>% free)
Number of free system page table entries is too low (less <$MEM.PAGE_TABLE_CRIT.MIN>for 5m)
The Memory Pages/sec is too high (over <$MEM.PAGE_SEC.CRIT.MAX>for 5m)

Discovery of file systems of different types.

Name Description Type Key and additional info
Mounted filesystem discovery ZABBIX_PASSIVE vfs.fs.discovery

Filter:

Items collected

Used storage in Bytes

Total space in Bytes

Space utilization in % for

Group Name Description Type Key and additional info
Filesystems <#FSNAME>: Used space ZABBIX_PASSIVE vfs.fs.size[<#FSNAME>,used]
Filesystems <#FSNAME>: Total space ZABBIX_PASSIVE vfs.fs.size[<#FSNAME>,total]
Filesystems <#FSNAME>: Space utilization ZABBIX_PASSIVE vfs.fs.size[<#FSNAME>,pused]

Triggers

Two conditions should match: First, space utilization should be above <$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«>.

Second condition should be one of the following:

— The disk free space is less than 5G.

— The disk will be full in less than 24 hours.

Manual close: YES

Two conditions should match: First, space utilization should be above <$VFS.FS.PUSED.MAX.WARN:"<#FSNAME>«>.

Second condition should be one of the following:

— The disk free space is less than 10G.

— The disk will be full in less than 24 hours.

Manual close: YES

Depends on:

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows physical disks by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in physical disks discovery. Can be overridden on the host or linked template level.

This macro is used in physical disks discovery. Can be overridden on the host or linked template level.

Disk read average response time (in s) before the trigger would fire.

The warning threshold of disk time utilization in percent.

Disk write average response time (in s) before the trigger would fire.

There are no template links in this template.

Discovery rules

Name Description Expression Severity Dependencies and additional info
<#FSNAME>: Disk space is critically low (used > <$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«>%) ,pused].last()>><$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«> and ((,total].last()>-,used].last()>) AVERAGE ,pused].last()>><$VFS.FS.PUSED.MAX.WARN:"<#FSNAME>«> and ((,total].last()>-,used].last()>) WARNING

Discovery of installed physical disks.

Name Description Type Key and additional info
Physical disks discovery ZABBIX_PASSIVE perf_instance_en.discovery[PhysicalDisk]

Preprocessing:

Filter:

Items collected

Rate of read operations on the disk.

Rate of write operations on the disk.

Current average disk queue, the number of requests outstanding on the disk at the time the performance data is collected.

This item is the percentage of elapsed time that the selected disk drive was busy servicing read or writes requests.

The average time for read requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.

The average time for write requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.

Average disk read queue, the number of requests outstanding on the disk at the time the performance data is collected.

Average disk write queue, the number of requests outstanding on the disk at the time the performance data is collected.

Group Name Description Type Key and additional info
Storage <#DEVNAME>: Disk read rate ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Disk Reads/sec»,60]
Storage <#DEVNAME>: Disk write rate ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Disk Writes/sec»,60]
Storage <#DEVNAME>: Disk average queue size (avgqu-sz) ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Current Disk Queue Length»,60]
Storage <#DEVNAME>: Disk utilization ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\% Disk Time»,60]
Storage <#DEVNAME>: Disk read request avg waiting time ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk sec/Read»,60]
Storage <#DEVNAME>: Disk write request avg waiting time ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk sec/Write»,60]
Storage <#DEVNAME>: Average disk read queue length ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk Read Queue Length»,60]
Storage <#DEVNAME>: Average disk write queue length ZABBIX_PASSIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk Write Queue Length»,60]

Triggers

The disk appears to be under heavy load

Manual close: YES

Depends on:

— <#DEVNAME>: Disk read request responses are too high (read > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«>s for 15m

— <#DEVNAME>: Disk write request responses are too high (write > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«>s for 15m)

This trigger might indicate disk <#DEVNAME>saturation.

Manual close: YES

This trigger might indicate disk <#DEVNAME>saturation.

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows generic by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The threshold for difference of system time in seconds.

There are no template links in this template.

Discovery rules

Items collected

Name Description Expression Severity Dependencies and additional info
<#DEVNAME>: Disk is overloaded (util > <$VFS.DEV.UTIL.MAX.WARN>% for 15m)
<#DEVNAME>: Disk read request responses are too high (read > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«>s for 15m )\Avg. Disk sec/Read»,60].min(15m)> > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«> WARNING
<#DEVNAME>: Disk write request responses are too high (write > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«>s for 15m) )\Avg. Disk sec/Write»,60].min(15m)> > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«> WARNING

System local time of the host.

System host name.

The number of threads used by all running processes.

Operating system architecture of the host.

Group Name Description Type Key and additional info
General System local time ZABBIX_PASSIVE system.localtime
General System name ZABBIX_PASSIVE system.hostname

Preprocessing:

System description of the host.

ZABBIX_PASSIVE system.uname

Preprocessing:

The number of processes.

ZABBIX_PASSIVE proc.num[]
General Number of threads ZABBIX_PASSIVE perf_counter_en[«\System\Threads»]
Inventory Operating system architecture ZABBIX_PASSIVE system.sw.arch

Preprocessing:

System uptime in ‘N days, hh:mm:ss’ format.

ZABBIX_PASSIVE system.uptime

Triggers

The host system time is different from the Zabbix server time.

Manual close: YES

System name has changed. Ack to close.

Manual close: YES

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows network by Zabbix agent

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

Name Description Expression Severity Dependencies and additional info
System time is out of sync (diff with Zabbix server > <$SYSTEM.FUZZYTIME.MAX>s)
System name has changed (new name: )
Host has been restarted (uptime WARNING Miniport|Virtual|Teredo|Kernel|Loopback|Bluetooth|HTTPS|6to4|QoS|Layer

There are no template links in this template.

Discovery rules

Discovery of installed network interfaces.

Name Description Type Key and additional info
Network interfaces discovery DEPENDENT net.if.discovery

Preprocessing:

— JAVASCRIPT: Text is too long. Please see the template.

Filter:

Items collected

Incoming traffic on the network interface.

Outgoing traffic on the network interface.

The number of incoming packets dropped on the network interface.

The number of outgoing packets dropped on the network interface.

The number of incoming packets with errors on the network interface.

The number of outgoing packets with errors on the network interface.

Estimated bandwidth of the network interface if any.

The type of the network interface.

The operational status of the network interface.

Raw data of win32_networkadapter.

Group Name Description Type Key and additional info
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Bits received ZABBIX_PASSIVE net.if.in[«<#IFNAME>«]

Preprocessing:

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Bits sent ZABBIX_PASSIVE net.if.out[«<#IFNAME>«]

Preprocessing:

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Inbound packets discarded ZABBIX_PASSIVE net.if.in[«<#IFNAME>«,dropped]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Outbound packets discarded ZABBIX_PASSIVE net.if.out[«<#IFNAME>«,dropped]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Inbound packets with errors ZABBIX_PASSIVE net.if.in[«<#IFNAME>«,errors]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Outbound packets with errors ZABBIX_PASSIVE net.if.out[«<#IFNAME>«,errors]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Speed DEPENDENT net.if.speed[«<#IFNAME>«]

Preprocessing:

в›”пёЏON_FAIL: CUSTOM_VALUE -> 0

— JAVASCRIPT: return (value==’9223372036854775807′ ? 0 : value)

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Interface type DEPENDENT net.if.type[«<#IFNAME>«]

Preprocessing:

— JSONPATH: $[?(@.Name == «<#IFNAME>«)].AdapterTypeId.first()

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Operational status DEPENDENT net.if.status[«<#IFNAME>«]

Preprocessing:

— JSONPATH: $[?(@.Name == «<#IFNAME>«)].NetConnectionStatus.first()

Zabbix_raw_items Network interfaces WMI get ZABBIX_PASSIVE wmi.getall[root\cimv2,»select Name,Description,NetConnectionID,Speed,AdapterTypeId,NetConnectionStatus from win32_networkadapter where PhysicalAdapter=True and NetConnectionStatus>0″]

Triggers

The network interface utilization is close to its estimated maximum bandwidth.

Manual close: YES

Depends on:

Recovers when below 80% of <$IF.ERRORS.WARN:"<#IFNAME>«> threshold

Manual close: YES

Depends on:

This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Ack to close.

Manual close: YES

Depends on:

This trigger expression works as follows:

1. Can be triggered if operations status is down.

2. <$IFCONTROL:\"<#IFNAME>\»>=1 — user can redefine Context macro to value — 0. That marks this interface as not important.

No new trigger will be fired if this interface is down.

3. =1) — trigger fires only if operational status is different from Connected(2).

WARNING: if closed manually — won’t fire again on next poll, because of .diff.

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows services by Zabbix agent

Overview

For Zabbix version: 5.4 and higher
Special version of services template that is required for Windows OS.

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in Service discovery. Can be overridden on the host or linked template level.

This macro is used in Service discovery. Can be overridden on the host or linked template level.

Name Description Expression Severity Dependencies and additional info
Interface <#IFNAME>(<#IFALIAS>): High bandwidth usage (> <$IF.UTIL.MAX:"<#IFNAME>«>% ) («].avg(15m)>>(<$IF.UTIL.MAX:"<#IFNAME>«>/100)*«].last()> or «].avg(15m)>>(<$IF.UTIL.MAX:"<#IFNAME>«>/100)*«].last()>) and «].last()>>0

«].avg(15m)>

 WARNING
Interface <#IFNAME>(<#IFALIAS>): High error rate (> <$IF.ERRORS.WARN:"<#IFNAME>«> for 5m) «,errors].min(5m)>><$IF.ERRORS.WARN:"<#IFNAME>«> or «,errors].min(5m)>><$IF.ERRORS.WARN:"<#IFNAME>«>

«,errors].max(5m)>

 WARNING
Interface <#IFNAME>(<#IFALIAS>): Ethernet has changed to lower speed than it was before <$IFCONTROL:"<#IFNAME>«>=1 and («].last()><>2 and «].diff()>=1)

«].last()>=2 or <$IFCONTROL:"<#IFNAME>«>=0

 AVERAGE ^RemoteRegistry|MMCSS|gupdate|SysmonLog|clr_optimization_v.+|clr_optimization_v.+|sppsvc|gpsvc|Pml Driver HPZ12|Net Driver HPZ12|MapsBroker|IntelAudioService|Intel\(R\) TPM Provisioning Service|dbupdate|DoSvc$

This macro is used in Service discovery. Can be overridden on the host or linked template level.

This macro is used in Service discovery. Can be overridden on the host or linked template level.

^manual|disabled$

There are no template links in this template.

Discovery rules

Discovery of Windows services of different types as defined in template’s macros.

Name Description Type Key and additional info
Windows services discovery ZABBIX_PASSIVE service.discovery

Filter:

Items collected

Group Name Description Type Key and additional info
Services State of service «<#SERVICE.NAME>» (<#SERVICE.DISPLAYNAME>) ZABBIX_PASSIVE service.info[«<#SERVICE.NAME>«,state]

Triggers

The service has a state other than «Running» for the last three times.

Name Description Expression Severity Dependencies and additional info
«<#SERVICE.NAME>» (<#SERVICE.DISPLAYNAME>) is not running (startup type <#SERVICE.STARTUPNAME>) «,state].min(#3)><>0 AVERAGE

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows by Zabbix agent

Overview

For Zabbix version: 5.4 and higher
New official Windows template. Requires agent of Zabbix 4.4 and newer.

This template was tested on:

  • Windows, version 7 and newer.
  • Windows Server, version 2008 R2 and newer.

Setup

Install Zabbix agent on Windows OS according to Zabbix documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Name
Windows CPU by Zabbix agent
Windows filesystems by Zabbix agent
Windows generic by Zabbix agent
Windows memory by Zabbix agent
Windows network by Zabbix agent
Windows physical disks by Zabbix agent
Windows services by Zabbix agent
Zabbix agent

Discovery rules

Items collected

Group Name Description Type Key and additional info

Triggers

Name Description Expression Severity Dependencies and additional info

Feedback

Please report any issues with the template at https://support.zabbix.com

You can also provide a feedback, discuss the template or ask for help with it at ZABBIX forums.

Windows CPU by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The critical threshold of the % Interrupt Time counter.

The threshold of the % Privileged Time counter.

The threshold of the Processor Queue Length counter.

The critical threshold of the CPU utilization in %.

There are no template links in this template.

Discovery rules

Items collected

CPU utilization in %

The Processor Information\% Interrupt Time is the time the processor spends receiving and servicing

hardware interrupts during sample intervals. This value is an indirect indicator of the activity of

devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication

lines, network interface cards and other peripheral devices. This is an easy way to identify a potential

hardware failure. This should never be higher than 20%.

Context Switches/sec is the combined rate at which all processors on the computer are switched from one thread to another.

Context switches occur when a running thread voluntarily relinquishes the processor, is preempted by a higher priority ready thread, or switches between user-mode and privileged (kernel) mode to use an Executive or subsystem service.

It is the sum of Thread\Context Switches/sec for all threads running on all processors in the computer and is measured in numbers of switches.

There are context switch counters on the System and Thread objects. This counter displays the difference between the values observed in the last two samples, divided by the duration of the sample interval.

The Processor Information\% Privileged Time counter shows the percent of time that the processor is spent

executing in Kernel (or Privileged) mode. Privileged mode includes services interrupts inside Interrupt

Service Routines (ISRs), executing Deferred Procedure Calls (DPCs), Device Driver calls and other kernel-mode

functions of the WindowsВ® Operating System.

Processor DPC time is the time that a single processor spent receiving and servicing deferred procedure

calls (DPCs). DPCs are interrupts that run at a lower priority than standard interrupts. % DPC Time is a

component of % Privileged Time because DPCs are executed in privileged mode. If a high % DPC Time is

sustained, there may be a processor bottleneck or an application or hardware related issue that can

significantly diminish overall system performance.

The Processor Information\% User Time counter shows the percent of time that the processor(s) is spent executing

The number of logical processors available on the computer.

The Processor Queue Length shows the number of threads that are observed as delayed in the processor Ready Queue

and are waiting to be executed.

Group Name Description Type Key and additional info
CPU CPU utilization ZABBIX_ACTIVE system.cpu.util
CPU CPU interrupt time ZABBIX_ACTIVE perf_counter_en[«\Processor Information(_total)\% Interrupt Time»]
CPU Context switches per second ZABBIX_ACTIVE perf_counter_en[«\System\Context Switches/sec»]
CPU CPU privileged time ZABBIX_ACTIVE perf_counter_en[«\Processor Information(_total)\% Privileged Time»]
CPU CPU DPC time ZABBIX_ACTIVE perf_counter_en[«\Processor Information(_total)\% DPC Time»]
CPU CPU user time ZABBIX_ACTIVE perf_counter_en[«\Processor Information(_total)\% User Time»]
CPU Number of cores ZABBIX_ACTIVE wmi.get[root/cimv2,»Select NumberOfLogicalProcessors from Win32_ComputerSystem»]
CPU CPU queue length ZABBIX_ACTIVE perf_counter_en[«\System\Processor Queue Length»]

Triggers

CPU utilization is too high. The system might be slow to respond.

«The CPU Interrupt Time in the last 5 minutes exceeds <$CPU.INTERRUPT.CRIT.MAX>%.»

The Processor Information\% Interrupt Time is the time the processor spends receiving and servicing

hardware interrupts during sample intervals. This value is an indirect indicator of the activity of

devices that generate interrupts, such as the system clock, the mouse, disk drivers, data communication

lines, network interface cards and other peripheral devices. This is an easy way to identify a potential

hardware failure. This should never be higher than 20%.

Depends on:

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

The CPU privileged time in the last 5 minutes exceeds <$CPU.PRIV.CRIT.MAX>%.

Depends on:

— CPU interrupt time is too high (over <$CPU.INTERRUPT.CRIT.MAX>% for 5m)

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

The CPU Queue Length in the last 5 minutes exceeds <$CPU.QUEUE.CRIT.MAX>. According to actual observations, PQL should not exceed the number of cores * 2. To fine-tune the conditions, use the macro <$CPU.QUEUE.CRIT.MAX >.

Depends on:

— High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m)

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows memory by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The warning threshold of the Memory Pages/sec counter.

The warning threshold of the Free System Page Table Entries counter.

The warning threshold of the Memory util item.

The warning threshold of the minimum free swap.

There are no template links in this template.

Discovery rules

Items collected

Name Description Expression Severity Dependencies and additional info
High CPU utilization (over <$CPU.UTIL.CRIT>% for 5m) > WARNING
CPU interrupt time is too high (over <$CPU.INTERRUPT.CRIT.MAX>% for 5m)
CPU privileged time is too high (over <$CPU.PRIV.CRIT.MAX>% for 5m)
CPU queue length is too high (over <$CPU.QUEUE.CRIT.MAX>for 5m)

Used memory in Bytes

Total memory in Bytes

Memory utilization in %

Cache Bytes is the sum of the Memory\System Cache Resident Bytes, Memory\System Driver Resident Bytes,

Memory\System Code Resident Bytes, and Memory\Pool Paged Resident Bytes counters. This counter displays

the last observed value only; it is not an average.

The free space of swap volume/file in bytes.

The free space of swap volume/file in percent.

The total space of swap volume/file in bytes.

This indicates the number of page table entries not currently in use by the system. If the number is less

than 5,000, there may well be a memory leak or you running out of memory.

Page Faults/sec is the average number of pages faulted per second. It is measured in number of pages

faulted per second because only one page is faulted in each fault operation, hence this is also equal

to the number of page fault operations. This counter includes both hard faults (those that require

disk access) and soft faults (where the faulted page is found elsewhere in physical memory.) Most

processors can handle large numbers of soft faults without significant consequence. However, hard faults,

which require disk access, can cause significant delays.

This measures the rate at which pages are read from or written to disk to resolve hard page faults.

If the value is greater than 1,000, as a result of excessive paging, there may be a memory leak.

This measures the size, in bytes, of the non-paged pool. This is an area of system memory for objects

that cannot be written to disk but instead must remain in physical memory as long as they are allocated.

There is a possible memory leak if the value is greater than 175MB (or 100MB with the /3GB switch).

A typical Event ID 2019 is recorded in the system event log.

Group Name Description Type Key and additional info
Memory Used memory ZABBIX_ACTIVE vm.memory.size[used]
Memory Total memory ZABBIX_ACTIVE vm.memory.size[total]
Memory Memory utilization CALCULATED vm.memory.util

Expression:

last(«vm.memory.size[used]») / last(«vm.memory.size[total]») * 100
Memory Cache bytes ZABBIX_ACTIVE perf_counter_en[«\Memory\Cache Bytes»]
Memory Free swap space CALCULATED system.swap.free

Expression:

last(«system.swap.size[,total]») — last(«system.swap.size[,total]») / 100 * last(«perf_counter_en[\»\Paging file(_Total)\% Usage\»]»)
Memory Free swap space in % DEPENDENT system.swap.pfree

Preprocessing:

— JAVASCRIPT: return (100 — value)

The used space of swap volume/file in percent.

ZABBIX_ACTIVE perf_counter_en[«\Paging file(_Total)\% Usage»]
Memory Total swap space ZABBIX_ACTIVE system.swap.size[,total]
Memory Free system page table entries ZABBIX_ACTIVE perf_counter_en[«\Memory\Free System Page Table Entries»]
Memory Memory page faults per second ZABBIX_ACTIVE perf_counter_en[«\Memory\Page Faults/sec»]
Memory Memory pages per second ZABBIX_ACTIVE perf_counter_en[«\Memory\Pages/sec»]
Memory Memory pool non-paged ZABBIX_ACTIVE perf_counter_en[«\Memory\Pool Nonpaged Bytes»]

Triggers

The system is running out of free memory.

This trigger is ignored, if there is no swap configured

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

The Memory Free System Page Table Entries is less than <$MEM.PAGE_TABLE_CRIT.MIN>for 5 minutes. If the number is less than 5,000, there may well be a memory leak.

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

The Memory Pages/sec in the last 5 minutes exceeds <$MEM.PAGE_SEC.CRIT.MAX>. If the value is greater than 1,000, as a result of excessive paging, there may be a memory leak.

Depends on:

— High memory utilization (><$MEMORY.UTIL.MAX>% for 5m)

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows filesystems by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

This macro is used in filesystems discovery. Can be overridden on the host or linked template level.

The critical threshold of the filesystem utilization in percent.

The warning threshold of the filesystem utilization in percent.

There are no template links in this template.

Discovery rules

Name Description Expression Severity Dependencies and additional info
High memory utilization (><$MEMORY.UTIL.MAX>% for 5m) > AVERAGE
High swap space usage (less than <$SWAP.PFREE.MIN.WARN>% free)
Number of free system page table entries is too low (less <$MEM.PAGE_TABLE_CRIT.MIN>for 5m)
The Memory Pages/sec is too high (over <$MEM.PAGE_SEC.CRIT.MAX>for 5m)

Discovery of file systems of different types.

Name Description Type Key and additional info
Mounted filesystem discovery ZABBIX_ACTIVE vfs.fs.discovery

Filter:

Items collected

Used storage in Bytes

Total space in Bytes

Space utilization in % for

Group Name Description Type Key and additional info
Filesystems <#FSNAME>: Used space ZABBIX_ACTIVE vfs.fs.size[<#FSNAME>,used]
Filesystems <#FSNAME>: Total space ZABBIX_ACTIVE vfs.fs.size[<#FSNAME>,total]
Filesystems <#FSNAME>: Space utilization ZABBIX_ACTIVE vfs.fs.size[<#FSNAME>,pused]

Triggers

Two conditions should match: First, space utilization should be above <$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«>.

Second condition should be one of the following:

— The disk free space is less than 5G.

— The disk will be full in less than 24 hours.

Manual close: YES

Two conditions should match: First, space utilization should be above <$VFS.FS.PUSED.MAX.WARN:"<#FSNAME>«>.

Second condition should be one of the following:

— The disk free space is less than 10G.

— The disk will be full in less than 24 hours.

Manual close: YES

Depends on:

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows physical disks by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in physical disks discovery. Can be overridden on the host or linked template level.

This macro is used in physical disks discovery. Can be overridden on the host or linked template level.

Disk read average response time (in s) before the trigger would fire.

The warning threshold of disk time utilization in percent.

Disk write average response time (in s) before the trigger would fire.

There are no template links in this template.

Discovery rules

Name Description Expression Severity Dependencies and additional info
<#FSNAME>: Disk space is critically low (used > <$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«>%) ,pused].last()>><$VFS.FS.PUSED.MAX.CRIT:"<#FSNAME>«> and ((,total].last()>-,used].last()>) AVERAGE ,pused].last()>><$VFS.FS.PUSED.MAX.WARN:"<#FSNAME>«> and ((,total].last()>-,used].last()>) WARNING

Discovery of installed physical disks.

Name Description Type Key and additional info
Physical disks discovery ZABBIX_ACTIVE perf_instance_en.discovery[PhysicalDisk]

Preprocessing:

Filter:

Items collected

Rate of read operations on the disk.

Rate of write operations on the disk.

Current average disk queue, the number of requests outstanding on the disk at the time the performance data is collected.

This item is the percentage of elapsed time that the selected disk drive was busy servicing read or writes requests.

The average time for read requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.

The average time for write requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.

Average disk read queue, the number of requests outstanding on the disk at the time the performance data is collected.

Average disk write queue, the number of requests outstanding on the disk at the time the performance data is collected.

Group Name Description Type Key and additional info
Storage <#DEVNAME>: Disk read rate ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Disk Reads/sec»,60]
Storage <#DEVNAME>: Disk write rate ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Disk Writes/sec»,60]
Storage <#DEVNAME>: Disk average queue size (avgqu-sz) ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Current Disk Queue Length»,60]
Storage <#DEVNAME>: Disk utilization ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\% Disk Time»,60]
Storage <#DEVNAME>: Disk read request avg waiting time ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk sec/Read»,60]
Storage <#DEVNAME>: Disk write request avg waiting time ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk sec/Write»,60]
Storage <#DEVNAME>: Average disk read queue length ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk Read Queue Length»,60]
Storage <#DEVNAME>: Average disk write queue length ZABBIX_ACTIVE perf_counter_en[«\PhysicalDisk(<#DEVNAME>)\Avg. Disk Write Queue Length»,60]

Triggers

The disk appears to be under heavy load

Manual close: YES

Depends on:

— <#DEVNAME>: Disk read request responses are too high (read > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«>s for 15m

— <#DEVNAME>: Disk write request responses are too high (write > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«>s for 15m)

This trigger might indicate disk <#DEVNAME>saturation.

Manual close: YES

This trigger might indicate disk <#DEVNAME>saturation.

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows generic by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

The threshold for difference of system time in seconds.

There are no template links in this template.

Discovery rules

Items collected

Name Description Expression Severity Dependencies and additional info
<#DEVNAME>: Disk is overloaded (util > <$VFS.DEV.UTIL.MAX.WARN>% for 15m)
<#DEVNAME>: Disk read request responses are too high (read > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«>s for 15m )\Avg. Disk sec/Read»,60].min(15m)> > <$VFS.DEV.READ.AWAIT.WARN:"<#DEVNAME>«> WARNING
<#DEVNAME>: Disk write request responses are too high (write > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«>s for 15m) )\Avg. Disk sec/Write»,60].min(15m)> > <$VFS.DEV.WRITE.AWAIT.WARN:"<#DEVNAME>«> WARNING

System local time of the host.

System host name.

The number of threads used by all running processes.

Operating system architecture of the host.

Group Name Description Type Key and additional info
General System local time ZABBIX_ACTIVE system.localtime
General System name ZABBIX_ACTIVE system.hostname

Preprocessing:

System description of the host.

ZABBIX_ACTIVE system.uname

Preprocessing:

The number of processes.

ZABBIX_ACTIVE proc.num[]
General Number of threads ZABBIX_ACTIVE perf_counter_en[«\System\Threads»]
Inventory Operating system architecture ZABBIX_ACTIVE system.sw.arch

Preprocessing:

System uptime in ‘N days, hh:mm:ss’ format.

ZABBIX_ACTIVE system.uptime

Triggers

The host system time is different from the Zabbix server time.

Manual close: YES

System name has changed. Ack to close.

Manual close: YES

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows network by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

This macro is used in Network interface discovery. Can be overridden on the host or linked template level.

Name Description Expression Severity Dependencies and additional info
System time is out of sync (diff with Zabbix server > <$SYSTEM.FUZZYTIME.MAX>s)
System name has changed (new name: )
Host has been restarted (uptime WARNING Miniport|Virtual|Teredo|Kernel|Loopback|Bluetooth|HTTPS|6to4|QoS|Layer

There are no template links in this template.

Discovery rules

Discovery of installed network interfaces.

Name Description Type Key and additional info
Network interfaces discovery DEPENDENT net.if.discovery

Preprocessing:

— JAVASCRIPT: Text is too long. Please see the template.

Filter:

Items collected

Incoming traffic on the network interface.

Outgoing traffic on the network interface.

The number of incoming packets dropped on the network interface.

The number of outgoing packets dropped on the network interface.

The number of incoming packets with errors on the network interface.

The number of outgoing packets with errors on the network interface.

Estimated bandwidth of the network interface if any.

The type of the network interface.

The operational status of the network interface.

Raw data of win32_networkadapter.

Group Name Description Type Key and additional info
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Bits received ZABBIX_ACTIVE net.if.in[«<#IFNAME>«]

Preprocessing:

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Bits sent ZABBIX_ACTIVE net.if.out[«<#IFNAME>«]

Preprocessing:

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Inbound packets discarded ZABBIX_ACTIVE net.if.in[«<#IFNAME>«,dropped]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Outbound packets discarded ZABBIX_ACTIVE net.if.out[«<#IFNAME>«,dropped]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Inbound packets with errors ZABBIX_ACTIVE net.if.in[«<#IFNAME>«,errors]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Outbound packets with errors ZABBIX_ACTIVE net.if.out[«<#IFNAME>«,errors]

Preprocessing:

— CHANGE_PER_SECOND
Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Speed DEPENDENT net.if.speed[«<#IFNAME>«]

Preprocessing:

в›”пёЏON_FAIL: CUSTOM_VALUE -> 0

— JAVASCRIPT: return (value==’9223372036854775807′ ? 0 : value)

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Interface type DEPENDENT net.if.type[«<#IFNAME>«]

Preprocessing:

— JSONPATH: $[?(@.Name == «<#IFNAME>«)].AdapterTypeId.first()

Network_interfaces Interface <#IFNAME>(<#IFALIAS>): Operational status DEPENDENT net.if.status[«<#IFNAME>«]

Preprocessing:

— JSONPATH: $[?(@.Name == «<#IFNAME>«)].NetConnectionStatus.first()

Zabbix_raw_items Network interfaces WMI get ZABBIX_ACTIVE wmi.getall[root\cimv2,»select Name,Description,NetConnectionID,Speed,AdapterTypeId,NetConnectionStatus from win32_networkadapter where PhysicalAdapter=True and NetConnectionStatus>0″]

Triggers

The network interface utilization is close to its estimated maximum bandwidth.

Manual close: YES

Depends on:

Recovers when below 80% of <$IF.ERRORS.WARN:"<#IFNAME>«> threshold

Manual close: YES

Depends on:

This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Ack to close.

Manual close: YES

Depends on:

This trigger expression works as follows:

1. Can be triggered if operations status is down.

2. <$IFCONTROL:\"<#IFNAME>\»>=1 — user can redefine Context macro to value — 0. That marks this interface as not important.

No new trigger will be fired if this interface is down.

3. =1) — trigger fires only if operational status is different from Connected(2).

WARNING: if closed manually — won’t fire again on next poll, because of .diff.

Manual close: YES

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows services by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher
Special version of services template that is required for Windows OS.

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Macros used

This macro is used in Service discovery. Can be overridden on the host or linked template level.

This macro is used in Service discovery. Can be overridden on the host or linked template level.

Name Description Expression Severity Dependencies and additional info
Interface <#IFNAME>(<#IFALIAS>): High bandwidth usage (> <$IF.UTIL.MAX:"<#IFNAME>«>% ) («].avg(15m)>>(<$IF.UTIL.MAX:"<#IFNAME>«>/100)*«].last()> or «].avg(15m)>>(<$IF.UTIL.MAX:"<#IFNAME>«>/100)*«].last()>) and «].last()>>0

«].avg(15m)>

 WARNING
Interface <#IFNAME>(<#IFALIAS>): High error rate (> <$IF.ERRORS.WARN:"<#IFNAME>«> for 5m) «,errors].min(5m)>><$IF.ERRORS.WARN:"<#IFNAME>«> or «,errors].min(5m)>><$IF.ERRORS.WARN:"<#IFNAME>«>

«,errors].max(5m)>

 WARNING
Interface <#IFNAME>(<#IFALIAS>): Ethernet has changed to lower speed than it was before <$IFCONTROL:"<#IFNAME>«>=1 and («].last()><>2 and «].diff()>=1)

«].last()>=2 or <$IFCONTROL:"<#IFNAME>«>=0

 AVERAGE ^RemoteRegistry|MMCSS|gupdate|SysmonLog|clr_optimization_v.+|clr_optimization_v.+|sppsvc|gpsvc|Pml Driver HPZ12|Net Driver HPZ12|MapsBroker|IntelAudioService|Intel\(R\) TPM Provisioning Service|dbupdate|DoSvc$

This macro is used in Service discovery. Can be overridden on the host or linked template level.

This macro is used in Service discovery. Can be overridden on the host or linked template level.

^manual|disabled$

There are no template links in this template.

Discovery rules

Discovery of Windows services of different types as defined in template’s macros.

Name Description Type Key and additional info
Windows services discovery ZABBIX_ACTIVE service.discovery

Filter:

Items collected

Group Name Description Type Key and additional info
Services State of service «<#SERVICE.NAME>» (<#SERVICE.DISPLAYNAME>) ZABBIX_ACTIVE service.info[«<#SERVICE.NAME>«,state]

Triggers

The service has a state other than «Running» for the last three times.

Name Description Expression Severity Dependencies and additional info
«<#SERVICE.NAME>» (<#SERVICE.DISPLAYNAME>) is not running (startup type <#SERVICE.STARTUPNAME>) «,state].min(#3)><>0 AVERAGE

Feedback

Please report any issues with the template at https://support.zabbix.com

Windows by Zabbix agent active

Overview

For Zabbix version: 5.4 and higher
New official Windows template. Requires agent of Zabbix 4.4 and newer.

This template was tested on:

  • Windows, version 7 and newer.
  • Windows Server, version 2008 R2 and newer.

Setup

Install Zabbix agent on Windows OS according to Zabbix documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Name
Windows CPU by Zabbix agent active
Windows filesystems by Zabbix agent active
Windows generic by Zabbix agent active
Windows memory by Zabbix agent active
Windows network by Zabbix agent active
Windows physical disks by Zabbix agent active
Windows services by Zabbix agent active
Zabbix agent

Discovery rules

Items collected

Group Name Description Type Key and additional info

Triggers

Name Description Expression Severity Dependencies and additional info

Feedback

Please report any issues with the template at https://support.zabbix.com

You can also provide a feedback, discuss the template or ask for help with it at ZABBIX forums.

Windows SNMP

Overview

For Zabbix version: 5.2 and higher

Setup

Refer to the vendor documentation.

Zabbix configuration

No specific Zabbix configuration is required.

Name
Generic SNMP
HOST-RESOURCES-MIB SNMP
Interfaces Windows SNMP

Discovery rules

Items collected

Group Name Description Type Key and additional info

Triggers

Name Description Expression Severity Dependencies and additional info

Feedback

Please report any issues with the template at https://support.zabbix.com

Known Issues

Description: Doesn’t support In/Out 64 bit counters even though IfxTable is present: Currently, Windows gets it’s interface status from MIB-2. Since these 64bit SNMP counters (ifHCInOctets, ifHCOutOctets, etc.) are defined as an extension to IF-MIB, Microsoft has not implemented it. https://social.technet.microsoft.com/Forums/windowsserver/en-US/07b62ff0-94f6-40ca-a99d-d129c1b33d70/windows-2008-r2-snmp-64bit-counters-support?forum=winservergen

Description: Doesn’t support ifXTable at all

Description: EtherLike MIB is not supported

Читайте также:  Компьютер останавливается при загрузке windows
Оцените статью
© 2024 Советы по настройке компьютера