~~NOCACHE~~ ## 3.環境準備-Linuxクライアント ### パッケージのインストール #### Zabbixリポジトリを設定する rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm dnf clean all #### zabbix-agentのインストール/起動/有効化 dnf install -y zabbix-agent systemctl restart zabbix-agent systemctl enable zabbix-agent ### zabbix-agentの設定 zabbix-agent設定ファイルの主な変更項目について記載する。 各設定値の詳細説明は下記URLを参照すること。 日本語訳はバージョンが古いので、不足している項目は英語版で確認すること。 https://www.zabbix.com/documentation/2.2/jp/manual/appendix/config/zabbix_agentd #変更 vi /etc/zabbix/zabbix_agentd.conf #適用 systemctl restart zabbix-agent #ログ確認 cat /var/log/zabbix/zabbix_agentd.log #### Server設定 Server=[zabbixサーバーのIPかホスト名] 通信の方向: zabbix_server → zabbix_agent ポート:10050/TCP(Agent側) ※ポートが開いていないとAgent起動に失敗する。 #変更不要 Server=127.0.0.1 #### ServerActive設定 通信の方向: zabbix_agent → zabbix_server ポート:10051/TCP(Server側) ※ポートが開いていないとログ監視ができない #変更前 ServerActive=127.0.0.1 #変更後(ポート番号未記載の場合はデフォルトポート10051となる) ServerActive=[zabbixサーバーのIPかホスト名]:[サーバのポート番号] #### ホスト名の設定 ホスト名の設定は、HostnameとHostnameItemの何れかで指定できる。 Agent側で指定するホスト名とZabbixのホスト登録で指定するホスト名を一致させる必要あり。 設定の優先度:Hostname>HostnameItem #変更例1(指定したホスト名が設定できる) Hostname=[ホスト名] # HostnameItem=system.hostname #変更例2(自身のhostnameの値が設定される) # Hostname= HostnameItem=system.hostname ### 初期値 # This is a configuration file for Zabbix agent daemon (Unix) # To get more information about Zabbix, visit http://www.zabbix.com ############ GENERAL PARAMETERS ################# ### Option: PidFile # Name of PID file. # # Mandatory: no # Default: # PidFile=/tmp/zabbix_agentd.pid PidFile=/var/run/zabbix/zabbix_agentd.pid ### Option: LogType # Specifies where log messages are written to: # system - syslog # file - file specified with LogFile parameter # console - standard output # # Mandatory: no # Default: # LogType=file ### Option: LogFile # Log file name for LogType 'file' parameter. # # Mandatory: yes, if LogType is set to file, otherwise no # Default: # LogFile= LogFile=/var/log/zabbix/zabbix_agentd.log ### Option: LogFileSize # Maximum size of log file in MB. # 0 - disable automatic log rotation. # # Mandatory: no # Range: 0-1024 # Default: # LogFileSize=1 LogFileSize=0 ### Option: DebugLevel # Specifies debug level: # 0 - basic information about starting and stopping of Zabbix processes # 1 - critical information # 2 - error information # 3 - warnings # 4 - for debugging (produces lots of information) # 5 - extended debugging (produces even more information) # # Mandatory: no # Range: 0-5 # Default: # DebugLevel=3 ### Option: SourceIP # Source IP address for outgoing connections. # # Mandatory: no # Default: # SourceIP= ### Option: AllowKey # Allow execution of item keys matching pattern. # Multiple keys matching rules may be defined in combination with DenyKey. # Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. # Parameters are processed one by one according their appearance order. # If no AllowKey or DenyKey rules defined, all keys are allowed. # # Mandatory: no ### Option: DenyKey # Deny execution of items keys matching pattern. # Multiple keys matching rules may be defined in combination with AllowKey. # Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. # Parameters are processed one by one according their appearance order. # If no AllowKey or DenyKey rules defined, all keys are allowed. # Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default. # # Mandatory: no # Default: # DenyKey=system.run[*] ### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead # Internal alias for AllowKey/DenyKey parameters depending on value: # 0 - DenyKey=system.run[*] # 1 - AllowKey=system.run[*] # # Mandatory: no ### Option: LogRemoteCommands # Enable logging of executed shell commands as warnings. # 0 - disabled # 1 - enabled # # Mandatory: no # Default: # LogRemoteCommands=0 ##### Passive checks related ### Option: Server # List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies. # Incoming connections will be accepted only from the hosts listed here. # If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally # and '::/0' will allow any IPv4 or IPv6 address. # '0.0.0.0/0' can be used to allow any IPv4 address. # Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com # # Mandatory: yes, if StartAgents is not explicitly set to 0 # Default: # Server= Server=127.0.0.1 ### Option: ListenPort # Agent will listen on this port for connections from the server. # # Mandatory: no # Range: 1024-32767 # Default: # ListenPort=10050 ### Option: ListenIP # List of comma delimited IP addresses that the agent should listen on. # First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks. # # Mandatory: no # Default: # ListenIP=0.0.0.0 ### Option: StartAgents # Number of pre-forked instances of zabbix_agentd that process passive checks. # If set to 0, disables passive checks and the agent will not listen on any TCP port. # # Mandatory: no # Range: 0-100 # Default: # StartAgents=3 ##### Active checks related ### Option: ServerActive # List of comma delimited IP:port (or DNS name:port) pairs of Zabbix servers and Zabbix proxies for active checks. # If port is not specified, default port is used. # IPv6 addresses must be enclosed in square brackets if port for that host is specified. # If port is not specified, square brackets for IPv6 addresses are optional. # If this parameter is not specified, active checks are disabled. # Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] # # Mandatory: no # Default: # ServerActive= ServerActive=127.0.0.1 ### Option: Hostname # List of comma delimited unique, case sensitive hostnames. # Required for active checks and must match hostnames as configured on the server. # Value is acquired from HostnameItem if undefined. # # Mandatory: no # Default: # Hostname= Hostname=Zabbix server ### Option: HostnameItem # Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. # Does not support UserParameters or aliases. # # Mandatory: no # Default: # HostnameItem=system.hostname ### Option: HostMetadata # Optional parameter that defines host metadata. # Host metadata is used at host auto-registration process. # An agent will issue an error and not start if the value is over limit of 255 characters. # If not defined, value will be acquired from HostMetadataItem. # # Mandatory: no # Range: 0-255 characters # Default: # HostMetadata= ### Option: HostMetadataItem # Optional parameter that defines an item used for getting host metadata. # Host metadata is used at host auto-registration process. # During an auto-registration request an agent will log a warning message if # the value returned by specified item is over limit of 255 characters. # This option is only used when HostMetadata is not defined. # # Mandatory: no # Default: # HostMetadataItem= ### Option: HostInterface # Optional parameter that defines host interface. # Host interface is used at host auto-registration process. # An agent will issue an error and not start if the value is over limit of 255 characters. # If not defined, value will be acquired from HostInterfaceItem. # # Mandatory: no # Range: 0-255 characters # Default: # HostInterface= ### Option: HostInterfaceItem # Optional parameter that defines an item used for getting host interface. # Host interface is used at host auto-registration process. # During an auto-registration request an agent will log a warning message if # the value returned by specified item is over limit of 255 characters. # This option is only used when HostInterface is not defined. # # Mandatory: no # Default: # HostInterfaceItem= ### Option: RefreshActiveChecks # How often list of active checks is refreshed, in seconds. # # Mandatory: no # Range: 60-3600 # Default: # RefreshActiveChecks=120 ### Option: BufferSend # Do not keep data longer than N seconds in buffer. # # Mandatory: no # Range: 1-3600 # Default: # BufferSend=5 ### Option: BufferSize # Maximum number of values in a memory buffer. The agent will send # all collected data to Zabbix Server or Proxy if the buffer is full. # # Mandatory: no # Range: 2-65535 # Default: # BufferSize=100 ### Option: MaxLinesPerSecond # Maximum number of new lines the agent will send per second to Zabbix Server # or Proxy processing 'log' and 'logrt' active checks. # The provided value will be overridden by the parameter 'maxlines', # provided in 'log' or 'logrt' item keys. # # Mandatory: no # Range: 1-1000 # Default: # MaxLinesPerSecond=20 ############ ADVANCED PARAMETERS ################# ### Option: Alias # Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one. # Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed. # Different Alias keys may reference the same item key. # For example, to retrieve the ID of user 'zabbix': # Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1] # Now shorthand key zabbix.userid may be used to retrieve data. # Aliases can be used in HostMetadataItem but not in HostnameItem parameters. # # Mandatory: no # Range: # Default: ### Option: Timeout # Spend no more than Timeout seconds on processing # # Mandatory: no # Range: 1-30 # Default: # Timeout=3 ### Option: AllowRoot # Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent # will try to switch to the user specified by the User configuration option instead. # Has no effect if started under a regular user. # 0 - do not allow # 1 - allow # # Mandatory: no # Default: # AllowRoot=0 ### Option: User # Drop privileges to a specific, existing user on the system. # Only has effect if run as 'root' and AllowRoot is disabled. # # Mandatory: no # Default: # User=zabbix # NOTE: This option is overriden by settings in systemd service file! ### Option: Include # You may include individual files or all files in a directory in the configuration file. # Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. # # Mandatory: no # Default: # Include= Include=/etc/zabbix/zabbix_agentd.d/*.conf # Include=/usr/local/etc/zabbix_agentd.userparams.conf # Include=/usr/local/etc/zabbix_agentd.conf.d/ # Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf ####### USER-DEFINED MONITORED PARAMETERS ####### ### Option: UnsafeUserParameters # Allow all characters to be passed in arguments to user-defined parameters. # The following characters are not allowed: # \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @ # Additionally, newline characters are not allowed. # 0 - do not allow # 1 - allow # # Mandatory: no # Range: 0-1 # Default: # UnsafeUserParameters=0 ### Option: UserParameter # User-defined parameter to monitor. There can be several user-defined parameters. # Format: UserParameter=, # See 'zabbix_agentd' directory for examples. # # Mandatory: no # Default: # UserParameter= ### Option: UserParameterDir # Directory to execute UserParameter commands from. Only one entry is allowed. # When executing UserParameter commands the agent will change the working directory to the one # specified in the UserParameterDir option. # This way UserParameter commands can be specified using the relative ./ prefix. # # Mandatory: no # Default: # UserParameterDir= ####### LOADABLE MODULES ####### ### Option: LoadModulePath # Full path to location of agent modules. # Default depends on compilation options. # To see the default path run command "zabbix_agentd --help". # # Mandatory: no # Default: # LoadModulePath=${libdir}/modules ### Option: LoadModule # Module to load at agent startup. Modules are used to extend functionality of the agent. # Formats: # LoadModule= # LoadModule= # LoadModule= # Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. # If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. # It is allowed to include multiple LoadModule parameters. # # Mandatory: no # Default: # LoadModule= ####### TLS-RELATED PARAMETERS ####### ### Option: TLSConnect # How the agent should connect to server or proxy. Used for active checks. # Only one value can be specified: # unencrypted - connect without encryption # psk - connect using TLS and a pre-shared key # cert - connect using TLS and a certificate # # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) # Default: # TLSConnect=unencrypted ### Option: TLSAccept # What incoming connections to accept. # Multiple values can be specified, separated by comma: # unencrypted - accept connections without encryption # psk - accept connections secured with TLS and a pre-shared key # cert - accept connections secured with TLS and a certificate # # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) # Default: # TLSAccept=unencrypted ### Option: TLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for # peer certificate verification. # # Mandatory: no # Default: # TLSCAFile= ### Option: TLSCRLFile # Full pathname of a file containing revoked certificates. # # Mandatory: no # Default: # TLSCRLFile= ### Option: TLSServerCertIssuer # Allowed server certificate issuer. # # Mandatory: no # Default: # TLSServerCertIssuer= ### Option: TLSServerCertSubject # Allowed server certificate subject. # # Mandatory: no # Default: # TLSServerCertSubject= ### Option: TLSCertFile # Full pathname of a file containing the agent certificate or certificate chain. # # Mandatory: no # Default: # TLSCertFile= ### Option: TLSKeyFile # Full pathname of a file containing the agent private key. # # Mandatory: no # Default: # TLSKeyFile= ### Option: TLSPSKIdentity # Unique, case sensitive string used to identify the pre-shared key. # # Mandatory: no # Default: # TLSPSKIdentity= ### Option: TLSPSKFile # Full pathname of a file containing the pre-shared key. # # Mandatory: no # Default: # TLSPSKFile= ####### For advanced users - TLS ciphersuite selection criteria ####### ### Option: TLSCipherCert13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. # Override the default ciphersuite selection criteria for certificate-based encryption. # # Mandatory: no # Default: # TLSCipherCert13= ### Option: TLSCipherCert # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. # Override the default ciphersuite selection criteria for certificate-based encryption. # Example for GnuTLS: # NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 # Example for OpenSSL: # EECDH+aRSA+AES128:RSA+aRSA+AES128 # # Mandatory: no # Default: # TLSCipherCert= ### Option: TLSCipherPSK13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. # Override the default ciphersuite selection criteria for PSK-based encryption. # Example: # TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 # # Mandatory: no # Default: # TLSCipherPSK13= ### Option: TLSCipherPSK # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. # Override the default ciphersuite selection criteria for PSK-based encryption. # Example for GnuTLS: # NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL # Example for OpenSSL: # kECDHEPSK+AES128:kPSK+AES128 # # Mandatory: no # Default: # TLSCipherPSK= ### Option: TLSCipherAll13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. # Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. # Example: # TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 # # Mandatory: no # Default: # TLSCipherAll13= ### Option: TLSCipherAll # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. # Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. # Example for GnuTLS: # NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 # Example for OpenSSL: # EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 # # Mandatory: no # Default: # TLSCipherAll= {{tag>RHEL Zabbix 実践的}}