How to monitor Instances with Zabbix on Ubuntu Bionic

Zabbix Overview

Zabbix is an open-source software offering real-time monitoring of servers, virtual machines, network devices, and web applications. Zabbix provides monitoring metrics, among others network utilization, CPU load and disk space consumption.

Metrics are collected and stored in a database, allowing to determine the health status of an IT infrastructure, help to analyze data over time which can be used to plan upgrades in the infrastructure when requirements grow.

This tutorial uses two Ubuntu Bionic (18.04) compute instances. One acting as a server hosting the Zabbix and other acting as a client being monitored

Requirements:

Installing the Zabbix Server

Important: Make sure that a LEMP-Stack is installed on the instance before continuing.

1 . The version of Zabbix available within the repositories of Ubuntu is outdated. Start by downloading the repository configuration package from the Zabbix website to use the latest version:

wget https://repo.zabbix.com/zabbix/4.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_4.4-1+bionic_all.deb

2 . Install the repository configuration with the help of dpkg:

dpkg -i zabbix-release_4.4-1+bionic_all.deb

3 . Update the apt packet cache to use the newly installed repository:

apt update

4 . Install the Zabbix server, the web frontend and zabbix-agent which collects information about the instance itself:

apt install -y zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-agent

Setting up the MariaDB database

Data of the Zabbix server is stored in a rational database and the application comes with support for MariaDB (MySQL) and PostgreSQL. It is also possible to store data in nosql databases, like Elasticsearch.

This tutorial uses a MariaDB database with Zabbix.

1 . Log into MariaDB with the user root and the password set during the installation:

mysql -uroot -p

2 . Create the Zabbix database and set the charset to UTF-8:

create database zabbix character set utf8 collate utf8_bin;

3 . Create a user for the Zabbix server, grant access to the database created previously and set a password for the user (secure_zabbix_mariadb_password):

grant all privileges on zabbix.* to zabbix@localhost identified by 'secure_zabbix_mariadb_password';

4 . Flush the privileges to apply the new configuration:

flush privileges;

5 . Exit the MariaDB console:

quit;

6 . Setup the database schema and import the data into the database created previously with zcat as the file is compressed. When prompted, enter the password of the MariaDB user created previously. No output is returned when the data is imported successfully:

zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql -uzabbix -p zabbix

7 . Set the password in the Zabbix configuration file by opening it in a text editor (i.e. nano):

nano /etc/zabbix/zabbix_server.conf

Scroll down to this section:

### Option: DBPassword
#       Database password.
#       Comment this line if no password is used.
#
# Mandatory: no
# Default:
# DBPassword=

Uncomment the line # DBPassword by removing the leading hash and set the password for the Zabbix MariaDB user. Then safe the file and quit the text editor.

Configuring Nginx

1 . Create a Nginx configuration file for the Zabbix web interface and open it in a text editor. Make sure to replace zabbix.example.com with the hostname of your instance:

nano /etc/nginx/sites-available/zabbix.example.com

2 . Copy the following content into the configuration file:

server {
    listen       80;
    server_name  zabbix.example.com;
    root /usr/share/zabbix;

    location / {
    index index.php index.html index.htm;
    }

    location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.2-fpm.sock; # Important: Make sure that the path corresponds to the PHP version installed on the instance
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include fastcgi_params;
    fastcgi_param PHP_VALUE "
    max_execution_time = 300
    memory_limit = 128M
    post_max_size = 16M
    upload_max_filesize = 2M
    max_input_time = 300
    date.timezone = Europe/Paris
    always_populate_raw_post_data = -1
    ";
    fastcgi_buffers 8 256k;
    fastcgi_buffer_size 128k;
    fastcgi_intercept_errors on;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
        }
}

Important: For security reasons, it is recommended to use an encrypted connection to the Zabbix web interface. A free certificate can be obtained from Let’s Encrypt

3 . Create a symlink to activate the new server block

ln -s /etc/nginx/sites-available/zabbix.example.com /etc/nginx/sites-enabled/

4 . Check the spelling syntax of the Nginx configuration:

nginx -t

5 . If no errors were detected, restart Nginx to activate the new configuration:

systemctl restart nginx.service

6 . Start the Zabbix service and enable it to be started automatically during the system startup:

systemctl start zabbix-server && systemctl enable zabbix-server

7 . Verify the status of the Zabbix server:

systemctl status zabbix-server

Configuring the Zabbix Web Interface

1 . Type the domain name of your Zabbix instance in a web browser and open the page. The Installation wizard displays. Click on Next step to launch it:

2 . A check of pre-requirements displays, all off the values must have the status OK. Click on Next step to continue:

3 . Enter the MariaDB (MySQL) database information. They are already configured for the Zabbix server, but the web interface requires them too. Click on Next step once the information is filled in the form:

4 . The default values on this screen are fine. Click on Next step to continue.

5 . An pre-installation summary displays. Check that all given information are correct and click on Next step to continue.

6 . Click on Finish to complete the installation of the Zabbix web interface:

Configuring Zabbix Agent

Important: The following steps must be done on the second instance which shall be monitored by Zabbix.

1 . Log into the second instance via SSH.

2 . As on the server, the Zabbix repository needs to be added to apt, to be able to use the latest release of the tool. Download and install the repository configuration:

wget https://repo.zabbix.com/zabbix/4.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_4.4-1+bionic_all.deb
dpkg -i zabbix-release_4.4-1+bionic_all.deb

3 . Update the apt packet index:

apt update

4 . Install zabbix-agent:

apt install zabbix-agent

5 . Generate a pre-shared key (PSK) to secure the connection between the server and agent.

sh -c "openssl rand -hex 32 > /etc/zaabix/zabbix_agentd.psk" && cat /etc/zabbix/zabbix_agentd.psk

Important: Zabbix also supports TLS certificates for authentication. In this tutorial PSKs are used as a basic authentication method.

An output as the following displays. Take a note of it, as it is required again later:

 01134cd49a5a27cc07d8469ebe9610841ce4062337d7cbaa337a4290682b6acc

6 . Open the Zabbix Agent configuration file in a text editor (i.e. nano):

 nano /etc/zabbix/zabbix_agentd.conf

7 . Scroll down until the following block displays on screen:

### Option: Server
#       List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and $
#       Incoming connections will be accepted only from the hosts listed here.
#       If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
#       and '::/0' will allow any IPv4 or IPv6 address.
#       '0.0.0.0/0' can be used to allow any IPv4 address.
#       Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: yes, if StartAgents is not explicitly set to 0
# Default:
# Server=

Server=127.0.0.1

Replace 127.0.0.1 with the IP of the Zabbix server instance.

8 . Scroll down further in the configuration file until the TLSConnect block displays on screen.

### Option: TLSConnect
#       How the agent should connect to server or proxy. Used for active checks.
#       Only one value can be specified:
#               unencrypted - connect without encryption
#               psk         - connect using TLS and a pre-shared key
#               cert        - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted

Uncomment the Line # TLSConnect=unencrypted and modify it as follows: TLSConnect=psk.

9 . Next scroll down to the TLSAccept block which manages incoming connections:

### Option: TLSAccept
#       What incoming connections to accept.
#       Multiple values can be specified, separated by comma:
#               unencrypted - accept connections without encryption
#               psk         - accept connections secured with TLS and a pre-shared key
#               cert        - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted

Uncomment the line # TLSAccept=unencrypted and modify it as follows: TLSAccept=psk.

10 . Now scroll down to the TLSPSKIdentity block in the configuration file:

### Option: TLSPSKIdentity
#       Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=

Uncomment the last line of the block and set a unique name to identify the PSK used: TLSPSKIdentity=ZabbixPSK-01. This value is used as PSK ID when adding the host through the Zabbix web interface.

11 . Scroll down to the TLSPSKFile block in the configuration file to provide the file path to the key generated in a previous step:

### Option: TLSPSKFile
#       Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=

Uncomment the last line of block and set the path to the PSK file: TLSPSKFile=/etc/zabbix/zabbix_agentd.psk. Then save the file and exit the editor.

12 . Restart the zabbix-agent service and enable it to start automatically during the system boot:

systemctl restart zabbix-agent
systemctl enable zabbix-agent

13 . In case ufw is installed and active on the instance, allow traffic on port 10050:

ufw allow 10050/tcp

Adding a Host to Zabbix

1 . Open a web browser and navigate to your Zabbix server instance (i.e. http://zabbix.example.com/). The Login screen displays, enter the Username Admin and the Password zabbix, then click on Sign in:

2 . Once logged in click on Configuration, then Hosts. On the hosts page, click on Create Host to add the second instance:

3 . Enter the Host name of the second instance and its IP address. Optionally one or several groups can be chosen to bundle instances in groups.

4 . Click on the Templates tab to choose a configuration template for the instance. Select Template OS Linux and click on Add.

5 . Click on the Encryption tab and set PSK for both Connections to host and Connections from host. Set PSK identity to the value of the TLSPSKIdentity confiured in the Zabbix Agent configuration (i.e. ZabbixPSK-01) and set the PSK value to the key generated during the configuration of the Agent. Once set, click on Add at the bottom of the page to add the instance to Zabbix.

7 . Once added, wait for about one minute before reloading the server list. The new instance appears and the labels ZBX and PSK indicate that the Zabbix agent is running on the instance and that the connection is encrypted with a pre-shared key.

Adding Users

1 . Click on Administration in the navigation bar on the top of the page, then on Users

2 . Click on Create user to create a new user account.

3 . Fill in the details of the new user. Required information are:

  • Alias - The login of the user
  • Name - The first name of the user
  • Surname - The family name of the user
  • Groups - The groups to which the user belongs. Choose Zabbix Administrators to create a new admin user
  • Password and Password confirmation The other values are already pre-set in working condition.

Once all information are entered, click on Add to create the user.

Configuring Email Notifications

Zabbix proposes a wide range of notification plugins including e-mails, jabber, SMS and many more to get alerted in case of an issue.

1 . To configure e-mail notifications, click on Administration, then on Media types in the navigation bar on the top of the page. A list of all pre-configured notification options displays:

2 . Click on Email to edit the settings:

Enter the SMTP credentials of your email provider, choose between HTML or plaintext mails and update the configuration by clicking on Update.

Important: To send email from instance, make sure to unblock the SMTP ports in the instances security group.

3 . Click on Administration in the navigation bar on the top of the page, then on Users

4 . Click on the Alias of the user to modify.

5 . Click on the Media tab, then on Add to configure a new notification:

6 . Enter the destination email address and notification time-ranges, then click on Add:

7 . Click on Update to make the modifications effective. An email notification is being sent on each event.

Displaying Status Graphs

Zabbix collects status information of the instances and generates status graphs from them.

1 . Click on Monitoring, then on Graphs in the navigation bar on top of the page.

2 . Select the instance and the services to display, then choose the desired time-frame for the graph:

This setup allows basic monitoring of instances. For more information on how to monitor devices and services with Zabbix, refer to the official documentation.

Discover a New Cloud Experience

Deploy SSD Cloud Servers in seconds.