How to Install and Configure Zabbix

One of the issues I have with Observium is how limited the Device Discovery is.  Not all SNMP devices are recognized, and there is no way to customize the system with new Device MIB Files.  Zabbix was recommended to me by a couple of former coworkers, so I decided to give it a shot.

First I built a standard CentOS 7 VM and ran

yum update

 

Next I installed the Zabbix Repository RPM

[root@zabbix ~]# rpm -ivh http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm
Retrieving http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm
warning: /var/tmp/rpm-tmp.434W6N: Header V4 DSA/SHA1 Signature, key ID 79ea5ed4: NOKEY
Preparing… ################################# [100%]
Updating / installing…
1:zabbix-release-3.0-1.el7 ################################# [100%]

The next step is to install the Zabbix Server and Web Frontend with MySQL.

yum install zabbix-server-mysql zabbix-web-mysql

Next we install the zabbix agent in order to allow the server to monitor itself

yum install zabbix-agent

Next we need to install MySQL

yum install mariadb-server

Next we enable and start the service

systemctl enable mariadb

systemctl start mariadb

Now we set the root password for the database by running

mysql_secure_installation

You will see a handful of questions, and you should evaluate them individually.  My responses are not the most secure but for a demo they are fine to use.

[root@zabbix ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we’ll need the current
password for the root user. If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
… Success!

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
… skipping.

By default, MariaDB comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
… Success!

Cleaning up…

All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

We login to the database as the root user and create the Zabbix Database

mysql -uroot -p

From the mysql prompt enter the following to create the database

create database zabbix character set utf8;

Then we grant the zabbix server rights to the database.  You can change “Changeme123” to whatever password you wish.

grant all privileges on zabbix.* to zabbix@localhost identified by ‘Changeme123‘;

Finally apply the new permissions and exit the database prompt

flush privileges;

quit;

Next we need to import the schema and data into the Database.  It will prompt you for a password, of which the zabbix password set above can be used.

zcat /usr/share/doc/zabbix-server-mysql-3.0.9/create.sql.gz | mysql -u zabbix -p zabbix

Open the following configuration file and go to line 115

vim /etc/zabbix/zabbix_server.conf

Your output should look like below after you have made the recquired changes

### Option: DBPassword
# Database password. Ignored for SQLite.
# Comment this line if no password is used.
#
# Mandatory: no
# Default:
DBPassword=Changeme123

Next we update the system for the special PHP server Settings that Zabbix needs and open the following file.

vim /etc/httpd/conf.d/zabbix.conf

Go to line 19 and change the PHP value to be your timezone.  You can determine your closet timezone here.

My file looks like below

#
# Zabbix monitoring system php web frontend
#

Alias /zabbix /usr/share/zabbix

<Directory “/usr/share/zabbix”>
Options FollowSymLinks
AllowOverride None
Require all granted

<IfModule mod_php5.c>
php_value max_execution_time 300
php_value memory_limit 128M
php_value post_max_size 16M
php_value upload_max_filesize 2M
php_value max_input_time 300
php_value always_populate_raw_post_data -1
php_value date.timezone America/New_York
</IfModule>
</Directory>

<Directory “/usr/share/zabbix/conf”>
Require all denied
</Directory>

<Directory “/usr/share/zabbix/app”>
Require all denied
</Directory>

<Directory “/usr/share/zabbix/include”>
Require all denied
</Directory>

<Directory “/usr/share/zabbix/local”>
Require all denied
</Directory>

Next we go to the host specific httpd configuration file.

 vim /etc/httpd/conf/httpd.conf

Go to line 95 and change it from

#ServerName http://www.example.com:80

to

ServerName <YOURIPADDRESS>:80

Next we restart httpd

systemctl restart httpd

Before we start the Zabbix Server you need to give the Zabbix User rights to certain folders.

chown -R zabbix:zabbix /var/log/zabbix
chown -R zabbix:zabbix /var/run/zabbix
chmod -R 775 /var/log/zabbix/
chmod -R 775 /var/run/zabbix/

Next we execute the following and let th zabbix_agentd what configuration file to use

/usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf

Next we disable SELINUX

setenforce 0

Now we need to allow HTTP traffic for FirewallD

firewall-cmd –zone=public –add-service=http –permanent

firewall-cmd –reload

Now we start the Zabbix Server

systemctl start zabbix-server

Finally check the zabbix-server status

systemctl status zabbix-server

The output should be similar to below

[root@zabbix ~]# systemctl status zabbix-server
● zabbix-server.service – Zabbix Server
Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2017-06-04 13:09:21 EDT; 39s ago
Process: 7480 ExecStart=/usr/sbin/zabbix_server -c $CONFFILE (code=exited, status=0/SUCCESS)
Main PID: 7482 (zabbix_server)
CGroup: /system.slice/zabbix-server.service
├─7482 /usr/sbin/zabbix_server -c /etc/zabbix/zabbix_server.conf
├─7487 /usr/sbin/zabbix_server: configuration syncer [waiting 60 sec for processes]
├─7488 /usr/sbin/zabbix_server: db watchdog [synced alerts config in 0.000800 sec, idle 60 sec]
├─7489 /usr/sbin/zabbix_server: poller #1 [got 0 values in 0.000005 sec, idle 5 sec]
├─7491 /usr/sbin/zabbix_server: poller #2 [got 0 values in 0.000005 sec, idle 5 sec]
├─7492 /usr/sbin/zabbix_server: poller #3 [got 0 values in 0.000005 sec, idle 5 sec]
├─7493 /usr/sbin/zabbix_server: poller #4 [got 0 values in 0.000006 sec, idle 5 sec]
├─7494 /usr/sbin/zabbix_server: poller #5 [got 0 values in 0.000007 sec, idle 5 sec]
├─7495 /usr/sbin/zabbix_server: unreachable poller #1 [got 0 values in 0.000003 sec, idle 5 sec]
├─7496 /usr/sbin/zabbix_server: trapper #1 [processed data in 0.000000 sec, waiting for connection]
├─7497 /usr/sbin/zabbix_server: trapper #2 [processed data in 0.000000 sec, waiting for connection]
├─7498 /usr/sbin/zabbix_server: trapper #3 [processed data in 0.000738 sec, waiting for connection]
├─7499 /usr/sbin/zabbix_server: trapper #4 [processed data in 0.000000 sec, waiting for connection]
├─7500 /usr/sbin/zabbix_server: trapper #5 [processed data in 0.000000 sec, waiting for connection]
├─7501 /usr/sbin/zabbix_server: icmp pinger #1 [got 0 values in 0.000005 sec, idle 5 sec]
├─7502 /usr/sbin/zabbix_server: alerter [sent alerts: 0 success, 0 fail in 0.000391 sec, idle 30 sec]
├─7503 /usr/sbin/zabbix_server: housekeeper [startup idle for 30 minutes]
├─7504 /usr/sbin/zabbix_server: timer #1 [processed 0 triggers, 0 events in 0.000023 sec, 0 maintenances in 0.001165 sec, idle 30 sec…
├─7505 /usr/sbin/zabbix_server: http poller #1 [got 0 values in 0.000546 sec, idle 5 sec]
├─7506 /usr/sbin/zabbix_server: discoverer #1 [processed 0 rules in 0.000352 sec, idle 60 sec]
├─7507 /usr/sbin/zabbix_server: history syncer #1 [synced 0 items in 0.000001 sec, idle 1 sec]
├─7508 /usr/sbin/zabbix_server: history syncer #2 [synced 0 items in 0.000001 sec, idle 1 sec]
├─7509 /usr/sbin/zabbix_server: history syncer #3 [synced 0 items in 0.000001 sec, idle 1 sec]
├─7510 /usr/sbin/zabbix_server: history syncer #4 [synced 0 items in 0.000001 sec, idle 1 sec]
├─7511 /usr/sbin/zabbix_server: escalator #1 [processed 0 escalations in 0.000411 sec, idle 3 sec]
├─7512 /usr/sbin/zabbix_server: proxy poller #1 [exchanged data with 0 proxies in 0.000002 sec, idle 5 sec]
└─7513 /usr/sbin/zabbix_server: self-monitoring [processed data in 0.000009 sec, idle 1 sec]

Jun 04 13:09:21 zabbix systemd[1]: Starting Zabbix Server…
Jun 04 13:09:21 zabbix systemd[1]: Started Zabbix Server.

Finally lets enable Zabbix to start at boot time.

systemctl enable zabbix-server

Navigate to http://<YOURIP&gt;, and we need to do some configuration

Capture

Click Next and verify that all the checks come back with a status of OK

Capture

Click Next and enter in the zabbix database password

Capture

Click Next and leave the server settings at defaults

Capture.PNG

Verify your settings and click Next

Capture.PNGClick Finish if no errors are returned

Capture

You will be brought to the zabbix login screen, where the user is admin and the password is zabbix.

Capture

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s