systemd Service Monitoring template for Zabbix
- Discovery of systemd Services
- Provides option of blacklisting or whitelisting services
- Provides alerting when a service stops or restarts
- RHEL/CentOS/Oracle EL
- Ubuntu 16.04/18.04
- Zabbix 4.0
- Import template Template_App_systemd_Services.xml file
- Link template to host
- Place the following files inside /etc/zabbix/:
- service_discovery_blacklist or service_discovery_whitelist
- Place the following file inside /usr/local/bin/:
- Set executable permissions on both scripts
- If running SELinux run restorecon on the two scripts in /usr/local/bin e.g. restorecon -v /usr/local/bin/zbx*.sh
- Copy userparameter_systemd_services.conf to /etc/zabbix/zabbix_agentd.d/userparameter_systemd_services.conf
- Restart zabbix_agent
- For system running SELinux you will need to create a custom policy module
- Please follow the directions above to install the template on the server and copy the files to the agent and then allow the agent to attempt discovery. (This can be sped up by changing the discovery update interval to 5m from 24H)
- Once this has completed run the following commands to create a custom SELinux Policy Module
- grep zabbix_agent_t /var/log/audit/audit.log | grep denied | audit2allow -M zabbix_agent
- semodule -i zabbix_agent.pp
- If you add additional services you will need to repeat this process. Sorry
The filter files can take extended regular expressions, one per line.
If neither service_discovery_whitelist nor service_discovery_blacklist exist on the system, the default behavior is to monitor all services. In other words it is the equivalent of a blank blacklist and a non-existent whitelist.
If both files exist, both will be used, with the whitelist filter being applied first. Their behavior is explained as follows.
This assumes you have disabled all unnecessary services prior to enabling the template. Any service that is enabled and not running will result in an alert.
If you cannot, use the service_discovery_blacklist to add services that you don’t want to monitor.
Additionally, this excludes getty and autovt which are not reported by systemctl with the tty and will result in an error.
I have added the whitelist option as a way allow users to select the services they wish to monitor.
To do so modify the service_discovery_whitelist which is already populated with sshd|zabbix-agent.
To test that everything works use
zabbix_agentd -t to query the statistics :
# Discover systemd services zabbix_agentd -t "systemd.service.discovery" zabbix_agentd -t "systemd.service.status[sshd]" zabbix_agentd -t "systemd.service.restart[sshd]"