Administration Scripts

Video Lecture

Administration Scripts Administration Scripts Administration Scripts

Description

In this lecture, I demonstrate how to use administration scripts from the Zabbix Server, Zabbix Proxy and Zabbix Agents.

Configuration depends on

  • from which process, on which server, the script will actually be executed.
  • whether remote commands are enabled for the process executing the script,
  • whether the Zabbix user will require sudo privileges for any part of the script command.
  • whether or not the agent has any working passive checks.

In this video, I demonstrate how to setup and problem solve the pre existing administration scripts ping, and detect operating system.

When calling the ping administration script for a host behind a Zabbix Proxy, the Zabbix Proxy configuration will also need to be updated to allow remote commands. This is because the ping will be executed from the Zabbix proxy server. You should also restart the Zabbix proxy after any configuration change.

For the administration script used to detect the operating system, the nmap executable will be used from either the Zabbix Server or Zabbix Proxy, and it will need to be installed on the server or proxy first, and you will also need to allow the Zabbix user sudo privileges to execute it.

1
sudo visudo

Add the line, zabbix ALL=(ALL) NOPASSWD: /usr/bin/nmap

Press Ctrl-X and Y to save.

I will also demonstrate creating a script that runs from the Zabbix agents themselves. This will use the free command to list available memory.

Troubleshooting

For Zabbix Proxy 5.01 and earlier, if you want it to be able to pass remote commands from the Zabbix server onto the hosts that it is monitoring, then you only need to set EnableRemoteCommands=1. And you have restarted your agent/proxy after making the change.

For Zabbix Proxy 5.02 and later, you should set the AllowKey and/or DenyKey options and then restart the proxy.

On Zabbix Proxy 5.01, when doing a config_cache_reload, you may see the warning Warning: EnableRemoteCommands parameter is deprecated, use AllowKey=system.run[] or DenyKey=system.run[] instead

You can ignore the warning.

For Zabbix Proxy 5.01 and earlier, if you want it to be able to pass remote commands from the Zabbix server onto the hosts that it is monitoring, then you only need to set EnableRemoteCommands=1

If you were to add AllowKey or DenyKey to the proxy config for Zabbix 5.01, you would now get the errors unknown parameter "AllowKey" in config file "/etc/zabbix/zabbix_proxy.conf" and/or unknown parameter "DenyKey" in config file "/etc/zabbix/zabbix_proxy.conf" depending on what you added.

It is only important use AllowKey or DenyKey if you are using Zabbix Proxy 5.02 or later.

Also,

If you see get the error,

1
2
Unsupported item key.
Cannot execute script

It could be many things. It may also be because your agent is connected to the server with only Active checks. The server is unable to find your agent by ip address or domain name, possibly due to it being on a different network with no firewall rule setup to forward the request from the server. If your agent is behind a firewall, and is using a Zabbix Proxy, then you won't need to configure the firewall as long as your Proxy is also running in Active mode (default).

Stopping Starting Windows Services

You can create administration scripts to stop/start/restart windows services.

Restart Print Spool Example

The above image shows an example administration script to restart the windows print spool.

The command is

1
powershell -NoProfile -ExecutionPolicy bypass Restart-Service -Name 'Spooler'

If you would rather explicitly stop or start the print spool service, for example,

1
powershell -NoProfile -ExecutionPolicy bypass Stop-Service -Name 'Spooler'
1
powershell -NoProfile -ExecutionPolicy bypass Start-Service -Name 'Spooler'

You can get the status of a service, using the command

1
powershell -NoProfile -ExecutionPolicy bypass Get-Service -Name 'Spooler'

Note that these commands are executed on the host using the Zabbix agent. See the above image.

If you stop the Zabbix agent however, using the above method, then you won't be able to restart it again.

eg, this will fail.

1
powershell -NoProfile -ExecutionPolicy bypass Restart-Service -Name 'Zabbix Agent'

The agent will stop, but not start.

To cause the Zabbix agent to restart, you will need to create a separate service that runs independently from the zabbix agent, and has the required host privileges to stop and start the Zabbix Agent.

If you just create a script to execute, it is unlikely to finish executing, since the parent process which started it(Zabbix Agent) was prematurely stopped before it could continue and finish by starting the new Zabbix Agent process.

Note

If you want to try these commands locally on the host, you will need to start cmd or powershell with admin privileges.

Powershell is discussed later in the course in more detail at Powershell Windows Updates.