Administration Scripts

Video Lecture

Administration Scripts Administration Scripts Administration Scripts

Description

In this lecture, I demonstrate how to use administration scripts from the Zabbix Server, Zabbix Proxy and Zabbix Agents.

Configuration depends on

  • from which process, on which server, the script will actually be executed.
  • whether remote commands are enabled for the process executing the script,
  • whether the Zabbix user will require sudo privileges for any part of the script command.
  • whether or not the agent has any working passive checks.

In this video, I demonstrate how to setup and problem solve the pre existing administration scripts ping, and detect operating system.

When calling the ping administration script for a host behind a Zabbix Proxy, the Zabbix Proxy configuration will also need to be updated to allow remote commands. This is because the ping will be executed from the Zabbix proxy server. You should also restart the Zabbix proxy after any configuration change.

For the administration script used to detect the operating system, the nmap executable will be used from either the Zabbix Server or Zabbix Proxy, and it will need to be installed on the server or proxy first, and you will also need to allow the Zabbix user sudo privileges to execute it.

1
sudo visudo

Add the line, zabbix ALL=(ALL) NOPASSWD: /usr/bin/nmap

Press Ctrl-X and Y to save.

I will also demonstrate creating a script that runs from the Zabbix agents themselves. This will use the free command to list available memory.

Troubleshooting

For Zabbix Proxy 5.01 and earlier, if you want it to be able to pass remote commands from the Zabbix server onto the hosts that it is monitoring, then you only need to set EnableRemoteCommands=1. And you have restarted your agent/proxy after making the change.

For Zabbix Proxy 5.02 and later, you should set the AllowKey and/or DenyKey options and then restart the proxy.

On Zabbix Proxy 5.01, when doing a config_cache_reload, you may see the warning Warning: EnableRemoteCommands parameter is deprecated, use AllowKey=system.run[] or DenyKey=system.run[] instead

You can ignore the warning.

For Zabbix Proxy 5.01 and earlier, if you want it to be able to pass remote commands from the Zabbix server onto the hosts that it is monitoring, then you only need to set EnableRemoteCommands=1

If you were to add AllowKey or DenyKey to the proxy config for Zabbix 5.01, you would now get the errors unknown parameter "AllowKey" in config file "/etc/zabbix/zabbix_proxy.conf" and/or unknown parameter "DenyKey" in config file "/etc/zabbix/zabbix_proxy.conf" depending on what you added.

It is only important use AllowKey or DenyKey if you are using Zabbix Proxy 5.02 or later.

Also,

If you see get the error,

1
2
Unsupported item key.
Cannot execute script

It could be many things. It may also be because your agent is connected to the server with only Active checks. The server is unable to find your agent by ip address or domain name, possibly due to it being on a different network with no firewall rule setup to forward the request from the server. If your agent is behind a firewall, and is using a Zabbix Proxy, then you won't need to configure the firewall as long as your Proxy is also running in Active mode (default).