Automated Zabbix Deployment and Configuration for Windows Enterprises

Deploying Zabbix in the Windows Enterprise consists of three automated tasks:

1. Deploying the Zabbix Windows Agent and configuration file through Active Directory Group Policy Objects (GPOs)
2. Configuring Windows for the Zabbix Agent through GPOs to collect data and
3. Configuring Zabbix Discovery of Windows Servers and Services

All of these tasks may be automated for enterprise deployments using Active Directory and the Zabbix Server.  This document shall describe these tasks in detail.

Deploying the Windows Zabbix Agent through Active Directory GPOs

The Zabbix Windows Agent is deployed from a Microsoft Software Installer (.msi) package available and documented here.  The package provides everything required to install a default Zabbix agent.  For the purposes of this article, all configurations will be applied to the Default Domain Policy Organizational Unit (OU).  The OU(s) utilized in a production environment will vary depending upon the structure of the actual Active Directory domain.

Save the .msi file to a shared directory.  The, open the Group Policy Management Console and edit the policy for the selected OU.  The package is then selected for deployment by its shared path (<Server>\,<Share>) under the Computer Configuration > Policies > Si=oftware Settings > Software Installation policy.  Upon rebooting, each server to which the GPO is applied will then install the agent.

Deploying the Zabbix Windows Agent Configuration File through Active Directory GPOs

The default configuration file -- c:\program files\zabbix agent\zabbix_agentd.conf -- deployed above is not customized for a production environment. A configuration file defining the live deployment must be deployed to each node before the agent may communicate with the server.

At a minimum, the following items should be configured in the customized agent .conf file:

1. LogFile=<Path and Name of Zabbix Agent Log File>
2. Server=<IP Address of Zabbix Server>
3. ServerActive=<IP Address of Zabbix Server>
4. EnableRemoteCommands=1
5. LogRemoteCommands=1
6. HostnameItem=system.hostname

These settings configure the agent to log to a defined location, communicate with a specified Zabbix server, recive and log remte commands and, finally, report the system NetBIOS name as the host name.

Windows Service Discovery using the Zabbix Agent

Describing the variety of agent configuration options available is beyond the scope of this article.  However, one other option is used:

1. UserParameter=services.NTDS,net start NTDS

This option defines a Zabbix Agent parameter "services.NTDS" that issues the shell command "net start NTDS."  The shell command attempts to start the Active Directory Domain Service.  If the host server is not a Domain Controller, it replies with an error; if it is a Domain Controller, it will reply that the service is already started.


The services.NTDS Zabbix Agent parameter thus defined provides Windows Service Discovery, a feature lacking in Zabbix at the time of writing.  There are other methods of Windows Service Discovery, however this one is chosen for simplicity and ease of configuration and deployment through GPOs.


Once the configuration file is prepared, it is placed in a shared folder.  It is deployed by editing the GPO's Computer Configuration > Preferences > Windows Settings > Files option.  Specify the network path (<server>\<share>) to the file and configure it to Replace within the c:\program files\zabbix agent folder.

Configuring Windows Firewall for Zabbix Agent-Server communications through Active Directory GPOs

Edit the GPO's Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound Rules to install a Firewall Rule.  The rule must allow TCP port 10050 Inbound.  It may be more restrictive, but that is the minimum required.

Configuring a Registry Key to Collect Windows Database Advanced Counters

While not necessary for a basic deployment, there are circumstances in which collecting advanced ESENT (database) counters are helpful.  An example will be reviewed in an article on monitoring Exchange Mailbox Servers.

Configuring Advanced Counters support requires a registry edit.  On the Domain Controller, open the Registry Editor (Run regedit.exe) and navigate to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESENT\Performance.  Add a DWORD Value named "Show Advanced Counters" and set its value to "1."

Then, edit the GPO's Computer Configuration > Preferences > Windows Settings > Registry and select the local Show Advanced Counters Value configured above.

Finally, set the Action to Replace.

Configuring Zabbix Autodiscovery of the Windows Operating System and Defined Services

Although the Windows Servers are now configured to communicate with the Zabbix Server, the server itself does not have any recognized nodes.  Manual configuration is impractical in an Enterprise, so Zabbix provides Autodiscovery.  The video at the bottom of the page illustrates a general configuration case.  The following sections illustrate how to configure Zabbix for Operating System and Service Autodiscovery of Windows Servers.

Configuring Zabbix Autodiscovery of the Windows Operating System

The first step is to define a Discovery Rule.  From the Zabbix Web Interface, select the Configuration tab and Discovery item.  Then, create a Discovery Rule "Windows Server," specify an IP address range and define the Check Zabbix agent "system.uname" to return a verbose operating system description from discovered agents.

 

Next, select the Actions item and define an Action.  Under the Conditions tab, choose the previous Discovery Rule name and define the Received Value "Like" and "Windows."  This will look for the word "Windows" in the returned verbose operating system description and True if "Windows" appears in it.  Also define the Discovery Status as "Up" and the Service Type "Zabbix Agent."

Finally, define Operations for the Action.  Define the actions "Add Host,"  "Add to Host Group," and "Link to Template," to add the discovered node to a predefined host group and template.  You may also wish to add the operation Remove from host group "Discovered Hosts."

Templates for Windows Server are included with the default Zabbix installation.  You may also customize or import templates.

 

Configuring Zabbix Autodiscovery of the Windows Domain Controller Service

The item "UserParameter=services.NTDS,net start NTDS" deployed in the Zabbix Agent configuration file now comes into play.  Service Autodiscovery is no more complicated than the built-in OS Autodiscovery described above.

Once again, the first step is to define a Discovery Rule.  From the Zabbix Web Interface, select the Configuration tab and Discovery item.  Then, create a Discovery Rule "Windows Domain Controller," specify an IP address range and define the Check Zabbix agent "system.NTDS" to return a verbose Service response.

Next, select the Actions item and define an Action.  Under the Conditions tab, choose the previous Discovery Rule name and define the Received Value "Like" and "already been started."  This will look for the phrase "already been started" in the returned verbose service response and True if "already been started" appears in it.  Also define the Discovery Status as "Up" and the Service Type "Zabbix Agent."

 

Finally, define Operations for the Action.  Define the actions "Add Host,"  "Add to Host Group," and "Link to Template," to add the discovered node to a predefined host group and template.  You may also wish to add the operation Remove from host group "Discovered Hosts."

At this point, the Windows Servers and Zabbix Server are configured to automatically deploy all required software and settings and perform Autodiscovery.  Simply enable the Autodiscovery and Actions items and all discovered servers will be added as hosts with host groups and templates applied.

This demonstration includes five Windows 2008 R2 Servers, one of which is a Domain Controller.  As shown below, Zabbix discovers these hosts and adds them to the proper groups.  However, it does NOT recognizes neither the NetBIOS not DNS names and adds the servers by IP address.  This is an ongoing problem and requires manual updates for each host.