Issues with Zabbix Templates in Windows Enterprises
Many Zabbix queries are language-independent. However, the names of Windows Performance counters are language-specific and since the Zabbix Server passes the query through the Windows Zabbix Agent and then to the operating system, English language queries will fail.There are two options:
- Maintain Zabbix Templates for each supported locale (language) or
- Modify the Windows Enterprise to support a single locale in the Performance Monitor language
Zabbix expects responses in a UTF-8 format. This supports a wide range of languages, but presents some difficulties at the application layer. IBM provides a brief description of UTF-8 transformations. From the author's perspective and experience with mixed Linux and Windows environments, modifying the underlying Windows Performance Monitoring locale is preferred as it may be more easily automated.
There are several areas in the Zabbix documentation that suggest overwriting the English language scripted queries with the corresponding numeric values obtained by examining the Registry. THIS WILL ONLY WORK FOR BASIC PERFORMANCE MONITORING COUNTERS. It will NOT work for enterprise queries. After OS installation, additional Performance Monitoring values are machine-specific and WILL ASSUREDLY vary throughout the enterprise. This is not an option.
Windows, too, supports many locales and character sets. Although there is a paucity of documentation of the underlying operating system and locales implementation, there is enough to develop an automated solution.
Windows Performance Monitoring Locales
The methods by which Windows implements locale support are poorly documented. The Zabbix Forums, in a thread begun in 2007 and last updated in 2010, provides insight into locale support of Performance Monitoring. The thread suggests several options:- Use PDH APIs to address the registry and select the supported language.
- Modify the Registry (manual or automated) to change the Performance Monitor Language.
- Copy the c:\windows\system32\perf*###.dat files to overwrite the current locale language. This is not perfect and may require additional Zabbix Agent and VBS-scripted modifications.
Windows, with its long record of security problems, has been changed since the release of Windows 7 and Windows Server 2008 R2. Prior to that, applications vulnerable to privilege elevations could overwrite the Registry. There is no available description or discussion of the process, but rather than fixing the root cause -- application privilege escalation vulnerabilities -- Microsoft instead implemented a solution to treat the symptoms -- ability to overwrite the Registry. This "fix" was implemented with Windows Resource Protection. This prevents any user account -- including Administrator accounts and groups -- from modifying selected Registry Hives and Keys. Microsoft provides a brief description of Registry Key Protection and their answer to developers is, essentially, change your application or go away. Modifying the requisite Protected Registry Keys for Windows Performance Monitoring is not an option.
That leaves Option 3 -- modifying files in the c:\windows\system32 directory. It is an inelegant solution and may, in the future, be prevented by Microsoft as a security fix, but it is workable.
Modifying Language Support in Windows Server 2008 R2 and Above
Windows must have English language support installed. This may be checked in the Control Panel or by listing withdir c:\windows\system32\perf*.datEnglish language support is installed if it returns perf*009.dat listings. If not installed, add it through the Control Panel, but leave the locale unchanged.
Prepare a script to overwrite the existing language perf*###.dat files with the corresponding perf*009.dat files. In this case, * is c,d,h and i. For instance:
if exist c:\windows\system32\perfc007.dat (will overwrite German language .dat files with English ones. A complete script may incorporate any or all of the supported Windows languages and you may identify them as previously described. There are several options to deploy the scripts, including Group Policy Shutdown Scripts or manually running the script on each server.
copy c:\windows\system32\perfc009.dat c:\windows\system32\perfc007.dat
copy c:\windows\system32\perfd009.dat c:\windows\system32\perfd007.dat
copy c:\windows\system32\perfh009.dat c:\windows\system32\perfh007.dat
copy c:\windows\system32\perfi009.dat c:\windows\system32\perfi007.dat
)
Once the Performance Monitor .dat files are changed to English, Windows will, as it load the Registry, write the values into the CurrentLanguage hive under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib. The Performance Monitoring application (and its OS interface) obtain values from this Registry Hive and not from the .dat files. You may check the CurrentLanguage Hive to make sure the language has been changed to English.
The Zabbix Forums thread referenced above includes a comment that some (unspecified) counters do not work. During testing, this is indeed the case. The latest Processor counters address the Performance Monitor as "Processor Information" and this failed in all cases on non-English servers. The older "Processor" format worked for most cases, and will be updated in the Templates. Also, querying specific Instances may also fail if the process name is different. This was encountered in the Exchange Counters for a limited numer of counters. The fix appears to be changing the Item to reflect the language-specific process name; this will not be updated in the Templates and any such fix is left to the systems administrator deploying them. Overall, only 1% to 2% of Items fail.
The video below depicts an English language Zabbix Server successfully monitoring a French, German, Brazilian Portuguese and Russian Windows Server using OS, Domain Controller, DNS Server and IIS Templates.
The video below depicts an English language Zabbix Server successfully monitoring French and German Exchange Servers with the Mailbox, Hub Transport and Client Access Roles installed on each.
No comments :
Post a Comment