See www.zabbix.com for the official Zabbix site.

Discovery of TCP services

From Zabbix.org
Jump to: navigation, search
  • A script is installed that will return all the TCP ports that appear open the monitored host.

Prerequisites

The port scanning script uses nmap, install and verify that it works.

Install scripts

Put this file in your externalscripts directory: File:Tcp-service-discovery.sh

Install template

Import File:ZabbixTemplate - TCP service discovery.xml. This will create a template named "TCP service discovery". In this template there is one discovery rule:

  • Discover network services: this rule will scan a select range of ports

For every discovered service, it will create an item with its service name and a trigger that checks if it's alive. If the service is not reachable anymore, the trigger goes off.

Link your template to your host and test

Only a select range of ports is probed, modify the template if you want more ports scanned. By default the template scans these ports: 21,25,80,443.

Caveats

  • Only TCP services. UDP services cannot be automatically detected because from an outside host, you cannot tell if a program is listening or not.
  • The template will automatically fill in the name for the service. This is derived from what nmap outputs, which in turn gets it from /etc/services.
  • In the templates, set the discovered ports in one of the following formats. DO NOT PUT IN SPACES. What you type is supplied as the "-p" argument to nmap. Examples:
    • 80 (scan only port 80)
    • 80,443 (scan ports 80 and 443)
    • 3000-3020 (scan ports 3000 through 3020)
    • 80,443,300-400 (scan ports 80, 443 and 300 through 400)
  • If you have lots of ports, the script might time out. Be sure to set Timeout in zabbix_server.conf high enough.
  • If you do have lots of ports, you might want to split the ports up in more than one template, causing multiple discoverers to run, making the individual timeouts lower.