Performance monitoring and optimization for security and improvement

Introduction to Monitoring with Zabbix #1 – Overview

Beginning with this column, I’d like to introduce Zabbix, a consolidated monitoring system.

About Zabbix

Zabbix is a monitoring tool developed by Zabbix SIA of Latvia. It is used in many countries and in a variety of industries. In Japan, Zabbix Japan LLC and the Japanese Zabbix Community are also active. Use of this monitoring system has spread considerably in this country.

Zabbix has the following features:

  • It is developed and provided as open-source software.
  • It offers multiple monitoring methods.
    • External agentless monitoring, such as monitoring PING, SNMP, TCP and SSH
    • Internal agent monitoring supporting a variety of OSes
    • Collection of calculated and aggregated data
    • Monitoring of virtual machines
  • Automatic monitoring
    • Automatic addition and removal of monitoring items
    • Monitoring of virtual machines and containers
    • Automatic addition of monitoring with monitoring agent
  • Highly flexible configuration of problem detection definition
    • Gathering of matrix, automatic detection of problem status
    • Setting of severity levels
    • Trend prediction
  • Monitoring of multiple hosts with dashboard
    • Advanced graph display
  • Advanced actions during problem
    • Message escalation
    • Auto-recovery for problems
  • Distributed monitoring
    • Data monitoring of several thousand monitoring items
    • Firewall and beyond-DMZ monitoring
  • Secure monitoring
    • Encryption of monitoring data communication path
    • Separation of monitoring user privileges
    • User authentication using OpenLDAP and ActiveDirectory

Architecture of Zabbix

Zabbix is composed of the following components:

  • Zabbix server
    Provides Zabbix’s central monitoring functions.Executes monitoring. Stores monitoring configuration and monitoring data in databases.
  • Zabbix Web server
    Web interface for configuring and displaying Zabbix monitoring data
  • Zabbix proxy servers
    Servers are distributed in locations not transparent on the network. Carry out monitoring in place of the Zabbix server and exchange monitoring configuration and monitoring data with the Zabbix server.
  • Zabbix agent
    Agent that acts on the monitored target. Sends the target’s monitoring data to the Zabbix server.

The Zabbix server and the Zabbix Web server may be both deployed in the same place. However, because they just need to use the same DB, it doesn’t matter if a different Zabbix server is used. A Zabbix proxy server is used for monitoring through a firewall. It is also used to distribute the Zabbix server’s monitoring load. It is an optional component.

Programmer jobs in Japan banner

External monitoring and internal monitoring

Monitoring of computer activity consists of monitoring targets externally and monitoring targets internally.

External monitoring means monitoring services from the outside. It is similar to black-box testing where the monitored target is treated as a box whose content cannot be seen. The monitoring is close to the user’s line of sight. If monitoring a Web service, the monitoring items include whether the user can access the Web or login and whether or not Web pages are displayed as expected.

Internal monitoring, on the other hand, can be said to be white-box testing. The monitoring target is treated as a box whose content is visible. If monitoring a Web service, the monitoring items include whether necessary services are running, whether the network is running, whether the CPU, memory, storage, and network loads are high, and whether there was unauthorized access from the outside.

For external monitoring, Zabbix can monitor not only ICMP (ping monitoring) but also Web scenario-based login status. With internal monitoring carried out by a program called Zabbix Agent, which is launched inside the machine, the states of services and processes and the machine load can be also monitored. For network equipment where the Zabbix Agent cannot be run, it is possible to monitor the equipment using SNMP (Simple Network Management Protocol).

Internal monitoring and external monitoring are both equally important and essential for service continuity. Zabbix can perform both types of monitoring. It is an integrated monitoring tool capable of history and configuration management.

External monitoring

External monitoring is monitoring a monitoring item as a black box. In general, Zabbix monitors the following items:

  1. Service monitoring
    Monitors whether necessary services like HTTP, SMTP, and SSH are running.
  2. TCP/UDP monitoring
    Monitors whether the TCP/UDP service port for the specified IP address is open.
  3. ICMP (ping monitoring)
    Monitors whether the network to the specific IP address is functioning by using ICMP (Internet Control Message Protocol)./
  4. SNMP monitoring
    Monitors network equipment, power supply equipment, and server equipment using SNMP (Simple Network Management Protocol).

SNMP is not really external monitoring; it is monitoring by communicating with the internal SNMP module. However, it is often used to monitor network equipment (L2 switches, L3 switches, load balancers).It is thus often treated as external monitoring. Zabbix considers SNMP to be external monitoring because the Zabbix Agent is not used for monitoring.

External monitoring is most important for areas near the end user. It must be carried out from the network external to the service. It possible, consider separating the network provider and the cloud service provider.

If monitoring HTTP service, consider monitoring whether the user is connected with the assumed protocol, whether the TLS information is correct, and whether the acquired content is what was expected. If the HTTP service requires a login, consider also testing the login. Only the service provider can judge what is working normally and what is not working normally.

By placing the monitoring server on an external network, the user can use Zabbix to monitor services like HTTP, SMTP, and SSH. Zabbix also monitors network access with monitoring items like the TCP service port, ICMP, and SNMP. It is also possible to confirm login and obtain content in accordance with user scenarios.

Besides just the portion close to the end user, it is also necessary to monitor the network within a service and service connections (e. g. DB connections) between servers. In particular, if the impact of a down database is great, you should also prepare tables for monitoring services and monitor whether read/write can be done for specific tables.

Internal monitoring

Internal monitoring is monitoring a monitoring item as a white box. For internal monitoring, the user needs to install the Zabbix Agent in the monitoring target server and allow communication with the Zabbix server, which performs the central monitoring processes. Usually, connection from the server to the agent is established to obtain monitoring information.

Conclusion

In this column, we looked at an overview of Zabbix and external and internal monitoring. In the next column, I’d like to discuss internal monitoring in more detail.

Part 2

Part 3

Satoru Miyazaki

PREVIOUS ARTICLE NEXT ARTICLE