Usually, an alarm is generated and is such a process.
If a certain condition is met, then the alarm.
Abstract into a computer language is:
if (Conditiona = = True) {Alet ();}
You can also choose who to call the police (which user), how to alarm (alarm channel), as follows:
if (Conditiona = = True) {Alert (usera.email); Alert (userb.sms);}
If you do not have to deal with the problem of the alarm, you can run some simple problems on the server to the initial processing of some commands, such as Nginx hanging, you can try to restart the service, then this becomes:
if (Conditiona = = True) {Alert (email); Alert (SMS); Excute (command);}
To expand some, the conditions may be more complex:
if (Conditiona = = True && conditionb! = True) {Alert (email); Alert (SMS); Excute (command);}
This is the Zabbix "alarm", Why here "alarm" need to add quotation marks? In fact, after the problem, to carry out some orders, this is not a narrow sense of the "alarm". In Zabbix, this is defined as an action (action), that is, when a certain condition is met, something is done, which is called action. condition is translated as "condition", in Zabbix, action trigger is required conditions, such as belong to a host group host, a trigger is problem state, and so on,
In Zabbix, the way of alarm is attached to the user. That is, you cannot set an action directly to send an email to a mailbox, be sure to set the action to alert a user and send an alert via a mailbox, then send to the user's pre-set email address. This email address is called the user's media, which is the contact information.
The settings for action are described below.
1,action
Action is a very powerful feature that can perform different actions based on the different states of the event, Zabbix. The most common is when the alarm, the alarm will be sent to the corresponding user in various ways.
Currently Zabbix supports action actions that are triggered according to events listed below.
Trigger Events: When the state of Trigger changes, that is, from OK to problem or from problem to OK.
Discovery events: Generated when a network Discovery occurs.
Auto Registration Events: Generated when a new Zabbix agent is automatically registered to Zabbix.
Internal Events: Occurs when item becomes an "exception" state or trigger becomes an "unknown" state.
Enter the action's configuration below.
From the menu bar, "Configuration" → "Actions" into the interface.
In the Event source drop-down box, you can choose to display only the action that depends on a source.
When you click the action entry, you see three tags: action, Condition, Operations. "Action" is used to define some properties and descriptions of the action itself; "Condition" is used to define the various conditional combinations that trigger the action; "Operations" defines actions triggered by the action.
The default is to create an action based on the trigger events, and if you need something else, select the option that corresponds.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/74/2E/wKiom1YWgw6x0uVpAADDx7yEPNM913.jpg "title=" 1.png " alt= "Wkiom1ywgw6x0uvpaaddx7yepnm913.jpg"/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/74/2C/wKioL1YWg9jwQxt4AAKW0dERClA180.jpg "title=" 2.png " alt= "Wkiol1ywg9jwqxt4aakw0dercla180.jpg"/>
The "Action" tab has the following properties to set.
Name: the only action name.
Default Subject: Defaults to the alert header.
Default message: Defaults to the alert.
Recovery message: Recovers messages and sends messages when the alarm returns to normal. Zabbix the trigger of the "OK" state is considered a recovery recovery event. Note: If the escalation mechanism is used, the Recovery event is only triggered once. For an alarm that has been recovery, you can set the alarm title and content like an alert message.
The following points need to be noted:
1, custom recovery information, only for condition, is the "Trigger value is problem" in effect.
2, the recovery information will only be sent to those who have previously received information about this action alert.
3, the recovery information and the action dependent problem generated evnet maintain the same ACK state.
4, in the recovery information, the data in the Event.*macro is based on the EVENT of the problem, not the recovery.
5, in the recovery information, the EVENT. Recovery.* represents data from the RECOVERY event.
Recovery the title of the Subject:recovery information.
Recovery the contents of the Message:recovery information.
Enabled: Whether to enable this action.
2,operation
Operation refers to the actions that the action triggers later, and in Zabbix, you can define the following actions:
Send a message.
Executes a command (including IPMI).
For the discovery event, there are additional actions:
Add a host.
Removes a host.
Enable a host.
Disables a host.
Add host to a host group.
Removes the host from a host Grou.
Associated to a template.
Cancels the association with a template.
For the Auto-registration event, there are additional actions:
Add a host.
Disables a host.
Add host to a host group.
Associated to a template.
When configuring the Operation tab of the action, you can see the currently configured operation and click the "New" button.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/74/2F/wKiom1YWiEeShv9hAAIDGo1FCgw334.jpg "title=" 3.png " alt= "Wkiom1ywieeshv9haaidgo1fcgw334.jpg"/>
The interface for configuring a new operation will then appear
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/74/2F/wKiom1YWiMPQK7EVAANZ09sKD6w656.jpg "title=" 4.png " alt= "Wkiom1ywimpqk7evaanz09skd6w656.jpg"/>
The sections below are explained in detail below.
Default Operation SETP Duration: The minimum is 60 seconds, and if set to 1 hours (that is, 3,600 seconds here), then the next operation will be performed after an operation has been performed for 1 hours.
Action operations: Steps, Details, Start in, Duration (SEC), and action need to be set.
Let's take a look at the settings for operation details.
Step: The execution plan in the process of escalation.
From: Indicates which step to start with.
To: Indicates to which step the end.
Step Duration: The duration of each step, if filled 0, is the value in the "Default Operation SETP duration" above. You can do multiple actions in the same step. If these operations have multiple duration, then the shortest one will be selected to take effect.
Operation type: Select the types of operations, you can choose to have the following two kinds.
-Send message: Sends a message to the user (mail, SMS information, etc.,)
-Remote command: Execute command remotely.
Note: For discovery events and Auto-registration events, you can select more actions here.
The operation specific operation is the core of operation. In Zabbix, the "Send message" and "Remote command" are the most important of the two operation.
What is the core of the alarm? One is to inform the responsible person of the problem, and the other is to have the corresponding measure to the alarm. The former corresponds to the "Send message" function, which corresponds to the "Remote command" function.
For example, when the PHP process of a PHP server quits unexpectedly, Zabbix sends a message to the owner while sending a command to the Zabbix agent to restart the PHP process on the PHP server. This is a great process.
Below, see how to make a custom-made operation.
First look at "Send message", which should be the operation of all action. Even if you can recover automatically (such as a PHP process restart), you need to send the wrong information to the responsible person in time. The configuration for "Send message" has the following points.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/74/2D/wKioL1YWkOXSlQoHAAFANxcGgAw067.jpg "title=" 5.png " alt= "Wkiol1ywkoxslqohaafanxcggaw067.jpg"/>
Send to User groups: You can add some user group to send the alarm batch to all user in the user group.
Send to User: Similar to ' Send to user groups ', only the object that sent the alert is replaced by the user.
Send only to: Select the media type that is used to send the message to the "Send to user groups" and "Send to User". For example, by selecting "Email", an email will be sent to the previous user.
Default message: Use the defaults for the messaging format. Default this is ticked, deselect, you can see the default definition of message format.
Conditions: This is explained later because it is set to be shared by the "Send message" and "Remote command".
Note that chasing fish a host alarm, Zabbix will only send this alarm to the host at least "read" permission to the user. The host associated with at least one expression in trigger is working correctly, that is, the green identity is seen in host.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/74/30/wKiom1YWktDAAXN-AAAMHp34V8c364.jpg "title=" 1.png " alt= "Wkiom1ywktdaaxn-aaamhp34v8c364.jpg"/>
For messages sent out, how to view historical news? How do you know what time the message was sent?
A list of actions that have a trigger can be seen in monitoring→events. Red indicates that the action was unsuccessful; "in progress" means that the action has been triggered; "Failed" means that there is no action trigger success.
When we click the event, we can see the details of the action, including the specifics of the message being sent.
At the same time, we can select action in the Filter by "administration" → "Audit" to see all actions that have occurred over time.
There are several parameters to the "Remote command".
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/74/30/wKiom1YWlBuw2-vVAAE-jl5Pi2Y551.jpg "title=" 2.png " alt= "Wkiom1ywlbuw2-vvaae-jl5pi2y551.jpg"/>
Target list: Select the host to which the command executes, you can select the host that has the problem, specify a host or host group.
Type: Choose the types of commands to execute, where "IPMI", "SSH", "Telnet" are well understood, mainly see the remaining two.
Excute on: You can choose to run the command on the Zabbix agent or Zabbix Server.
Conditions: The following is a separate introduction.
What are the biggest benefits of Remote command? is automatic. Zabbix will execute the corresponding command according to the configured conditions, and see the application Scenario of remote command.
Automatically restarts some apps when the app doesn't respond.
When the server does not respond, use the IPMI "reboot" command to restart the server.
When the disk is full, some files (such as/tmp) are automatically deleted.
Automatic virtual machine provisioning based on CPU load.
Elastic calculation, depending on the system, add or remove cloud nodes.
Zabbix cannot be sent to Zabbix agent via Zabbix Proxy, it must be initiated from Zabbix Server. Moreover, the length of the command sent is also limited, that is, not more than 255 characters, this is more than enough for the General Command, as long as it is not a cat file, and so on, is sufficient. If more than one command is written in multiple lines, Zabbix is executed in the order. Also in remote command, macro definitions are supported.
Remote command is slightly more complex than the message described above. Custom scripts executed on the agent (i.e. custom scripts) must be pre-defined in the zabbix_agentd.conf and "Enableremotecommands" in zabbix_agentd.conf This item is set to 1, or the command cannot be executed remotely. This is inevitable, because the active default Zabbix agent actually does not install the Zabbix agent on the server, how can send the command to it to execute?
Permissions are also a problem for remote execution of commands. By default, Zabbix does not have permission to restart the system service, and if the Zabbix user wants to have a permission, the next sudoer file needs to be modified.
$ vim sudoer# allows "Zabbix" users to run all root commands without a password Zabbix all=nopasswd:all# allow "Zabbix" users to run without a password/etc/init.d/httpd Restart, that is, restart Apachezabbix all=nopasswd:/etc/init.d/httpd restart
If there is more than one class of interface on the host (such as multiple Zabbix agent instances), then Zabbix will choose the default to run.
For the remaining "coditions", it has two options "not ACK" and "ack", "ACK" is the abbreviation of "acknowledge", in Zabbix, think that a certain evnet is "claimed", it can be understood that there is no dealing with this thing. Here the "not ack" and "ack" expressions in this case require the execution of operation. If "Not Ack" is selected, then only if the evnet is not "ack", it needs to be executed.
3,condition
The alarm must be based on a certain condition, such as a server with more than 20% CPU load. In Zabbix, this "condition" is trigger, that can't set an action for each trigger? the best way is to define a certain class of trigger if something goes wrong, agree to trigger an action. That's what Zabbix does, and it abstracts a condition concept between trigger and action. The Chinese meaning of "Condition" is "situation", which can be understood as a certain condition. That is, the action is not a direct and trigger hook, but instead you can configure a set of conditions that, if they are met, execute the action. For example, the CPU load of more than 20% of this trigger, may be CPU-consuming servers do not need to alarm, but for the server does not consume CPU needs. Then you can combine the two conditions "CPU load over 20%" and "Server is CPU intensive", corresponding to Zabbix, which is "cpu>20" and "host belongs to CPU host group".
The most common is the trigger-based evnet, in the following table, referred to as host, refers to the event associated with the trigger host.
This article from "Professor elder brother" blog, reprint please contact the author!
Zabbix Monitoring-Alarm Chapter Actions