Zabbix: Monitoring Windows Services

Posted on 09/03/2015 · Posted in Microsoft, Zabbix

This time we’re going to look at how to monitor any Windows Service with the Zabbix agent. Zabbix website guide is quite clear, but none the less here’s a short step-by-step guide on how to do it.

1. The Template

When you work with Zabbix, it’s always a good idea to start with a fresh new template, unless the changes you are making will effect ALL the hosts which the template is linked to. Rarely this is the case, and as such a separate template is a good idea. This gives you more control over what you’r doing and how it’s being implemented. To create a new template, navigate to Configuration -> Templates. Click on “New Template” and name it as you please, tutorial if you like. Any new template that you create will automatically be placed in the Templates group, which is good. Give the template a description if you want but other than this, there are no additional requirements for a template. To finish things off, click Add at the bottom of the Template tab to save it.

2. Applications and Items

Open up the template you just created and lets start off by creating a application in the “Applications” view. Click on Create Application on the top right corner of the Zabbix webpage and give the Application a name. If you look at any other template, that is created while Zabbix is installed, an Application contains one or more items. The application you create could be named “Services” or if you want to monitor more than one service that is required for the application to run, you could name it like the Application is. None of this matters, as long as it makes sense to you! Click Add once you’ve named the application and lets move on to the Items, where the magic happens.

Zabbix_Windows_serviceThis brand new template has no items, like it had no applications. We need to define what will be a part of this template and in this case, an Item equals to one service. Click “Create Item” on the top right corner and let’s create our first Windows Service. Give the Item a name, preferably something that describes what you are monitoring. The type should be “Zabbix agent” and the key is what’s important. The key should be service_state[service_name], and the service name you can find from services.msc (win+r to run services.msc). If we were to monitor that Windows Time service is running, open up the properties of “Windows Time“. What would be entered in service_state, is the service name from the properties; W32Time. This tells Zabbix what key to look for within the services. Zabbix gets back a numeric value if the service is running, stopped or something else, so type of information and data type is numeric (unsigned) and Decimal. Specify the update interval according to how critical the application is, 30 seconds should be more than enough for any service. Lastly select the Application you created from the Applications list and give the item a suiting description.

3. The trigger

To get any kind of alarm from the service, we need to create a trigger. Triggers define how to interact with the values that are returned tot he Zabbix Server by the agent. In this case, we receive a numeric decimal value that was defined in the item before. You can use the expression builder if you want, or write the expression yourself. If you use the expression builder, make sure you select the template when you choose what item to interact with.

Zabbix_Windows_service-triggerThe trigger is written inside { } brackets, and starts off with the template name. In my example, I’ve named the template “Template Windows Time Service“. Continued from that, the Item key is written with : in between, the key being in this example service_state[W32Time]. We want to trigger if the value changes, meaning we want to interact with the last value provided using .last().  We want an alert to trigger, if the service state is anything else than running, meaning we use the expression <>0. The value zero comes from how Zabbix agent presents the service state to us. You can find the list of service states here (search for service_state).

Give the trigger a severity that you think is appropriate and your done.

 

4. Testing

Apply this template to a Windows Host you are monitoring, and stop the service if possible. Within a short while, you should see a trigger on your dashboard regarding the service in question. That’s it, you can add multiple applications to this template, and multiple services. But in it’s simplest form, one template may contain one application with one item and it’s trigger.

You can download an example template here: