Let us see first how to create our own triggers. Triggers in Zabbix are ways to check the data that we have gathered for certain thresholds. Later we can use this in Zabbix to send us notifications about certain thresholds that have been exceeded.
To be able to do this recipe, you need a Zabbix server with super administrator access such as the standard admin account that came with the installation. We also need a network device that we can monitor in Zabbix.
- Our first step is to create a simple check. Our simple check will launch a ping command to our host. As host, you can choose any network device that is pingable. If you don't know how to do this, I suggest you go back to Chapter 4, Monitoring with Zabbix and run over the recipe Simple checks. Just a simple check will do. There is no need to add special options.
- Go to your host. This can be done from the menu Configuration | Hosts and click there on Triggers.
- Fill in the Name field, example .
Zabbix agent on {HOST.NAME} is unreachable for 5 minutes. You see in the name{HOST.NAME}; this is a macro that will tell us the hostname when the trigger launches. This will make our life much easier when we get notified later about potential issues:
- Now it's time to write our expression
{host:agent.ping.nodata(5m)}=1. - Host is the name of our host or the template that we use; then we place a
:and after the:we place key with the function and optionally a parameter,agent.ping.nodata(5m), and we end it with our operator or constant.{<server>:<key>.<function>(<parameter>)}<operator><constant> - Now when we look at the Zabbix dashboard Monitoring | Dashboard, we will see in the list with last 20 issues the warning that our Zabbix agent on host2 is down for more than 5 minutes.
In Zabbix when we create an item, we gather certain data from our network. For this we make use of different methods. In our case, we used the simple check to do a ping to an agent. When we want to get notified, we need to tell Zabbix when one of those values is an issue. In other words, we need to tell Zabbix what the threshold is. In our case, it was the value 0. So triggers are some kind of logical expression evaluating the data that we have gathered by our item.
The option Multiple PROBLEM events generation will generate an event in Zabbix every time the trigger evaluates a problem. Else only 1 event will be generated. The description field is helpful to add a description so that the person receiving the alarm will have a clue of what is going on. So it's best to put some meaningful description here. The URL field can be used to send, for example, a URL to a solution webpage. Severity is where we can select the severity level of our trigger. Enabled box speaks for itself; we can enable or disable our trigger here. The tab Dependencies on top can be used to link our trigger to other triggers. This way our trigger will not warn us in case the other trigger is not in a problem state.
As extra, we added the option nodata(5m). This option tells Zabbix to look for our date and warn us if there is no data for 5 minutes. We could replace the 5m with 300. This would be the same as Zabbix would calculate the time in seconds.
If you have issues with ping always returning the value 0. Check SELinux as SELinux is probably blocking Zabbix from using fping option.
One solution for this problem can be:
#grep fping /var/log/audit/audit.log | audit2allow -M zabbix_fping #semodule -i zabbix_fping.pp
- There is more than just the nodata option. More information about those options can be found on the Zabbix website:
https://www.zabbix.com/documentation/2.4/manual/config/triggers.
- Also for the macro, other macros can be used. For example, we can make use of the
$1to display the constant of our expression. Also the macro {HOST.NAME}, could be replaced with another macro. For example, we could make use of $1 to display the constant of our expression in our trigger name. - In our case,
$1could be used to tell us that the value ofpingwas0.https://www.zabbix.com/documentation/2.4/manual/config/triggers/trigger.