Getting started with Zabbix¶
+Requirements¶
+Zabbix has a set of requirements that need to be met on the hardware level and software level. These requirements can change over time and also depends on the size of your setup and the software you choose. +So before you start buying metal or installing a random database version have a look at the Zabbix documentation and check the latest requirements for the version you want to install. The latest requirements can be found here. Don't forget to select your correct Zabbix version from the list.
+Basic OS configuration before we start¶
+firewall¶
+It's important for our Zabbix server to have an OS that is well prepared before we start to install our monitoring tool. First we need to make sure our firewall is installed.
+# dnf install firewalld --now
Our firewall is installed now, and we are ready to configure the needed ports. For our Zabbix server, we need to allow access to port 10051/tcp this is the port where our Zabbix trapper listens on for incoming data. So we need to open this port in our firewall to allow access to our Zabbix trapper.
+# firewall-cmd --add-service=Zabbix-server --permanent
or if the service is not known
+# firewall-cmd --add-port=10051/tcp --permanent
Note
+Firewalld is the replacement of iptables in Redhat and allows us to make changes available immediately without the need to restart a service. It's possible that your distribution is not using Firewalld in this case you have to look to the documentation of your OS.
+timeserver¶
+Another thing we need to configure is the setup of timeserver and sync our Zabbix server to the timeserver by making use of an ntp client. This needs to be done for the Zabbix server but also for the devices we will monitor as time is very important for Zabbix. Imagine one of our hosts having a time zone that is wrong we could end up looking for a problem in Zabbix that happened 6h ago while it had happened maybe only 2h ago.
+# dnf install chronyd --now
Chrony should be installed now and enabled and running. This can be verified with the command:
+# systemctl status chronyd
Note
+dnf is a packagemanager from RedHat you need to replace dnf with your correct packagemanager like zyper, apt, yum, ... chrony is a replacement for ntpd and does a better job being faster and more accurate. If your OS does not support chrony then maybe ntpd is still available.
+Once Chrony is installed we also need to setup our correct time zone. We can have a look first with 'timedatectl' to see how our time is configured
+# timedatectl
+ Local time: Thu 2023-11-16 15:09:14 UTC
+ Universal time: Thu 2023-11-16 15:09:14 UTC
+ RTC time: Thu 2023-11-16 15:09:15
+ Time zone: UTC (UTC, +0000)
+System clock synchronized: yes
+ NTP service: active
+ RTC in local TZ: no
+Make sure that the service cronyd is active, see above on how to do if you missed it. +We can choose the correct time zone from a list that we can lookup with the following command:
+# timedatectl list-time zones
+This will give us a list with all available time zones. Choose the one closest to you.
+Africa/Abidjan
+Africa/Accra
+
+...
+
+Pacific/Tongatapu
+Pacific/Wake
+Pacific/Wallis
+UTC
+We can now configure our correct time zone with the following command:
+timedatectl set-time zone Europe/Brussels
+When we look again we should see our time zone properly configured.
+# timedatectl
+ Local time: Thu 2023-11-16 16:13:35 CET
+ Universal time: Thu 2023-11-16 15:13:35 UTC
+ RTC time: Thu 2023-11-16 15:13:36
+ Time zone: Europe/Brussels (CET, +0100)
+System clock synchronized: yes
+ NTP service: active
+ RTC in local TZ: no
+Note
+Some people like to install all servers in the UTC time zone so that all server logs are in the same time zone when having servers all over the world. Zabbix supports user based time zone settings so it's possible to keep the time zone in UTC on the server and then add the correct time zone in the user interface if you like.
+We can test if Chrony is syncronizing with the correct timeservers as well by running the command chronyc
+# chronyc
+chrony version 4.2
+Copyright (C) 1997-2003, 2007, 2009-2021 Richard P. Curnow and others
+chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and
+you are welcome to redistribute it under certain conditions. See the
+GNU General Public License version 2 for details.
+
+chronyc>
+Then we type sources
chronyc> sources
+MS Name/IP address Stratum Poll Reach LastRx Last sample
+===============================================================================
+^- 51-15-20-83.rev.poneytel> 2 9 377 354 +429us[ +429us] +/- 342ms
+^- 5.255.99.180 2 10 377 620 +7424us[+7424us] +/- 37ms
+^- hachi.paina.net 2 10 377 412 +445us[ +445us] +/- 39ms
+^* leontp1.office.panq.nl 1 10 377 904 +6806ns[ +171us] +/- 2336us
+Here we can see that we are using a bunch of ntp servers that are not in our own country so we better swicht to some timeservers in our local country or if we have a timeserver in our company we could use this one. We can find some local timeservers here : https://www.ntppool.org/
+To change this we have to edit our config file "/etc/chrony.conf" and replace the existing ntp server with our local one
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+pool 2.centos.pool.ntp.org iburst
+And change it to a local server:
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+pool be.pool.ntp.org iburst
+Don't forget to restart the ntpd client of course.
+# systemctl restart chronyd
+When we look again we will see that we are now using our local timeservers.
+chronyc> sources
+
+MS Name/IP address Stratum Poll Reach LastRx Last sample
+===============================================================================
+^- ntp1.unix-solutions.be 2 6 17 43 -375us[ -676us] +/- 28ms
+^* ntp.devrandom.be 2 6 17 43 -579us[ -880us] +/- 2877us
+^+ time.cloudflare.com 3 6 17 43 +328us[ +27us] +/- 2620us
+^+ time.cloudflare.com 3 6 17 43 +218us[ -83us] +/- 2815us
+Installing Zabbix¶
+Before we can install Zabbix we first have to know how the design is. The Zabbix server has been build op modular based on 3 components.
+-
+
- The Zabbix server +
- The Zabbix web server +
- The Zabbix database +
All these components can be installed on 1 server or can be split over 3 different servers. +The Zabbix server itself is the brain this part is doing all the trigger calculations and sending all the alert. +The database is where the Zabbix server stores its config and all the data that we have gathered. +The web server provides us with a front-end. Note that Zabbix has a API and that this is also located on the front-end and not on the Zabbix server side.
+All these parts have to work together so as you can see in our image above. The Zabbix server needs to read the config and store the data in our database and the Zabbix front-end needs to be able to write the configuration in the database as well. The Zabbix front-end also needs to check the online status of our Zabbix server and needs to read some other information as well.
+For our setup, we will use 2 VM's 1 VM with a Zabbix server and the Zabbix web server and another VM with the database.
+Installing Zabbix with MariaDB¶
+Let us start with the installation of the MariaDB server, you need to create a MariaDB repository configuration file mariadb.repo manually in the following path /etc/yum.repos.d/.
+To create a MariaDB repository file, you can use the following command.
Add the MariaDB repo¶
+vi /etc/yum.repos.d/mariadb.repo
+The above command will create a new repository file, Once it is created, you need to add the following configuration into the file. +Make sure your version, in this case 10.11, is supported by Zabbix by looking at the latest requirements for your version.
+# MariaDB 10.11 RedHatEnterpriseLinux repository list - created 2023-11-01 14:20 UTC
+# https://mariadb.org/download/
+[mariadb]
+name = MariaDB
+# rpm.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
+# baseurl = https://rpm.mariadb.org/10.11/rhel/$releasever/$basearch
+baseurl = https://mirror.23m.com/mariadb/yum/10.11/rhel/$releasever/$basearch
+# gpgkey = https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB
+gpgkey = https://mirror.23m.com/mariadb/yum/RPM-GPG-KEY-MariaDB
+gpgcheck = 1
+
+
+Lets update our OS first with the latest patches
+# dnf update -y
+Install the MariaDB database¶
+Now we are ready to install our MariaDB database.
+# dnf install MariaDB-server MariaDB-client
+We are now ready to enable and start or MariaDB database.
+# systemctl enable mariadb --now
+Once the installation is complete, you can verify the version of the MariaDB server by using the following command:
+# mysql -V
+The output should look like this:
+mysql Ver 15.1 Distrib 10.11.6-MariaDB, for Linux (x86_64) using EditLine wrapper
+And when we ask the status of our MariaDB server we should get an output like this:
+# systemctl status mariadb
+
+● mariadb.service - MariaDB 10.11.6 database server
+ Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: disabled)
+ Drop-In: /etc/systemd/system/mariadb.service.d
+ └─migrated-from-my.cnf-settings.conf
+ Active: active (running) since Sat 2023-11-18 19:19:36 CET; 2min 13s ago
+ Docs: man:mariadbd(8)
+ https://mariadb.com/kb/en/library/systemd/
+ Process: 41986 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
+ Process: 41987 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP_START>
+ Process: 42006 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
+ Main PID: 41995 (mariadbd)
+ Status: "Taking your SQL requests now..."
+ Tasks: 9 (limit: 12344)
+ Memory: 206.8M
+ CPU: 187ms
+Securing the database¶
+It's time to secure our database by removing the test database and user and set our own root password. Run the command mariadb-secure-installation, you should get the following output.
# mariadb-secure-installation
+
+NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
+ SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
+
+In order to log into MariaDB to secure it, we'll need the current
+password for the root user. If you've just installed MariaDB, and
+haven't set the root password yet, you should just press enter here.
+
+Enter current password for root (enter for none):
+OK, successfully used password, moving on...
+
+Setting the root password or using the unix_socket ensures that nobody
+can log into the MariaDB root user without the proper authorisation.
+
+You already have your root account protected, so you can safely answer 'n'.
+
+Switch to unix_socket authentication [Y/n] n
+ ... skipping.
+
+You already have your root account protected, so you can safely answer 'n'.
+
+Change the root password? [Y/n] y
+New password:
+Re-enter new password:
+Password updated successfully!
+Reloading privilege tables..
+ ... Success!
+
+
+By default, a MariaDB installation has an anonymous user, allowing anyone
+to log into MariaDB without having to have a user account created for
+them. This is intended only for testing, and to make the installation
+go a bit smoother. You should remove them before moving into a
+production environment.
+
+Remove anonymous users? [Y/n] y
+ ... Success!
+
+Normally, root should only be allowed to connect from 'localhost'. This
+ensures that someone cannot guess at the root password from the network.
+
+Disallow root login remotely? [Y/n] y
+ ... Success!
+
+By default, MariaDB comes with a database named 'test' that anyone can
+access. This is also intended only for testing, and should be removed
+before moving into a production environment.
+
+Remove test database and access to it? [Y/n] y
+ - Dropping test database...
+ ... Success!
+ - Removing privileges on test database...
+ ... Success!
+
+Reloading the privilege tables will ensure that all changes made so far
+will take effect immediately.
+
+Reload privilege tables now? [Y/n] y
+ ... Success!
+
+Cleaning up...
+
+All done! If you've completed all of the above steps, your MariaDB
+installation should now be secure.
+
+Thanks for using MariaDB!
+Create the Zabbix database¶
+# mysql -uroot -p
+password
+
+MariaDB [(none)]> create database zabbix character set utf8mb4 collate utf8mb4_bin;
+MariaDB [(none)]> grant all privileges on zabbix.* to 'zabbix-web'@'<zabbix-server-ip>' identified by '<zabbix-web password>';
+MariaDB [(none)]> grant all privileges on zabbix.* to 'zabbix-srv'@'<zabbix-server-ip>' identified by '<zabbix-srv password>';
+MariaDB [(none)]> grant all privileges on zabbix.* to 'zabbix-web'@'localhost' identified by '<zabbix-web password>';
+MariaDB [(none)]> grant all privileges on zabbix.* to 'zabbix-srv'@'localhost' identified by '<zabbix-srv password>';
+MariaDB [(none)]> set global log_bin_trust_function_creators = 1;
+MariaDB [(none)]> quit
+Warning
+The Zabbix documentation explicitly mentions that deterministic triggers need to be created during the import of schema. On MySQL and MariaDB, this requires GLOBAL log_bin_trust_function_creators = 1 to be set if binary logging is enabled and there is no superuser privileges and log_bin_trust_function_creators = 1 is not set in MySQL configuration file.
+Add the Zabbix repository and populate the DB¶
+# rpm -Uvh https://repo.zabbix.com/zabbix/6.5/rocky/9/x86_64/zabbix-release-6.5-2.el9.noarch.rpm
+# dnf clean all
+# dnf install zabbix-sql-scripts
+Upload the data from zabbix (db structure, images, user, ... )
+# zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix-srv -p zabbix
+Warning
+Depending on the speed of your hardware or VM this can take a few seconds upto a few minutes so please don't cancel just sit and wait for the prompt
+Log back into your MariaDB Database as root
+# mysql -uroot -p
+Remove the global parameter again as its not needed anymore and also for security reasons.
+MariaDB [(none)]> SET GLOBAL log_bin_trust_function_creators = 0;
+Query OK, 0 rows affected (0.001 sec)
+Configure the firewall¶
+One last thing we need to do is open the firewall and allow incoming connections for the MariaDB database from our Zabbix server because at the moment we dont accept any connections yet.
+# firewall-cmd --list-all
+public (active)
+ target: default
+ icmp-block-inversion: no
+ interfaces: enp0s3 enp0s8
+ sources:
+ services: cockpit dhcpv6-client ssh
+ ports:
+ protocols:
+ forward: yes
+ masquerade: no
+ forward-ports:
+ source-ports:
+ icmp-blocks:
+ rich rules:
+First we will create an appropriate zone for our MariaDB and open port 3306/tcp but only for the ip from our Zabbix server.
+# firewall-cmd --new-zone=mariadb-access --permanent
+success
+
+# firewall-cmd --reload
+success
+
+# firewall-cmd --get-zones
+block dmz drop external home internal mariadb-access nm-shared public trusted work
+
+# firewall-cmd --zone=mariadb-access --add-source=<zabbix-serverip> --permanent
+
+success
+# firewall-cmd --zone=mariadb-access --add-port=3306/tcp --permanent
+
+success
+# firewall-cmd --reload
+Now lets have a look to our firewall rules to see if they are what we expected:
+# firewall-cmd --zone=mariadb-access --list-all
+mariadb-access (active)
+ target: default
+ icmp-block-inversion: no
+ interfaces:
+ sources: <ip from zabbix-server>
+ services:
+ ports: 3306/tcp
+ protocols:
+ forward: no
+ masquerade: no
+ forward-ports:
+ source-ports:
+ icmp-blocks:
+ rich rules:
+Our database server is ready now to accept connections from our Zabbix server :). +You can continue with the next task Installing the Zabbix Server
+Installing Zabbix with MySQL¶
+ToDo
+Installing Zabbix with PostgreSQL¶
+ToDo
+Setting up Zabbix HA¶
+ToDo
+Installing the Zabbix Server¶
+Before you start to install your Zabbix server make sure the server is properly configure as we explained in our topic Basic OS configuration before we start.
+Something else that is important in this case is that we need to disable SELinux. We will see later in chapter Securing Zabbix how to do this properly.
+We can check the status of SELinux with the command sestatus :
# sestatus
+SELinux status: enabled
+SELinuxfs mount: /sys/fs/selinux
+SELinux root directory: /etc/selinux
+Loaded policy name: targeted
+Current mode: enforcing
+Mode from config file: enforcing
+Policy MLS status: enabled
+Policy deny_unknown status: allowed
+Memory protection checking: actual (secure)
+Max kernel policy version: 33
+As you can see we are now in enforcing mode.
+To disable SELinux just run setenforce 0 to disable it.
# setenforce 0
+# sestatus
+
+SELinux status: enabled
+SELinuxfs mount: /sys/fs/selinux
+SELinux root directory: /etc/selinux
+Loaded policy name: targeted
+Current mode: permissive
+Mode from config file: enforcing
+Policy MLS status: enabled
+Policy deny_unknown status: allowed
+Memory protection checking: actual (secure)
+Max kernel policy version: 33
+As you can see our current mode is now permissive.
+However this is not persistent so we also need to alter our SELinux configuration file. This can be done by altering the file /etc/config/selinux and replacing enforcing by permissive.
+A more easy way is to run the following command :
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
+This line will alter the config file for you. So when we run sestatus again we will see that we are in permissive mode and that our config file is also in permissive mode.
We can verify this with our cat commando.
+# cat /etc/selinux/config
+
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+# See also:
+# https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/#getting-started-with-selinux-selinux-states-and-modes
+#
+# NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also
+# fully disable SELinux during boot. If you need a system with SELinux
+# fully disabled instead of SELinux running with no policy loaded, you
+# need to pass selinux=0 to the kernel command line. You can use grubby
+# to persistently set the bootloader to boot with selinux=0:
+#
+# grubby --update-kernel ALL --args selinux=0
+#
+# To revert back to SELinux enabled:
+#
+# grubby --update-kernel ALL --remove-args selinux
+#
+SELINUX=permissive
+# SELINUXTYPE= can take one of these three values:
+# targeted - Targeted processes are protected,
+# minimum - Modification of targeted policy. Only selected processes are protected.
+# mls - Multi Level Security protection.
+SELINUXTYPE=targeted
+And we can also verify it with our commando setstatus
# sestatus
+
+SELinux status: enabled
+SELinuxfs mount: /sys/fs/selinux
+SELinux root directory: /etc/selinux
+Loaded policy name: targeted
+Current mode: permissive
+Mode from config file: permissive
+Policy MLS status: enabled
+Policy deny_unknown status: allowed
+Memory protection checking: actual (secure)
+Max kernel policy version: 33
+Adding the Zabbix repository¶
+From the Zabbix Download page select the correct Zabbix version you would like to install. In our case it will be 7.0 LTS. Select the correct OS distribution as well. This will be Rocky Linux 9 in our case. We are going to install the Server and will be using NGINX.
+
Our first step is to disable Zabbix packages provided by EPEL, if you have it installed. Edit file /etc/yum.repos.d/epel.repo and add the following statement.
+[epel]
+...
+excludepkgs=zabbix*
+Tip
+Having the EPEL repository enabled is a bad practice and could be dangerous if you use EPEL it's best to disable the repo and use dnf install
Our next task is to install the Zabbix repository on our OS and do a dnf cleanup so that old cache files from our repository metadata is cleaned up.
+rpm -Uvh https://repo.zabbix.com/zabbix/6.5/rocky/9/x86_64/zabbix-release-6.5-2.el9.noarch.rpm
+dnf clean all
+Note
+A repository is a config in Linux that you can add to make packages available for you OS to install. The best way to look at it is maybe to think of it like an APP store that you add where you can find the software of your vendor. In this case the repository form Zabbix. There are many repositories you can add but you should be sure that they can be trusted. So it's always a good idea to stick to the repositories of your OS and only add extra repositories when you are sure they are to be trusted and needed. In our case the repository is from our vendor Zabbix so it should be safe to add. Epel is another popular repository for RedHat systems that is considered to be safe.
+Installing the Zabbix server for MySQL¶
+Now that we have our repository with software added to our system we are ready to install our Zabbix server and webserver. Remember the webserver could be installed on another system. There is no need to install both on the same server.
+dnf install zabbix-server-mysql
Now that we have installed our packages for the Zabbix server and our frontend we still need to change the configuration of our Zabbix server so that we can connect to our database. Open the file /etc/zabbix/zabbix_server.conf and replace the following lines:
DBHost=<ip or dns of your MariaDB server>
+DBName=<the name of your database>
+DBUser=<the user that will connect to the database>
+DBPassword=<your super secret password>
+Make sure you don't have a '#' in front of the config parameter else Zabbix will see this as text and not as a parameter. Also make sure that there are not extra duplicate lines Zabbix will always take the last config parameter if there is more then 1 line with the same parameter
+In our case the config will look like this:
+# vi /etc/zabbix/zabbix_server.conf
+
+DBHost=<ip or dns of your MariaDB server>
+DBName=zabbix
+DBUser=zabbix-srv
+DBPassword=<your super secret password>
+Note
+The Zabbix server configuration file has the option to include an extra config file with parameters you like to alter or add. In production it's probably better to not touch the configuration file but to add a new file and include the parameters you like to change. This way you never have to edit your original configuration file after an upgrade it will also make your life more easy when working with configuration tools like Ansible, Puppet, SaltStack, .... The only thing that needs to be done is remove the # in front of the line '# Include=/usr/local/etc/zabbix_server.conf.d/*.conf' and make sure the path exists with a customized config file of your won that is readable by the user zabbix.
+Ok now that we have changed the configuration of you Zabbix server so that it is able to connect to our DB we are ready to start. Run the following command to enable the Zabbix server and make it active on boot next time.
+systemctl enable zabbix-server --now
Our Zabbix server service will start and if everything goes well you should see in the Zabbix server log file the following output
+tail /var/log/zabbix/zabbix_server.log
1123:20231120:110604.440 Starting Zabbix Server. Zabbix 7.0.0alpha7 (revision 60de6a81aca).
+ 1123:20231120:110604.440 ****** Enabled features ******
+ 1123:20231120:110604.440 SNMP monitoring: YES
+ 1123:20231120:110604.440 IPMI monitoring: YES
+ 1123:20231120:110604.440 Web monitoring: YES
+ 1123:20231120:110604.440 VMware monitoring: YES
+ 1123:20231120:110604.440 SMTP authentication: YES
+ 1123:20231120:110604.440 ODBC: YES
+ 1123:20231120:110604.440 SSH support: YES
+ 1123:20231120:110604.440 IPv6 support: YES
+ 1123:20231120:110604.440 TLS support: YES
+ 1123:20231120:110604.440 ******************************
+ 1123:20231120:110604.440 using configuration file: /etc/zabbix/zabbix_server.conf
+ 1123:20231120:110604.470 current database version (mandatory/optional): 06050143/06050143
+ 1123:20231120:110604.470 required mandatory version: 06050143
+ 1124:20231120:110604.490 starting HA manager
+ 1124:20231120:110604.507 HA manager started in active mode
+ 1123:20231120:110604.508 server #0 started [main process]
+ 1126:20231120:110604.509 server #2 started [configuration syncer #1]
+ 1125:20231120:110604.510 server #1 started [service manager #1]
+ 1133:20231120:110604.841 server #9 started [lld worker #1]
+ 1132:20231120:110604.841 server #8 started [lld manager #1]
+ 1134:20231120:110604.841 server #10 started [lld worker #2]
+If there was an error and the server was not able to connect to the database you would see something like this in the server log file :
+ 10773:20231118:213248.570 Starting Zabbix Server. Zabbix 7.0.0alpha7 (revision 60de6a81aca).
+ 10773:20231118:213248.570 ****** Enabled features ******
+ 10773:20231118:213248.570 SNMP monitoring: YES
+ 10773:20231118:213248.570 IPMI monitoring: YES
+ 10773:20231118:213248.570 Web monitoring: YES
+ 10773:20231118:213248.570 VMware monitoring: YES
+ 10773:20231118:213248.570 SMTP authentication: YES
+ 10773:20231118:213248.570 ODBC: YES
+ 10773:20231118:213248.570 SSH support: YES
+ 10773:20231118:213248.570 IPv6 support: YES
+ 10773:20231118:213248.570 TLS support: YES
+ 10773:20231118:213248.570 ******************************
+ 10773:20231118:213248.570 using configuration file: /etc/zabbix/zabbix_server.conf
+ 10773:20231118:213248.574 [Z3001] connection to database 'zabbix' failed: [2002] Can't connect to server on 'xxx.xxx.xxx.xxx' (115)
+ 10773:20231118:213248.574 database is down: reconnecting in 10 seconds
+ 10773:20231118:213258.579 [Z3001] connection to database 'zabbix' failed: [2002] Can't connect to server on 'xxx.xxx.xxx.xxx' (115)
+ 10773:20231118:213258.579 database is down: reconnecting in 10 seconds
+Let's check the Zabbix server service to see if it's enabled so that it survives a reboot
+# systemctl status zabbix-server
+
+● zabbix-server.service - Zabbix Server
+ Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; enabled; preset: disabled)
+ Active: active (running) since Mon 2023-11-20 11:06:04 CET; 1h 2min ago
+ Main PID: 1123 (zabbix_server)
+ Tasks: 59 (limit: 12344)
+ Memory: 52.6M
+ CPU: 20.399s
+ CGroup: /system.slice/zabbix-server.service
+ ├─1123 /usr/sbin/zabbix_server -c /etc/zabbix/zabbix_server.conf
+ ├─1124 "/usr/sbin/zabbix_server: ha manager"
+ ├─1125 "/usr/sbin/zabbix_server: service manager #1 [processed 0 events, updated 0 event tags, deleted 0 problems, synced 0 service updates, idle 5.008686 sec during 5.016382 sec]"
+ ├─1126 "/usr/sbin/zabbix_server: configuration syncer [synced configuration in 0.092797 sec, idle 10 sec]"
+ ├─1127 "/usr/sbin/zabbix_server: alert manager #1 [sent 0, failed 0 alerts, idle 5.027620 sec during 5.027828 sec]"
+ ├─1128 "/usr/sbin/zabbix_server: alerter #1 started"
+ ├─1129 "/usr/sbin/zabbix_server: alerter #2 started"
+ ├─1130 "/usr/sbin/zabbix_server: alerter #3 started"
+ ├─1131 "/usr/sbin/zabbix_server: preprocessing manager #1 [queued 1, processed 2 values, idle 5.490312 sec during 5.490555 sec]"
+ ├─1132 "/usr/sbin/zabbix_server: lld manager #1 [processed 1 LLD rules, idle 5.028973sec during 5.029123 sec]"
+ ├─1133 "/usr/sbin/zabbix_server: lld worker #1 [processed 1 LLD rules, idle 60.060180 sec during 60.085009 sec]"
+ ├─1134 "/usr/sbin/zabbix_server: lld worker #2 [processed 1 LLD rules, idle 60.065526 sec during 60.095165 sec]"
+ ├─1135 "/usr/sbin/zabbix_server: housekeeper [deleted 0 hist/trends, 0 items/triggers, 0 events, 0 sessions, 0 alarms, 0 audit items, 0 autoreg_host, 0 records in 0.019108 sec, idle for 1 hour(s)]"
+ ├─1136 "/usr/sbin/zabbix_server: timer #1 [updated 0 hosts, suppressed 0 events in 0.002856 sec, idle 59 sec]"
+ ├─1137 "/usr/sbin/zabbix_server: http poller #1 [got 0 values in 0.000059 sec, idle 5 sec]"
+ ├─1138 "/usr/sbin/zabbix_server: discovery manager #1 [processing 0 rules, 0.000000% of queue used, 0 unsaved checks]"
+ ├─1139 "/usr/sbin/zabbix_server: history syncer #1 [processed 0 values, 0 triggers in 0.000036 sec, idle 1 sec]"
+ ├─1140 "/usr/sbin/zabbix_server: history syncer #2 [processed 1 values, 0 triggers in 0.005016 sec, idle 1 sec]"
+ ├─1141 "/usr/sbin/zabbix_server: history syncer #3 [processed 0 values, 0 triggers in 0.000031 sec, idle 1 sec]"
+ ├─1142 "/usr/sbin/zabbix_server: history syncer #4 [processed 0 values, 0 triggers in 0.000014 sec, idle 1 sec]"
+ ├─1143 "/usr/sbin/zabbix_server: escalator #1 [processed 0 escalations in 0.005587 sec, idle 3 sec]"
+ ├─1144 "/usr/sbin/zabbix_server: proxy poller #1 [exchanged data with 0 proxies in 0.000010 sec, idle 5 sec]"
+ ├─1145 "/usr/sbin/zabbix_server: self-monitoring [processed data in 0.000016 sec, idle 1 sec]"
+ ├─1146 "/usr/sbin/zabbix_server: task manager [processed 0 task(s) in 0.002511 sec, idle 5 sec]"
+ ├─1147 "/usr/sbin/zabbix_server: poller #1 [got 0 values in 0.000009 sec, idle 1 sec]"
+ ├─1148 "/usr/sbin/zabbix_server: poller #2 [got 1 values in 0.000232 sec, idle 1 sec]"
+ ├─1149 "/usr/sbin/zabbix_server: poller #3 [got 0 values in 0.000015 sec, idle 1 sec]"
+ ├─1150 "/usr/sbin/zabbix_server: poller #4 [got 0 values in 0.000010 sec, idle 1 sec]"
+This concludes our chapter on installing and configuring our Zabbix server. +Next we have to configure our frontend. You can have a look at Installing Zabbix frontend with Nginx or Installing Zabbix frontend with Apache
+Installing Zabbix frontend with Nginx¶
+Before we can configure our frontend we need to install our package first. If you run the frontend on the same server as the Zabbix server then there is nothing else you have to do you can just run the following command on your server to install the packages needed for our frontend to install:
+dnf install zabbix-web-mysql zabbix-nginx-conf
+In case the frontend is on another server installed you need to add the Zabbix repository first like we did on our Zabbix server. In case you forgot or just skipped to this topic and don't know how to do this have a look at Adding the Zabbix repository
+First thing we have to do is alter the Nginx configuration file so that we don't use the standard config.
+vi /etc/nginx/nginx.conf
+In this config look for the followin block that starts with :
+ server {
+ listen 80;
+ listen [::]:80;
+ server_name _;
+ root /usr/share/nginx/html;
+
+ # Load configuration files for the default server block.
+ include /etc/nginx/default.d/*.conf;
+And place the following lines in comment:
+ server {
+# listen 80;
+# listen [::]:80;
+# server_name _;
+# root /usr/share/nginx/html;
+We now have to alter the Zabbix configuration file so that it matches our setup. Edit the following file:
+vi /etc/nginx/conf.d/zabbix.conf
+server {
+ listen 8080;
+ server_name example.com;
+
+ root /usr/share/zabbix;
+
+ index index.php;
+Replace the first 2 lines with the correct port and domain for your frontend in case you don't have a domain you can replace server_name with _; like in the exaple below:
+server {
+# listen 8080;
+# server_name example.com;
+ listen 80;
+ server_name _;
+
+ root /usr/share/zabbix;
+
+ index index.php;
+We are now ready to start our websever and enable it so that it comes online after a reboot.
+systemctl enable nginx --now
+Let's verify if the service is properly started and enabled so that it survives our reboot next time.
+# systemctl status nginx
+
+● nginx.service - The nginx HTTP and reverse proxy server
+ Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
+ Drop-In: /usr/lib/systemd/system/nginx.service.d
+ └─php-fpm.conf
+ Active: active (running) since Mon 2023-11-20 11:42:18 CET; 30min ago
+ Main PID: 1206 (nginx)
+ Tasks: 2 (limit: 12344)
+ Memory: 4.8M
+ CPU: 38ms
+ CGroup: /system.slice/nginx.service
+ ├─1206 "nginx: master process /usr/sbin/nginx"
+ └─1207 "nginx: worker process"
+
+Nov 20 11:42:18 zabbix-srv systemd[1]: Starting The nginx HTTP and reverse proxy server...
+Nov 20 11:42:18 zabbix-srv nginx[1204]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+Nov 20 11:42:18 zabbix-srv nginx[1204]: nginx: configuration file /etc/nginx/nginx.conf test is successful
+Nov 20 11:42:18 zabbix-srv systemd[1]: Started The nginx HTTP and reverse proxy server.
+The service is running and enabled so there is only 1 thing left to do before we can start the configuration in the GUI and that is to configure our firewall to allow incoming communication to the webserver.
+firewall-cmd --add-service=http --permanent
+firewall-cmd --reload
+Open your browser and go to the url or ip of your frontend :
+http://<ip or dns of the zabbix frontend server>/
+If all goes well you should be greeted with a Zabbix welcome page. +In case you have an error check the configuration again or have a look at the nginx log file :
+/var/log/nginx/error.log
or run
+journalctl -xe
This should help you in locating the errors you made.
+When you point your browser to the correct URL you should be greeted with a page like here :
+
As you see there is only a limited list of local translations available on our Zabbix frontend to choose from
+
What if we want to install Chinese as language or another language from the list ? +Run the next command to get a list of all locales available for your OS.
+dnf list glibc-langpack-*
This will give you a list like
+Installed Packages
+glibc-langpack-en.x86_64
+Available Packages
+glibc-langpack-aa.x86_64
+...
+
+glibc-langpack-zu.x86_64
+Let's search for our Chinese locale to see if it is available. As you can see the code starts with zh
+# dnf list glibc-langpack-* | grep zh
+glibc-langpack-zh.x86_64
+glibc-langpack-lzh.x86_64
+The command returns us 2 lines but as we have seen that the code was zh_CN we only have to install the first package.
+# dnf install glibc-langpack-zh.x86_64 -y
+When we return now to our frontend we are able to select the Chinese language.
+Note
+If your language is not available in the frontend don't panic it just means that there is no translation or that the translation was not 100% complete. Zabbis is free and relies on the community for it's translations so you can help in creating the translation. Go to the page https://translate.zabbix.com/ and help us to make Zabbix get better. Once the translation is complete the next Zabbix minor patch version should have your language included.