使用zabbix监控Windows指定服务| zabbix Windows service filter
环境:Centos + Zabbix6
问题:使用自带的windows服务监控带出了所有的服务,只想监控特定的服务
解决办法:使用正则表达式过滤
背景:在Zabbix6中,使用自带的windows服务监控带出了所有的服务,只想监控特定的服务,比如数据库,杀毒软件
解决过程:使用过滤器
文章目录
- 1.修改zabbix服务模板:
- 2.编辑自动发现:
- 3.添加过滤器
- 3.1 取得服务名称
- 3.2 编辑自动发现过滤器
- 3.3 添加一条过滤规则
- 4.套用新设定
- 4.1 删除所有服务监控项
- 4.2 运行自动发现服务:
1.修改zabbix服务模板:
zabbix服务监控的模板名称为 Windows services by Zabbix agent
2.编辑自动发现:
关于windows服务的部分,位于自动发现:Windows services discovery
3.添加过滤器
3.1 取得服务名称
通过测试自动发现,取得要监控的服务名称,
可以是:
{$SERVICE.NAME.MATCHES}
{#SERVICE.DISPLAYNAME}
[{"{#SERVICE.NAME}":"AJRouter","{#SERVICE.DISPLAYNAME}":"AllJoyn Router Service","{#SERVICE.DESCRIPTION}":"路由本地 AllJoyn 客户端的 AllJoyn 消息。如果停止此服务,则自身没有捆绑路由器的 AllJoyn 客户端将无法运行。","{#SERVICE.STATE}":6,"{#SERVICE.STATENAME}":"stopped","{#SERVICE.PATH}":"C:\\Windows\\system32\\svchost.exe -k LocalServiceNetworkRestricted -p","{#SERVICE.USER}":"NT AUTHORITY\\LocalService","{#SERVICE.STARTUPTRIGGER}":1,"{#SERVICE.STARTUP}":2,"{#SERVICE.STARTUPNAME}":"manual"},{"{#SERVICE.NAME}":"ALG","{#SERVICE.DISPLAYNAME}":"Application Layer Gateway Service","{#SERVICE.DESCRIPTION}":"为 Internet 连接共享提供第三方协议插件的支持","{#SERVICE.STATE}":6,"{#SERVICE.STATENAME}":"stopped","{#SERVICE.PATH}":"C:\\Windows\\System32\\alg.exe","{#SERVICE.USER}":"NT AUTHORITY\\LocalService","{#SERVICE.STARTUPTRIGGER}":0,"{#SERVICE.STARTUP}":2,"{#SERVICE.STARTUPNAME}":"manual"},{"{#SERVICE.NAME}":"Amsp","{#SERVICE.DISPLAYNAME}":"Trend Micro Solution Platform","{#SERVICE.DESCRIPTION}":"Manages Trend Micro security modules","{#SERVICE.STATE}":0,"{#SERVICE.STATENAME}":"running","{#SERVICE.PATH}":"\"C:\\Program Files\\AsiaInfo Security\\Deep Security Agent\\AMSP\\coreServiceShell.exe\" coreFrameworkHost.exe -m=nb -dt=180000 -ad -bt=0","{#SERVICE.USER}":"LocalSystem","{#SERVICE.STARTUPTRIGGER}":0,"{#SERVICE.STARTUP}":0,"{#SERVICE.STARTUPNAME}":"automatic"},{"{#SERVICE.NAME}":"AppIDSvc","{#SERVICE.DISPLAYNAME}":"Application Identity","{#SERVICE.DESCRIPTION}":"确定并验证应用程序的标识。禁用此服务将阻止强制执行 AppLocker。","{#SERVICE.STATE}":6,"{#SERVICE.STATENAME}":"stopped","{#SERVICE.PATH}":"C:\\Windows\\system32\\svchost.exe -k LocalServiceNetworkRestricted -p","{#SERVICE.USER}":"NT Authority\\LocalService","{#SERVICE.STARTUPTRIGGER}":1,"{#SERVICE.STARTUP}":2,"{#SERVICE.STARTUPNAME}":"manual"},{"{#SERVICE.NAME}":"Appinfo","{#SERVICE.DISPLAYNAME}":"Application Information","{#SERVICE.DESCRIPTION}":"使用辅助管理权限便于交互式应用程序的运行。如果停止此服务,用户将无法使用辅助管理权限启动应用程序,而执行所需用户任务可能需要这些权限。","{#SERVICE.STATE}":6,"{#SERVICE.STATENAME}":"stopped","{#SERVICE.PATH}":"C:\\Windows\\system32\\svchost.exe -k netsvcs -p","{#SERVICE.USER}":"LocalSystem","{#SERVICE.STARTUPTRIGGER}":1,"{#SERVICE.STARTUP}":2,"{#SERVICE.STARTUPNAME}":"manual"},{"{#SERVICE.NAME}":"AppMgmt","{#SERVICE.DISPLAYNAME}":"Application Management","{#SERVICE.DESCRIPTION}":"为通过组策略部署的软件处理安装、删除以及枚举请求。如果该服务被禁用,则用户将不能安装、删除或枚举通过组策略部署的软件。如果此服务被禁用,则直接依赖于它的所有服务都将无法启动。","{#SERVICE.STATE}":6,"{#SERVICE.STATENAME}":"stopped","{#SERVICE.PATH}":"C:\\Windows\\system32\\svchost.exe -k netsvcs -p","{#SERVICE.USER}":"LocalSystem","{#SERVICE.STARTUPTRIGGER}":0,"{#SERVICE.STARTUP}":2,"{#SERVICE.STARTUPNAME}":"manual"},{"{#SERVICE.NAME}":"AppReadiness","{#SERVICE.DISPLAYNAME}":"App Readiness","{#SERVICE.DESCRIPTION}":"当用户初次登录到这台电脑和添加新应用时,使应用进入就绪可用的状态。","{#SERVICE.STATE}":6,"{#SERVICE.STATENAME}":"stopped","{#SERVICE.PATH}":"C:\\Windows\\System32\\svchost.exe -k AppReadiness
这里我们取得服务名称为亚信开头的或者Serv-U开头的,用正则表达式描述为:
(Serv-U.*|亚信.*)
3.2 编辑自动发现过滤器
3.3 添加一条过滤规则
我这里抓的服务显示名称,就写
{#SERVICE.DISPLAYNAME} 匹配 (Serv-U.*|亚信.*|ManageEngine.*|DKEY.*)
更新配置
4.套用新设定
4.1 删除所有服务监控项
配置略