Network administrators are facing an interesting challenge these days. On the one hand, computer networks are not something new anymore. They have been around for quite a while: their physical components and communication protocols are fairly well understood and don't represent a big mystery to an increasing number of professionals. Moreover, network appliances are getting cheaper and easier to set up, to the point that it doesn't take a certified specialist to install and configure a simple network or connect it to other networks. The very concept of networking is so widespread and ingrained in how users and developers think of a computer system that being online in some form is expected and taken for granted. In other words, a computer network is increasingly seen as a commodity.
On the other hand, the very same forces that are calling for simpler, easier, accessible networks are the ones that are actually pushing them to grow more and more complex every day. It's a matter of both quantity and quality. The number of connected devices on a given network is almost always constantly growing and so is the amount of data exchanged: media streams, application data, backups, database queries, and replication tend to saturate bandwidth just as much as they eat up storage space. As for quality, there are dozens of different requirements that factor in a given network setup: from having to manage different physical mediums (fiber, cable, radio, and so on), to the need to provide high performance and availability, both on the connection and on the application level; from the need to increase performance and reliability for geographical links, to providing confidentiality, security, and data integrity at all levels, and the list goes on.
These two contrasting, yet intertwined, tendencies are forcing network administrators to do more (more services, more availability, and more performance) with less (less budget, but also less attention from the management compared to newer, flashier technologies). Now, more than ever, as a network admin, you need to be able to keep an eye on your network in order to keep it in a healthy state, but also to quickly identify and resolve bottlenecks and outages of any kind—or better yet, find ways to anticipate and work around them before they happen. You'll also need to integrate your systems with different tools and environments (both legacy and strategic ones) that will be out of your direct control, such as asset databases, incident management systems, accounting and profiling systems, and so on. Even more importantly, you'll need to be able to show your work and explain your needs in clear, understandable terms to nontechnical people.
Now, if we were to say that Zabbix is the perfect, one-size-fits-all solution to all your network monitoring and management problems, we would clearly be lying. To this day, no such tool exists despite what many vendors want you to believe. Even if they have many features in common, when it comes to monitoring and capacity management, every network has its own quirks, special cases, and peculiar needs, to the point that any tool has to be carefully tuned to the environment or face the risk of becoming useless and neglected very quickly.
What is true is that Zabbix is a monitoring system powerful enough and flexible enough that, with the right amount of work, can be customized to meet your specific needs. And again, those needs are not limited to monitoring and alerting, but also to performance analysis and prediction, SLA reporting, and so on. When using Zabbix to monitor an environment, you can certainly create items that represent vital metrics for the network in order to have a real-time picture of what's happening. However, those same items can also prove very useful to analyze performance bottlenecks and to plan network expansion and evolution. Items, triggers, and actions can work together to let you take an active role in monitoring your network and easily identify and pre-empt critical outages.
In this book, we'll assume that you already know Zabbix as a general-purpose monitoring tool, and that you also used it to a certain extent. Specifically, we won't cover topics such as item, trigger, or action creation and configuration with a basic, step-by-step approach. Here, we want to focus on a few topics that could be of particular interest for network administrators, and we'll try to help them find their own answers to real-world questions such as the following:
I have a large number of appliances to monitor and have to keep monitoring data available for a long time due to regulatory requirements. How do I install and configure Zabbix so that it is able to manage effectively this large amount of data?
What are the best metrics to collect in order to both have an effective real-time monitoring solution and leverage historical data to make performance analysis and predictions?
Many Zabbix guides and tutorials focus on using the Zabbix agent. The agent is certainly powerful and useful, but how do I leverage in an effective and secure way monitoring protocols that are already available on my network, such as SNMP and netflow?
Load balancers, proxies, and web servers sometimes fall under a gray area between network and application administration. I have a bunch of web servers and proxies to monitor. What kind of metrics are most useful to check?
I have a complex network with hosts that are deployed and decommissioned on a daily basis. How do I keep my monitoring solution up-to-date without resorting to long, error-prone manual interventions as much as possible?
Now that I have collected a large amount of monitoring and performance data, how can I analyze it and show the results in a meaningful way? How do I put together the graphs I have available to show how they are related?
In the course of the next few chapters, we'll try to provide some pointers on how to answer those questions. We discuss as many practical examples and real-world applications as we can around the subject of network monitoring, but more than anything, we wanted to show you how it's relatively simple to leverage Zabbix's power and flexibility to your own needs.
The aim of this book is not to provide you with a set of prepackaged recipes and solutions that you can apply uncritically to your own environment. Even though we provided some scripts and code that are tested and working (and hopefully you'll find them useful), the real intention was always to give you a deeper understanding of the way Zabbix works so that you are able to create your own solutions to your own challenges.
We hope we have succeeded in our goal, and that by the end of the book, you'll find yourself a more confident network administrator and a more proficient Zabbix user. Even if this will not be the case, we hope you'll be able to find something useful in the following chapters: we touch upon different aspects of Zabbix and network monitoring and also discuss a couple of less known features that you might find very interesting nonetheless.
So, without further ado, let's get started with the actual content we want to show you.
Chapter 1, Installing a Distributed Zabbix Setup, teaches you how to install Zabbix in a distributed setup, with a large use of proxies. The chapter will guide you through all the possible setup scenarios, showing you the main differences between the active and passive proxy setup. This chapter will explain how to prepare and set up a Zabbix installation, which is ready to be grown within your infrastructure, ready to support you, and monitor a large environment or even a very large one.
Chapter 2, Active Monitoring of Your Devices, offers you a few very useful examples of the different monitoring possibilities Zabbix can achieve by relying on different methods and protocols. You'll see how to query your network from the link level up to routing and network flow using ICMP, SNMP, and log-parsing facilities to collect your measurements. You will also learn how to extract meaningful information from the gathered data using aggregated and calculated items, and configuring complex triggers that will alert you about real network issues while minimizing signal noise and false positives.
Chapter 3, Monitoring Your Network Services, takes you through how to effectively monitor the most critical network services, such as DNS, DHCP, NTP, Apache proxy / reverse proxies, and proxy cache Squid. As it is easy to understand, all of them are critical services where a simple issue can affect your network setup and quickly propagate the issue to your entire network. You will understand how to extract meaningful metrics and useful data from all the listed services, being able then not only to monitor their own reliability, but also to acquire important metrics that can help you to predict failures or issues.
Chapter 4, Discovering Your Network, explains how to deeply automate the monitoring configuration of network objects. It will massively use the built-in discovery feature in order to keep the monitoring solution up-to-date within an evolving network environment. This chapter is divided into two core parts that cover the two main levels of Zabbix's discovery: host discovery and low-level discovery.
Chapter 5, Visualizing Your Topology with Maps and Graphs, shows you how to create complex graphs from your item's numerical values, automatically draw maps that reflect the current status of your network, and bring it all together using screens as a tool to customize monitoring data presentation. This chapter also presents a smart way to automate the initial startup of your Zabbix's setup, making you able to draw network diagrams using maps in a fully automated way. You will then learn a production-ready method to maintain maps while your network is growing or rapidly changing.
Appendix A, Partitioning the Zabbix Database, contains all the required software and stored procedures to efficiently partition your Zabbix database.
Appendix B, Collecting Squid Metrics, contains the software used to monitor Squid.
The software that has been used and is necessary for this book is:
Linux Red Hat Enterprise Linux 6.5 or higher
Zabbix 4.2
Apache HTTPD 2.2
MySQL Server-5.1
Netflow 1.6.12
Nmap
This book also requires an intermediate experience in shell scripting, a basic-to-intermediate knowledge of Python, and an intermediate knowledge of Zabbix.
Anyway, all the examples discussed and proposed in this book are explained well and commented upon. The same approach has been applied even to the software used on this book where it is explained, with a reasonable level of detail, how to set up and configure each software component.
This book is intended for experienced network administrators looking for a comprehensive monitoring solution for their networks. The reader must have a good knowledge of Unix/Linux, networking concepts, protocols, and appliances and a basic-to-intermediate knowledge of Zabbix. The reader will be guided step by step to manage and lead all the important points you will have to deal with. You will then be able to start up an effective and large-environment-ready Zabbix monitoring solution that will be a perfect fit within your network.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "On the Zabbix server-side, you need to carefully set the value of StartTrappers=."
A block of code is set as follows:
#First of all we need to import csv and Networkx import csv import networkx as nx #Then we need to define who is our zabbix server and some other detail to properly produce the DOT file zabbix_service_ipaddr = "192.168.1.100" main_loop_ipaddr = "10.12.20.1"
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
# we can open our CSV file csv_reader = csv.DictReader( open( 'my_export.csv' ), \ delimiter=",", \ fieldnames=( "ipaddress", "hostname", "oid", "dontcare", "neighbors" )) # Skip the header csv_reader.next()
Any command-line input or output is written as follows:
# chkconfig --level 345 zabbix-server on
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "There is a clear warning on the website that warns us with this statement: The Appliance is not intended for serious production use at this time."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.