1 Configuring a network discovery rule

Overview

To configure a network discovery rule used by Zabbix to discover hosts and services:

  • Go to Configuration → Discovery

  • Click on Create rule (or on the rule name to edit an existing one)

  • Edit the discovery rule attributes

Rule attributes

1 Configuring a network discovery rule - 图1

All mandatory input fields are marked with a red asterisk.

ParameterDescription
NameUnique name of the rule. For example, “Local network”.
Discovery by proxyWhat performs discovery:
no proxy - Zabbix server is doing discovery
<proxy name> - this proxy performs discovery
IP rangeThe range of IP addresses for discovery. It may have the following formats:
Single IP: 192.168.1.33
Range of IP addresses: 192.168.1-10.1-255. The range is limited by the total number of covered addresses (less than 64K).
IP mask: 192.168.4.0/24
supported IP masks:
/16 - /30 for IPv4 addresses
/112 - /128 for IPv6 addresses
List: 192.168.1.1-255, 192.168.2.1-100, 192.168.2.200, 192.168.4.0/24
Since Zabbix 3.0.0 this field supports spaces, tabulation and multiple lines.
Update intervalThis parameter defines how often Zabbix will execute the rule.
The interval is measured after the execution of previous discovery instance ends so there is no overlap.
Time suffixes are supported, e.g. 30s, 1m, 2h, 1d, since Zabbix 3.4.0.
User macros are supported, since Zabbix 3.4.0.
Note that if a user macro is used and its value is changed (e.g. 1w → 1h), the next check will be executed according to the previous value (far in the future with the example values).
ChecksZabbix will use this list of checks for discovery. Click on 1 Configuring a network discovery rule - 图2 to configure a new check in a popup window.
Supported checks: SSH, LDAP, SMTP, FTP, HTTP, HTTPS, POP, NNTP, IMAP, TCP, Telnet, Zabbix agent, SNMPv1 agent, SNMPv2 agent, SNMPv3 agent, ICMP ping.
A protocol-based discovery uses the net.tcp.service[] functionality to test each host, except for SNMP which queries an SNMP OID. Zabbix agent is tested by querying an item in unencrypted mode. Please see agent items for more details.
The ‘Ports’ parameter may be one of following:
Single port: 22
Range of ports: 22-45
List: 22-45,55,60-70
Device uniqueness criteriaUniqueness criteria may be:
IP address - no processing of multiple single-IP devices. If a device with the same IP already exists it will be considered already discovered and a new host will not be added.
<discovery check> - either Zabbix agent or SNMP agent check.
Host nameSet the technical host name of a created host using:
DNS name - DNS name (default)
IP address - IP address
<discovery check> - received string value of the discovery check (e.g. Zabbix agent, SNMP agent check)
See also: Host naming.
This option is supported since 4.2.0.
Visible nameSet the visible host name of a created host using:
Host name - technical host name (default)
DNS name - DNS name
IP address - IP address
<discovery check> - received string value of the discovery check (e.g. Zabbix agent, SNMP agent check)
See also: Host naming.
This option is supported since 4.2.0.
EnabledWith the check-box marked the rule is active and will be executed by Zabbix server.
If unmarked, the rule is not active. It won’t be executed.

A real life scenario

In this example, we would like to set up network discovery for the local network having an IP range of 192.168.1.1-192.168.1.254.

In our scenario we want to:

  • discover those hosts that have Zabbix agent running

  • run discovery every 10 minutes

  • add a host to monitoring if the host uptime is more than 1 hour

  • remove hosts if the host downtime is more than 24 hours

  • add Linux hosts to the “Linux servers” group

  • add Windows hosts to the “Windows servers” group

  • use the template Linux for Linux hosts

  • use the template Windows for Windows hosts

Step 1

Defining a network discovery rule for our IP range.

1 Configuring a network discovery rule - 图3

Zabbix will try to discover hosts in the IP range of 192.168.1.1-192.168.1.254 by connecting to Zabbix agents and getting the value from the system.uname key. The value received from the agent can be used to name the hosts and also to apply different actions for different operating systems. For example, link Windows servers to the template Windows, Linux servers to the template Linux.

The rule will be executed every 10 minutes.

When this rule is added, Zabbix will automatically start the discovery and generation of the discovery-based events for further processing.

Step 2

Defining an action for adding the discovered Linux servers to the respective group/template.

1 Configuring a network discovery rule - 图4

The action will be activated if:

  • the “Zabbix agent” service is “up”

  • the value of system.uname (the Zabbix agent key we used in rule definition) contains “Linux”

  • Uptime is 1 hour (3600 seconds) or more

1 Configuring a network discovery rule - 图5

The action will execute the following operations:

  • add the discovered host to the “Linux servers” group (and also add host if it wasn’t added previously)

  • link host to the Linux template. Zabbix will automatically start monitoring the host using items and triggers from the “Linux” template.

Step 3

Defining an action for adding the discovered Windows servers to the respective group/template.

1 Configuring a network discovery rule - 图6

1 Configuring a network discovery rule - 图7

Step 4

Defining an action for removing lost servers.

1 Configuring a network discovery rule - 图8

1 Configuring a network discovery rule - 图9

A server will be removed if “Zabbix agent” service is ‘down’ for more than 24 hours (86400 seconds).