Zabbix and ICTNWK403

The unit ICTNWK403 Manage network and data integrity covers a mixed bag of skills and knowledge around the “development of asset protection processes, determining threats and implementing controls to mitigate risk“: in other words, keeping the show on the road.¬†Topics range from the management of user accounts, file permissions, assets and backups to handling environmental and virus/malware threats and deploying network monitoring systems.

A useful resource for this unit is Zabbix, a Linux-based network monitoring system which like Nagios is one of the leading solutions of its kind in the IT industry today. In addition to monitoring the availability, capacity and configuration of almost any device on a network, Zabbix also provides asset and security management features. Zabbix is open source and freely downloadable from the company website.

Zabbix can be installed on CentOS using the Zabbix repo, or deployed as an appliance  using an Ubuntu-based ISO or one of several VM image formats (OVF, VMDK, QCOW2). Once installed, Zabbix is managed entirely via a neat web-based user interface.

Zabbix collects network data using both an agent and agentless methods. The requirements of ICTNWK403 can probably be fully met using agentless methods including pings (is a device up?), HTML response codes (is a webpage available?) or protocols such as SNMP and ICMP.

Zabbix has been used regularly at SuniTAFE as part of ICTNWK403, where we have deployed the Ubuntu-based VMDK image on VMware. Apart from an initial requirement in our case to convert the VMDK image to thin format, the appliance is easy to get running and “just works” as advertised. Converting the image is a simple one liner run on an ESX host as follows:

vmkfstools -i originaldisk.vmdk -d thin outputdisk.vmdk

Once running, determine the IP address of the Zabbix server. If you need to log in as root to do this, the default credentials are username appliance and password zabbix. Then use any web browser to access the Zabbix user interface as follows:

http://<your-ip-address>/zabbix

The default credentials for the web interface are username Admin (note capital A) and password zabbix.

Once logged in, some simple configuration tasks which do not require the use of agents include:

1: Enable monitoring of the Zabbix server itself:

Configuration -> Hosts -> Zabbix Server

2: Add hosts to be monitored by ping:

Configuration -> Hosts -> Create Host
Add Hostname, Visible Name, Group and IP Address
Add a Template (eg Template ICMP Ping Service)

3: Add inventory/asset details:

Configuration -> Hosts -> Host Inventory

4: Configure LAN discovery:

Configuration -> Discovery -> Local network

5: Check what gets discovered:

Monitoring -> Discovery

More extensive configuration and usage is beyond the scope of this article but here are some links to get you going: