After years of experience with various monitoring tools like Nagios, Icinga, Graphite, Cacti, we considered Zabbix as the most efficient and universal network monitoring tool. It offers best features not only for our but even client’s needs.
First version of zabbix server, client and proxy was released in 2004.
Very useful features are active or passive mode that can be setup for server, client and proxy. Together with discovery, auto registration and auto discovery rules it enables to build complex multi region, multi cloud / provider monitoring platform of networks, servers, applications, network switches, routers, firewalls, printers or any other network device. And especially way more easily to setup than in nagios etc.
For the simplest way of monitoring it is sufficient that monitored device just responses to ICMP ping or support SNMP protocol. E.g. IP cameras, printers, routers, switches, virtual servers, external websites. With zabbix-agent running on target linux or windows servers you can monitor more metrics and gather more data.
Thanks to zabbix proxy you can monitor LAN networks and report data to zabbix server located anywhere (other geo location, datacenter, cloud). Zabbix server, zabbix proxy and zabbix agent software packages are (a bit outdated) are available in official repositories for Debian, Ubuntu or CentOS linux.
There are two types of monitoring modes in zabbix monitoring – active mode and passive mode.
These modes can be setup on server, proxy and agent side. Default option after installation is zabbix server in active mode and zabbix agent in passive mode. In this scenario zabbix server periodically connects to every configured zabbix agent, perform checks specified in multiple templates, collects metrics and show it in zabbix web frontend and firewall on agent side must allow connection on port default 10050 from server. All work is done by server itself, agent just responses to requests from server.
Another option is to set zabbix server into passive mode. Firewall on zabbix server must allow connection from active zabbix agents or proxy on port 10051 (default one). When there’s a need to monitor more complex and/or bigger networks, zabbix proxies come very handy. While zabbix proxy is setup to active mode (and logically zabbix server in passive mode), there’s no need to configure any firewall to allow incoming traffic from zabbix server to proxy. Zabbix proxy collects all data from LAN zabbix clients and send them to server. Workload is mostly done by proxies.
In short active component report to passive component, no need to modify FW for incoming traffic on active hosts.
Zabbix can also exports metrics into external grafana. Alerting can be forwarded to slack, mattermost, jira, redmine, opsgenie etc.