How to Monitor Remote Servers using Zabbix on Ubuntu 16.04

Zabbix is a free and open source enterprise-ready software used to monitor the availability of systems and network components. Zabbix can monitor thousands of servers, virtual machines or network components simultaneously. Zabbix can monitor almost everything related to a system such as CPU, memory, disk space and IO, processes, network, databases, virtual machines, and web services. If IPMI access is provided to Zabbix then it can also monitor the hardware such as temperature, voltage and so on.

Prerequisites

• A Vultr Ubuntu 16.04 server instance.
• A sudo user.

For this tutorial, we will use 192.0.2.1 as the public IP address of Zabbix server and 192.0.2.2 as public IP address of a Zabbix host which we will monitor remotely. Please make sure to replace all occurrences of the example IP address with your actual public IP addresses.

Update your base system using the guide How to Update Ubuntu 16.04. Once your system has been updated, proceed to install the dependencies.

Install Apache and PHP

Upon installation of Zabbix web, it automatically creates a configuration for Apache web server.

Install Apache web server to serve Zabbix front-end or web UI.

sudo apt -y install apache2

Start Apache web server and enable it to start at boot time automatically.

sudo systemctl start apache2
sudo systemctl enable apache2

Install the latest version of PHP along with the modules required by Zabbix.

sudo apt -y install php php7.0 libapache2-mod-php7.0 php7.0-cli php7.0-gd php7.0-bcmath php7.0-ctype php7.0-xml php7.0-sockets php7.0-mbstring php7.0-gettext php7.0-ldap php7.0-pgsql

Install and Configure PostgreSQL

PostgreSQL is an object-relational database system. Add the PostgreSQL repository in your system.

echo "deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list

Import the repository signing key, and update the package lists.

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update

Install the PostgreSQL database server.

sudo apt -y install postgresql postgresql-contrib

Start the PostgreSQL server and enable it to start automatically at boot time.

sudo systemctl start postgresql
sudo systemctl enable postgresql

Change the password for the default PostgreSQL user.

sudo passwd postgres

Login as the PostgreSQL user.

sudo su - postgres

Create a new PostgreSQL user for Zabbix.

createuser zabbix

PostgreSQL provides the psql shell to run queries on the database. Switch to the PostgreSQL shell by running.

psql

Set a password for the newly created database user for the Zabbix database.

ALTER USER zabbix WITH ENCRYPTED password 'StrongPassword';

Create a new database for Zabbix.

CREATE DATABASE zabbix OWNER zabbix;

Exit from the psql shell.

/q

Switch to the sudo user from the current postgres user.

exit

Install Zabbix

Zabbix provides installation binaries for Ubuntu, which can be installed directly from Zabbix repository. Add the Zabbix repository in your system.

wget http://repo.zabbix.com/zabbix/3.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_3.4-1+xenial_all.deb
sudo dpkg -i zabbix-release_3.4-1+xenial_all.deb
sudo apt update

Install Zabbix server and Zabbix web.

sudo apt -y install zabbix-server-pgsql zabbix-frontend-php

Import the PostgreSQL database, which is shipped along with the application.

zcat /usr/share/doc/zabbix-server-pgsql/create.sql.gz | sudo -H -u zabbix bash -c 'psql -U zabbix zabbix'

You should see something similar to the following at the end of the output.

...
INSERT 0 1
INSERT 0 1
COMMIT

Open the Zabbix configuration file to update the database details.

sudo nano /etc/zabbix/zabbix_server.conf

Find the following lines and update the values according to your database configuration. You will need to uncomment the DBHost and DBPort lines.

DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=StrongPassword
DBPort=5432

Zabbix automatically installs the virtual host file for Apache. We will need to configure the virtual host to update the timezone.

sudo nano /etc/apache2/conf-available/zabbix.conf

Find the following lines.

<IfModule mod_php7.c>
...
#php_value date.timezone Europe/Riga

Update the lines according to your timezone, as shown below.

<IfModule mod_php7.c>
...
php_value date.timezone Asia/Kolkata

Now restart Apache to apply these changes in configuration.

sudo systemctl restart apache2

Also, start the Zabbix server and enable it to automatically start at boot time.

sudo systemctl start zabbix-server
sudo systemctl enable zabbix-server

You should have the Zabbix server up and running. You can check the status of the process.

sudo systemctl status zabbix-server

To access the administration dashboard, you can open http://192.0.2.1/zabbix using your favorite browser. You will see a welcome message. You should have all the prerequisites satisfied on the next interface. Follow the instructions on the installer page to install the software. Once the software has been installed, login using the username Admin and password zabbix. Zabbix is now installed and ready to collect the data from the Zabbix agent.

Setup the Agent on the Server

To monitor the server on which Zabbix is installed, you can set up the agent on the server. The Zabbix agent will gather the event data from the Linux server to send it to the Zabbix server. By default, port number 10050 is used to send the events and data to the server.

Install the Zabbix agent.

sudo apt -y install zabbix-agent

Start the agent and enable it to automatically start at boot time.

sudo systemctl start zabbix-agent
sudo systemctl enable zabbix-agent

Because the communication between the Zabbix agent and the Zabbix server is done locally, there is no need to setup any encryption.

Before the Zabbix server can receive any data, you need to enable the host. Login to the web administration dashboard of the Zabbix server and go to Configuration >> Host. You will see a disabled entry of the Zabbix server host. Select the entry and click the Enable button to enable monitoring of the Zabbix server application and the base system on which the Zabbix server is installed.

Setup Agent on Remote Linux Machines

There are three methods by which a remote Zabbix agent can send events to the Zabbix server. The first method is to use an unencrypted connection, and the second is using a secured pre-shared key. The third and most secure way is to encrypt the transmission using RSA certificates.

Before we proceed to install and configure the Zabbix agent on the remote machine, we need to generate the certificates on the Zabbix server system. In this tutorial, we will use self-signed certificates.

Run the following commands on the Zabbix server as a sudo user.

Create a new directory to store Zabbix keys and generate the private key for the CA.

mkdir ~/zabbix-keys && cd ~/zabbix-keys
openssl genrsa -aes256 -out zabbix-ca.key 4096

It will ask you for a passphrase to protect the private key. Once the private key has been generated, proceed to generate the certificate for the CA.

openssl req -x509 -new -key zabbix-ca.key -sha256 -days 3560 -out zabbix-ca.crt

Provide the passphrase of the private key. It will ask you for a few details about your country, state, organization. Provide the details accordingly.

user@vultr:~/zabbix-keys$ openssl req -x509 -new -key zabbix-ca.key -sha256 -days 3560 -out zabbix-ca.crt
Enter pass phrase for zabbix-ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:My State
Locality Name (eg, city) []:My City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:My Unit
Common Name (e.g. server FQDN or YOUR name) []:Zabbix CA
Email Address []:mail@example.com

We have successfully generated the CA certificate. Generate the private key and CSR for the Zabbix server.

openssl genrsa -out zabbix-server.key 2048
openssl req -new -key zabbix-server.key -out zabbix-server.csr

Please do not provide a passphrase to encrypt the private key when running the above command. Using the CSR, generate the certificate for the Zabbix server.

openssl x509 -req -in zabbix-server.csr -CA zabbix-ca.crt -CAkey zabbix-ca.key -CAcreateserial -out zabbix-server.crt -days 1825 -sha256

Similarly, generate the private key and CSR for Zabbix host or agent.

openssl genrsa -out zabbix-host1.key 2048
openssl req -new -key zabbix-host1.key -out zabbix-host1.csr

Now generate certificate.

openssl x509 -req -in zabbix-host1.csr -CA zabbix-ca.crt -CAkey zabbix-ca.key -CAcreateserial -out zabbix-host1.crt -days 1460 -sha256

Copy the certificates into the Zabbix configuration directory.

sudo mkdir /etc/zabbix/keys
sudo cp zabbix-ca.* zabbix-server.* /etc/zabbix/keys

Provide the ownership of the certificates to the Zabbix user.

sudo chown -R zabbix: /etc/zabbix/keys

Open the configuration file of the Zabbix server to update the path of the certificates.

sudo nano /etc/zabbix/zabbix_server.conf

Find these lines in the configuration file and change them as shown below.

TLSCAFile=/etc/zabbix/keys/zabbix-ca.crt
TLSCertFile=/etc/zabbix/keys/zabbix-server.crt
TLSKeyFile=/etc/zabbix/keys/zabbix-server.key

Save the file and exit from the editor. Restart the Zabbix server so that the changes in configuration can take effect.

sudo systemctl restart zabbix-server

Copy the certificates using the scp command to the host computer which you wish to monitor.

cd ~/zabbix-keys
scp zabbix-ca.crt zabbix-host1.* user@192.0.2.2:~

Make sure that you replace 192.0.2.2 with the actual IP address of the remote host on which you want to install the Zabbix agent.

Install the Zabbix Host

Now that we have copied the certificates to the host system, we are ready to install the Zabbix agent.

From now on, all the commands need to be executed on the host which you wish to monitor.

Add the Zabbix repository into the system.

wget http://repo.zabbix.com/zabbix/3.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_3.4-1+xenial_all.deb
sudo dpkg -i zabbix-release_3.4-1+xenial_all.deb
sudo apt update

Install the Zabbix agent into the system.

sudo apt -y install zabbix-agent

For configuration and setup of Zabbix, head to the Install the Zabbix Host step of Zabbix guide for CentOS 7.