Zabbix 5 Application and Network Monitoring

Sean Bradley

Lessons in This Class

79 Lessons (10h 31m)
    • 1. Zabbix Course Introduction

    • 2. Provisioning a Linux to Install Zabbix Server

    • 3. Download and Install The Zabbix Repository

    • 4. Install Zabbix Server, Frontend and Agent

    • 5. Create the Initial Database

    • 6. Configure the PHP front end

    • 7. Start Server and Agent Processes

    • 8. Log in and Configure Zabbix Server Front End

    • 9. Configure a Domain name for the Zabbix Server

    • 10. Configure SSL for Zabbix Server Front end

    • 11. Overview So Far

    • 12. Install Zabbix Agent on Ubuntu on Same Network as Zabbix Server

    • 13. Install Zabbix Agent (Active) on a Windows Host Behind a Firewall

    • 14. Enable Passive Checks on the Windows Host Behind the Firewall

    • 15. Install Zabbix Agent on a Mac OSX Behind a Firewall

    • 16. Install Zabbix Agent on a VM Behind a Firewall

    • 17. Zabbix Agent Auto Registration

    • 18. Install and Configure Zabbix Proxy

    • 19. Configure Zabbix Agent on the Zabbix Proxy

    • 20. Reconfigure Zabbix Agents to use Zabbix Proxy

    • 21. Ensure Zabbix Agent and/or Proxy Auto Starts After Reboot

    • 22. Enable PSK Encryption for Zabbix Agents

    • 23. Enable PSK Encryption for Zabbix Proxy

    • 24. Creating Host Items

    • 25. Creating Host Triggers

    • 26. Creating Host Graphs

    • 27. Use The Email Media Type And Create A Send Only SMTP Server

    • 28. Convert Host Items, Triggers and Graphs to a Template

    • 29. Monitoring Screens

    • 30. Template Defined Screens

    • 31. Creating a Network Map

    • 32. Reading Windows Event Logs

    • 33. Item Preprocessing with Regex

    • 34. Item Preprocessing with JavaScript

    • 35. Item Cloning to Create a PCI DSS Windows Template

    • 36. Import Templates

    • 37. Slack Media Type

    • 38. Telegram Media Type

    • 39. SMS Media Type using AWS SNS

    • 40. Customise Trigger Alert Messages with Macros

    • 41. Add Disk Space History Graph To OS Linux Template Screen

    • 42. Trigger Prototypes and Triggering within a Range

    • 43. Configure Trigger 'Ok Event Generation' to minimise Alert Flapping

    • 44. Remote HTTP Endpoint monitoring using Web Scenarios

    • 45. JSON API Monitoring with the HTTP Agent Item

    • 46. Execute Bat File on Remote Windows Host with Zabbix Agent

    • 47. Execute Python Script on Remote Linux Host with Zabbix Agent

    • 48. Using the 'Zabbix Get' Command

    • 49. Check SSL Certificate Expiry on Websites

    • 50. Log File Monitoring - Nginx Proxy HTTP Status Codes

    • 51. Dependent Items

    • 52. Administration Scripts

    • 53. Manage Docker with Administration Scripts

    • 54. User Parameters

    • 55. Execute Powershell Scripts to Check Windows Updates

    • 56. Calculated Items

    • 57. Calculated Items in LLD

    • 58. Creating Custom LLD Rules - Part 1

    • 59. Creating Custom LLD Rules - Part 2

    • 60. Zabbix Sender and Trapper - Intro and Example 1 - Cron

    • 61. Zabbix5 sender 2 screen

    • 62. Zabbix5 mysql monitoring

    • 63. Setup Grafana with MySQL and Zabbix Data Sources

    • 64. Setup SNMP Hosts in Zabbix

    • 65. Using SNMP OIDs with Hosts

    • 66. Query SNMP Hosts using MIBs

    • 67. Setup LLD Discovery Rules and Actions to Auto Configure SNMP Devices

    • 68. Add a CISCO SNMP Enabled Network Switch

    • 69. Setup SNMP Traps

    • 70. Triggers on SNMP Traps

    • 71. Zabbix 5 Course Update Notice

    • 72. Convert MIBs Files to Zabbix Templates

    • 73. Prometheus Node Exporter Introduction and Install as a Service

    • 74. Prometheus Node Exporter Manual Host Configuration

    • 75. Setup LLD Discovery and Actions to Auto Configure Prometheus Node Exporters

    • 76. Zabbix API Introduction and Examples

    • 77. Zabbix API Testing Tool

    • 78. Zabbix API Python Example

    • 79. Zabbix API User Permissions

  • --
About This Class

Complete Zabbix Monitoring Course covering Server, Proxy, Agents, Trappers, Items, Triggers, Graphs, Screens and LLD of Agents, SNMP & Prometheus Exporters and many other things.

Zabbix is a complete open source monitoring software solution for networks, operating systems and applications.

In this course you will install and extensively configure Zabbix Server, Zabbix Proxy, multiple Zabbix Agents on Windows, Linux and MacOS whether on the same network, or behind a firewall, on dedicated hardware or locally or cloud hosted VMs.

Zabbix can be used in the enterprise or even on you own home network where you can have much better visibility of the things connected and running on it and how they are used.

Teacher Profile Image

Sean Bradley

Course Instructor


Hello, I'm Sean.

For over 20 years I have been an IT professional developing and managing real time, low latency, high availability, asynchronous, multi threaded, remotely managed, fully automated, monitored solutions in the education, aeronautical, banking, drone, gaming and telecommunications industries.

I have also created and written hundreds of Open Source GitHub Repositories, Medium Articles and YouTube video tutorials.

See full profile

1. Zabbix Course Introduction: way. 2. Provisioning a Linux to Install Zabbix Server: so welcome to my course on Zab ICS. I'm gonna take you through installing Zab IX five. I'm going to use a ban to 20.4, focal my skill on Apache predominantly throughout this course, but also provide examples Force sent us in my documentation. Now, I'm gonna need a bigger bunty server from somewhere, and I'm going to use a cloud provider. I'm going to use digital ation. You can use any clap of audio you like, such as AWS azure. JCP hits now, but if you use my link for digital ocean here, you'll get the offer of $100 credit for 60 days when you credit new account on dissolution and you'll be added late services often as you like, and throw them away when you no longer need, um, and try again if you need to. Now, I don't recommend installing Zab ICS and all the agents on production service until you're actually pretty familiar with the software first. But that's what you see is a cloud provider where you can just added lee service as often as you like, with no risk. Now, I will also be demonstrating Zab ICS proxy and agents across different networks. So having my public server in the cloud, which is different than my internal private networks, is very useful during this course. And just to show you how easy it is to create a server that you can use for your zbig serve on digital ocean right droplets, I'm going to use a bun to 20.4 standard communities shapeless, troubled, $5 a month. That's only gonna cost you $10 for two months. But you've got $100 credit there, so make several of them. If you want. That's well and truly within the range, you can put it anyway. A lot of talk and put it NASA name. I haven't s SHK Orian stored in digital ocean. I recommend using ssh case, but if you don't, you can crack itself a password and also choose a host name. For example. Zbig, start your domain dot Tell d very good and then crate the droplet after about a minute, given an I P address and you can now ssh to that server Now, also in this course you get accompanying documentation. There are links alongside the videos in the resource is there's a new page for every video on the course, and also you can come back to it later. And if you miss something and you want a little something again, you just talked Trigger, for example, and you get a list of all the pages of trigger in them or proxy or something like that. And also the information contains all the commands that I've typed in the videos, plus some extras for different operating systems. For example, some information about SQL and how to troubleshoot particular problems you might have. And I update dis regularly. It's all there to help you. Excellent. So let's get started. There's a link that if you wanted excellent. 3. Download and Install The Zabbix Repository: okay is this is my brand new boob unto server. It's a bun to 20. It's on the Internet as an I P address. And this is where I'm going to install. My is a Bix servant. Now, just to be sure what operating system I have, I can type in host name control of that Tennessee bond to 20.8 form. So you need to know which operating system you have so that you can choose to correct repository download on the Zeb bakes download page, install from packages. We can choose different versions. I'm going to stall version five and I'm gonna install it on a bun. Two version 20.4, my skill and Apache. So just know when you change these configurations the girl, whether repositories downloaded from changes right, announces release five Focal. If I select aiding points, there are forces release five bionic. Yeah. Release five. Senor, if I was to use a different operating systems such a sent us and get a different girl again . So the repository URL is very important. It's the same with the versions of 4.4 and Ross Pin, for example. But I'm gonna dent light Vision five. 12 Version 20. My skill, Apache. Today's other three commands that I need enter to use the package manager now to install it . Police version five. Focal now to update a PT. Okay. And now, to confirm the A P T. Has a with the latest Zeb bakes information. A B T search pool is epics. So a P T is aware of the correct is a big versions now so that when we go to install cervix , we get the right version excellent next. 4. Install Zabbix Server, Frontend and Agent: the data installed is Arabic server, front end and the agent. That's the line. Double need. Now this line changes depending on. Of course, the operating system or diversion. Yeah. I mean, stores have exit. I'm using five Final 20 my scalp itchy. That's the line on it to copy. Que a P t. And still Zbig server. My school component is a Bix front end PHP, Zab ICS, Apache, Kant. And there's FX. Agent does have excited on the server is optional, But I recommend you use it, and I'm gonna be using it within the course. And so yes. Okay. Excellent. That took about two minutes to complete. Okay, so now weaken. Just check to see what services were installed. So the 1st 1 pseudo the specifics agent status because it s active running. And we can also checked the service status, and it says inactive did no problem will continue on setting this up 5. Create the Initial Database: Okay, so it's now time to create the initial database. Brow is epics server. Before we can start it on the download page, it gives us some instructions night that if you chose posts, Chris, you would get different commands. So 1 to 20 My school Apache before I run these commands, I want to check that my server has my skewer. And it does occasionally. Depending on the operating system you install, you won't have it. So if you don't have it, why provided some instructions on my documentation page down here? One had to install on a bun to and how to install on sent us. And also, another thing you might want to do is to run the secure installation command before you continue. So I'll do that. Pseudo my skill secure installation into the current password for root. There isn't one. Said the root password. No. Remove anonymous uses. Yes, this layer route looking remotely. Yes. Removed the test database? Yes. Relied privilege tables. Yes, that's very good. Now we can just check its status. Very good. Active running control. See to exit that now we can run these commands My skill. He wrote p Okay, so logged in, you have to create a database with that collection. Create a years old, Zbig said. Local host identified My password Grant all privileges on cervix, stops, starters, epics it localized and quit. Excellent. Next to important schemer does have accepted my school. If you installed the Post press version, that would be page A SQL and note that this could take a minute or two. So just be patient. Let's finish. That was quite quick. And while we're here, we can have a look at that data base. If you like, You can just log in my secure show the other basis and I go. Zeb bakes. Use that weeks show tables select All from is they go to court and quit now it's not finished yet. We have to change the configuration fall to tell it about the database so pseudo No e t c Zab IX z Bix server Scroll down to baby password. It's the day Bain. I'm TB users epics and Dave a password because this is what I talked. Control X to save. Yes and Tom very good. Next 6. Configure the PHP front end: It's now time to configure the pH pay front end and the file all be editing. Is Thea Apache conflict for you? If I used and genetics, they're not get different instructions. But I've used Apache. Okay, So to open that file pseudo nahr e t C's of X, Apache Connor and just down here, the PHP five and for PHP seven were using page pay seven. So this is what we need to do. Just change the time zone, and I'm in London. Somebody use that. So to find out what's a valid string to put here? In my documentation, I have a link to the time zones and depending on where you are on the world example Pacific in the room, you can actually destroyed that. And that would be a time zone prime in Europe. London time. That's everything. X Yes, Excellent. Now it can continue 7. Start Server and Agent Processes: Okay, So they had to start the server nation processes. Remember, these commands are likely to be different depending on your configuration. But I used to bun to and Apache. So restart Zivic server antiseptics agent at you too, and said that they start automatically if I reboot to server able. Okay, so we couldn't check the status. Their pseudo service zap picks status active, running. Excellent. And the item will be running a swell. Very good next. 8. Log in and Configure Zabbix Server Front End: It's now time to log into your news of X server. Have a look at it. The address is going to be http korn slash slash 7 a.m. r I p slash is epics. If you don't know what I p address your server is you can type in if conflict might not have it in starts. No problem. A PT and store at tool. Okay, now, if config and my i p address is there one I date, so I can now visit that in the browser. I usually tp your I p address that you have flesh is epics. There we go. Welcome to Zeb IX five. Next step. Everything is okay. Next step my school Michael host Zeb IQs epics. And the password was password Next and next. Very good. Next Congratulations. Your configuration information was saved here. User shares epics conference that because Khan for PHP finish now, we could log in the default used name is admin with a capital A and the password is septics . So in in excellent that sub x five. If you're used to using previous versions of Zapp picks, the menu is usually across the top here in seven survivors down the left, everything is pretty much the same. So far, all the options of their monitoring by the star configuration hosts. They're all there. That's very good. But the first thing I'd advise doing is going to administration and to use the groups and changing guests to be disabled like sir and no access to the front end disabled that could be used. But his epic SAPI I'm now going to users the Cadman and changed the password uptight, very good Pacific's five. 9. Configure a Domain name for the Zabbix Server: Okay, so everything's good, but I'm using an I P address to access my server and it's not secure, but we'll look at that later. First I'm going to pointed to my name that I pay address. I might have my name provider I have registered. That's up to Maine called Is a Bix for my main domain. Sharma's. It'll come to that new I P address up there, and I did that about an hour ago. It could take quite a while for a domain name changed to propagate so anyway is propagated . Now I can now visit my servo by typing in flash Ravix with high http like So. So there we go. Hasty Teepees epics. Not sure wanted dot com slash is Alex enter and there we go. And I can just log in again. Not secure yet, but we'll do it. Sell the next video. Okay, admin and the password time. There we go. I've looked in. You're already in the next video. We'll look at eso next one 10. Configure SSL for Zabbix Server Front end: okay, so excellent so far. But let's fix this problem now. The connection is not secure. I'm going to use a phrase certificates from a certain body down here open that link and weaken feel in this simple, gooey a pet she You've gone to 20 and then it gives us a set of commands. So I've logged onto my server already, and I'm need to just enter these commands. So a copy. Okay. Okay. That takes about a minute now to suit our A p t install, but end the appropriate plug in Apache. Yes. Okay. And now we can run that lawn pseudo said about Apache. But actually, I'm just gonna add the domain name at the same time being That makes talk shown. Waas year Don't come. Okay. You have to fill in some information. I agree to the terms and conditions. Yes. So now it's up to you. Okay. You know, get a choice to automatically redirect or hey, http requests to hasty DPS. I'm gonna say yes. So that's number two. Okay, congratulations. Your certificate and chain have been saved. So there and now this has raced out of Apache force already. Says you should just work straight away. You've always just to refresh this already it is. Ray directed me to the secure version verified by Let's encrypt connection secure. Very, very good. Now, before, when I changed the administration password, the messages weren't encrypted as they travel across the network. So you may want to update your admin password again to another version. And this time it will be encrypted as it is posted across the network update. Excellent. Okay, So the support that we've just set up should automatically renew by default when the certificate is about to expire. But if you want you condone, try these things out. If you just want just that automatic from your works. Okay. So anyway, that's good. That all works for May. Perfect. 11. Overview So Far: Let's look at what we have so far and how we got there. I got a server in the cloud you bunny 20.4 and I installed is Arabic Sever five on it and their two main processes that will look at here that zbig server process Bhutto's serviced epic server status Active running. And it has his own configuration file and an agent process active running also with its own configuration. For when we installed Tzar Vicks down here on stores have accepted funding an agent. We also installed the agent that was optional, but we did it anyway. So that's why right now we have both of these processes running on our one server. Now, when we look inside Zab ICS monitoring hosts, what we're seeing is this a big server line. This is the agent. That's the interface to the agent that deserving server is calling and it's running on the local computer. 1 27 001 at Port 100 50 and availability Grain and I labeled in this money grab some. We can look at the graphs already. This is all automatically set up for us processes. Network traffic, CPU jumps system load, etcetera. There are many things any Ori configured for us. So we have already quite good. Stats are now Zbig server, and we can look at them over a period of time. So I had this morning 24 hours. Now let's look at the last two days, we can see Datta started coming in there, and they can take a little bit of time to generate. And we can also look at it for the last five minutes or a custom time to get into configuration hosts so we can configure outside vexation inside the sub X server. So this here, even though it says Dabiq, sir. But this is referring to these epics. Agent on the cervix. Click that. That's the agent interface. 1 27 001 We're getting to a via I P. Port once rose about 50. Now, this is important. Whatever you right in here. The host name. When you create a host record inside the cervix user interface that needs to match the name of the host name in the agent conflict. So if I look at the agent config agent there so sudo no, no to the debt fall there and still and scroll down. There's a host time. There's a big server. Large Zidan, smallest cervix, Civilised. The host name. You may not like that version. The host name Course. Get a visible name there if you like the name that was shop in these in the face. If you want that now, if I go up a little bit here, there's two extra properties here. Server. That's the dress off hours. A big server from the perspective off this agent, it's also written down here and server active. Normally, those things are the same. Name the differences so that this is about passage X. Passive chicks are when the serve are explicitly asks for information from the agent. This is about active checks. This is when the agent sends all the information about its items to it. A server without being asked. So this is the address of the server. From the perspective of the agents, they need to be out of reach to your server. Using that address from the perspective of the agent, the default settings for this ethics agent are set up a Ziff. It's the agent running on the same server as deserving service. That's why we didn't have to change anything that will set up different agents in passive or active behind a firewall on different operating systems in the next few videos. So anyway, everything by Defoe is good. It's just important to know about the host name there. That name needs to match the name in the gooey day. Right now. The other important thing about the day faults other templates that were assigned to templates. Assigned template app. Zeb bakes server and Always lawn exploits that ex agent. This template contains passive chicks. Later on, we'll get active chicks on Willis on a template template, always long expose epics. Agent active. It's the same template, but all the items in his temple has said its active chicks and all the items in this template. I said It's passing chicks. Passing checks give you mawr functionality, and we'll go through that later. But these templates were signed. A whole lot of items are created, and all of these items here are from the templates, and it says here these decided me a CPU. Nice time and CPU. User time comes from the module locks CP boys epics agent. That's the name of the template. That's the name of the item, Zab. Ex agent over here. So the type these mains days of passive chicks, another one to get down here is dependent. Autumn. It's part of the same template CPU, idle time CPU utilization. So it's basically upended Item dependent on this passive check just here by the kinds of items that you see by default. Here, these is ABC's internal. Now these come from the template APA's ethics server template. These perform like passive chicks, but you don't identify them as other peasant for active. Just internal chicks. Well, look at this letter. So right now, all these defaults that have been set up for us A pretty good. We got a whole lot of triggers triggers, like events that triggered when an item value both but in some kind of range that you've asked to, and you're gonna have different severity levels here for it. Well, look, it triggers a lot. Later, there's the graphs, arsenal, the graphs. This is how you can modify each of these graphs. If you want more detail, understand how they put together which items appear in the graphs and discovery rules. Now discovery rules are just like items, but they're more dynamic. But examples here are locked devices, mounted file system and networking to face discovery. No, you'll agents that you're set up will have file systems and network interfaces and maybe whatever san or a storage area network. And it was connected. It'll detect that as well. And these are the autumn prototypes, So that's looking for system discovery. This is all quite advanced. Now we look at this letter, but the important thing denied these air also set up as passive checks by default. Zeb Ex Agent E. Doesn't side passive, but just considered as a passive chick anyway. So when we look at the templates here, they're actually many more than two templates. Written templates contain other templates. The first look at the always locks buys epics. Agent there. It's linked templates of those templates there. You can look at those in more detail if you like. This is Day four already set up for us without us needing to do anything, and the availability is grain. Members like more information. We'll talk about later. Next thing I want to show you Year monitoring lightest daughter. There's a lot of information being shown instantly. But if we had several hosts weaken select which hosts we wanna look at and we can find all the latest data. This ZBIG server is getting about the agent. And many of these things will appear in a graph. Sometimes not. Sometimes I'll be text So he history Last five last won at last six last one day okay to the side of might only get updated once a day. You can configure those things. That's the last text that came through for that particular autumn. Another one we can look at is a graph specifically on available memory graph. We left the last three hours like a startup and we can look at it items that are specific to the Zab X Server template the number of process values per second. It's the gruff and we can look at a memory graph and we can also multiple, select and display a stepped graph getting their self for values there that we've just selected. And we can see them as one graph. We'll pray, Craig, they sinks later. But right now would you look at the hosts? We can see this already A whole lot of things. Credit, even screens here, which are various pre configured about lice of graphs, party dashboard and number of hosts and able disabled templates. One in a building that sells affects agent host. None disabled. And there are 144 templates in the system that we could assign. And right now it's FX Server is doing 126 hiding chicks. Zero disabled. Have a good look around and get used to the user interface, and extra lessons will install tomb or agents various places. 12. Install Zabbix Agent on Ubuntu on Same Network as Zabbix Server: Now let's install another agent. And this time it's gonna be on a different server. I'm gonna put it on another rebound 20.0 for accessible of God. But it could be any Bantu or sent or so anything like or even Windows or Mac. But in this exercise, the important thing is that it is also on the Internet or in the cloud I'm calling it. So on my other server, which is completely unrelated to cervix, I just happen to have Refiner running out. I'm gonna install those epics, agent on it, and then I'm going to configure That's epic server and the agent to communicate with each other. And it's also gonna be perceived chicks. So my is a big server is going to be making calls to deserve its agent asking for information. I'm on micro finance over here, and I'm going to install those epics. Agent, My documentation page. I've got a whole lot off pre created command said she could copy from So Bunny 20.4 Vocal on that line There members release five. Focal. If I was using a bono 16 I'd need take his epics. Five. Release 54 senior. Yeah. Nice. A w get very good. Seriously. Package manager even stole it. Sub X release five. Very good. Now a p T. Update so that it's aware of the new packages and a Peattie install xdub ex agent. A preteen stills have excited. Now let's have a look. Pseudo service. The agent status. Okay. Says this is running but hasn't been configured yet. Control. See Sudo, then Our is the configuration fall written force there E T c Zab, Zab X underscore, agent de dot com. What? Let's go down to Okay, boy is FX server addresses epics dot Sharma zero Come. So we've set it up already. You also be different. When the agent receives requests of information from this domain, it will return the information being asked. There's more information just here, if you are. Look at that. Okay, So I'm going to the same for active, even though I won't have any active chicks at the moment. I'm just going to feel that in any way, right? They're my host. Name is not zbig server. It could be anything out Lockers on those. I use the same name in this epics user interface. I'm going to cool it. Bafana with a capital G. That's my highest name. Control X to save. Yes. Now restart the agent. Excellent. Now let's go on to these attics server itself. Configuration posts. And we need to tell exotics about a new host that we've just installed, set up, create host. It's tough, right? Close name, refiner groups. I'm just gonna add it to locks service. It doesn't matter What you decide your groups to bay just helps you to organize your service. The interface I'm going to use DNs Cofina dot Sharma zero cod in Dennis 100 50 votes to ping that address from the command line. And that will find out Server And I don't have any firewall rules blocking 100 50. So I could even telling it to that. Okay, Someone. Why is epic server ping Never go confined it control. See, don't it? There we go. And I could even telling it toe. So basically, the server is going to be able to find deserve ex agent and his at vexation will give it the information back to us asking for eso back in his epics. Okay, so on this page, that's everything I need. I don't have to worry about the i p address yet unless I was connecting by r i p. But I'm connecting void in this nice to the next thing is to add templates. So select templates, operating systems. I'm gonna use the law next template because a salon X server with all the passive items in it, don't there, lan explosive, exciting If it was windows second used or windows like that, agrees Mac os six of BST, etcetera. Also, you don't have to add any templates, but if you don't add a template, you won't get any items. And if there's no items, you won't get any daughter, you create individual items if you like. But get to that. So just select just this one template here. But with a passive chicks add ago, they'll have a new host added to my configuration hosts. Now, now, after a small minor time, that availability will show grain. That is because this is doing passive chicks. We'll talk more about that later to right now. Within a minute or two, I should start seeing data from my grandfather so I could get into monitoring latest data pre selected here Blahniks service. And there it is and apply. There's nothing there yet. I can do show items with that data so I can see what I'm likely to get. Okay, so I'm likely to get all these things, but there's no data they yet because there's nothing show up in last value. So just a little bit patient or we could go into configuration hosts and I could have. I said, I k get me something now, like just anything and sit execute Now on that would've asked right now, some data from these FX agent on Micro Final server. But if you look up here, the availability icon is now showing, so it kind of beat me to it. So if I go back to monitoring later starter, we now see values in the Last Value column. So that agent is working pretty much straight away. So sick of the status at the time, Spain up for a very short amount of time. I ate lettuce data. It's have a look at what its memory Stewart displayed. Graph five minutes. Okay, so we can say that in the graph and also you're not. There are less autumns here. Then they were on the X Server agent. That's because on those epic several agent, I have two templates assigned figuration heist. Also, the other thing is that the discovery rules are still running. That can take a little time to complete. Okay, so template. Oh, Islamic spies. Ethics agent. The discovery rules like a we consider running. Look at the autumns individually, and we can see that there's several issues here. Something's not supported, not a problem that she could look at the eyes So number of ice, too None disabled. 144 templates. Number of items. 206 192 enabled. Falling. Not supported. It doesn't matter. Could disable those if you want to, anyway. OK, it's something else, which is useful to know I'm on my Cofina server where the agent is running. I could also check the log file so I could say tail if Ah Lok Zab ICS Zerbe ICS Agent Lok presenter. And that tells me that there is some errors concerning active check that we don't have any active chicks, so that's not a problem. This message here this is may actually doing the tone in this line of years unrelated to any problems we're having since we're not doing any active chicks. But anyway, the agent is working control. See, I'm on the server now because of the same thing on the server to see if the server was having any issues trying to connect to the hosts. Tail if, uh log Bix Bix server log. There we go. I don't see anything there that's worth worrying about either, anyway, so it's good. But you know, I don't have any problems, so there's nothing to show it really anyway, So control. Si eso Excellent. That's some information about setting up a host in this case was Michael Final Server on the same network as this epic server, and my network happens to be the incident. 13. Install Zabbix Agent (Active) on a Windows Host Behind a Firewall: in this video. I'm going Stool Zab, ex agent on Windows 10. It's gonna be on private network, and it's avoidable. Does that make server, which is on a different network, won't be able to do passive chicks to that this application, unless I credit firewall rule to redirect messages intended for that agent through it. Do that the next video. But for now, to get around that, we can sit up our agent in the U I to do active only chicks that will assign it the active version off a template. Because Windows 10 we should get the installer from the cervix. Download whipsaw on the downloads where page zap mix agents the 1st 1 in the least his windows. Everything is correct for May archive. It's a ZIP file at the time of credit, this video of the M S I version wasn't available, but sooner or later they probably will be in a Misoi self installer that you can use instead. But for now, let's usti zip file so down, Lord de Agent. Okay, so we can open that up and that's T R Corp. They're contains two folders. Zeb bakes agent. We also get to get an ascender processes in the configuration for we have to sit it out manually. So he there's a menu. Okay, so if I scroll down, first thing to do is try to fold up. Okay, So have credit. My folder in C. Zeb bakes. And now to copy the files from the archive to Caesar X. Okay, so been just copy those in and the configuration did it. Yeah. Next open the configuration fall. I'm using visual studio code instead of a basic note. Bad go down. And because we're only doing active chicks, I can pretty much ignore that for now. So that's just sit server active. That's the address that my eyes epic server is accessible from. From this host. If I do Ping confined it. I also have telling it on this computer. Second, also telling it to the server to the server. Port 10051 We got I'm connected and now disconnected. So this agent will be able to send active chicks to server. Okay, So for my host name, I'm just going to use the host name of this computer, which is that Excellent. That's everything you need to do now. the next part is to install it. So we need to open. I command prompt as administrator, I the they Ron has administrator. Very good. It's navigate to that folder in their mind foils, but it's install. It was epics. Agent E Tillett words configuration file is and that is just actually just here de fixation de con within oy. Okay. So deserve exciting installed successfully. If you want log files, you'll find them in the road. Here, there. This is a fixation day look ago. The the host hasn't been set up on the survey. It is listed it now. Okay, in his ABCs ey configuration Most's great new host for the host name into the one that we've put in the configuration file. Visible name, whatever you want. The group. I don't have one for Windows servers, or you can create whatever group name you like. I'm going to create Windows Service and Desprez new. The interface information here doesn't matter. We have been doing any passive chicks from the public survey yet to the agent, so this can just be left as it is. It's mandatory, but it won't be used. So the next press templates select operating systems. Windows is a big agent active. We could choose this template below the passive checks, but would need to set up the firewall rule. But because we're doing all the active checks, we don't have to certify war. Also, choose that one select. Now add no idea. So items for the new host all the items are some exciting active now monitoring latest daughter. That's slick toe host with nurse service. And that's it there. Play. We're not gonna get anything yet because the Zags agent on my host hasn't been started, actually says that there. So what we do is we can open services. So task manager services Vexation says it's stopped. Actually, we just go to the services window of excitement. Double click it. We can see here this information part of excusable, which is very handy if even a note there, any way. Stand up. Top Order Medical Service said it stopped. Start okay. It's using the local system account brilliant anyway, so it's running okay so straight away since we started it up, it's given us some information. So one important thing to know about in the configuration for here, since this is doing active on the checks. This primitively refresh active chicks happens once every two minutes. It asks the server for its lists of active checks that it should be doing. You can modify that if you want, but that's every two minutes. So if you make a change burning the items here, that is highest. It could take roughly about two minutes before you see that change reflected in monitoring latest daughter. Okay, so another important thing to know about this host that's doing on the active chicks is that we're getting data. But it's not showing availability as grain like these other two hosts, but that's a big grain. It needs to be doing at least one passage chick. This template doesn't have any passive chicks that are enabled to look at it more closely. It has one ought imminent. They were well formed in a moment that is disabled. This item is a passive chick system, a local time. This will not work on this host unless I add a firewall rule to forward the messages from the server. We'll discuss that the next video. These two agents are sitting up with the passive versions of their templates, so they work straightaway because they're on the same network. I could have said those up using the active only templates and also credits impassive items . Such is that one here that is disabled. I could enable that, and that would work straightaway because there's no fire war in the middle, not a good one. To know about agents that are only capable of active chicks is that in so monitoring hosts , they took the host name here. These are called administration scripts, and you can create these and we talk about this in the course, you can create specific scripts that you want to run on the host. Those scripts won't work because the server won't be able to get the message to declined while the host to run that script. So that's one of the problems of having an agent only capable of active chicks behind a viable. So we'll discuss fireworks later. So another issue with hosts only capable of doing active only chicks is that you could fake that the sender because basically any message coming to the cervix server with that as the host name is going to be considered valid. So basically I could credit another host and give it exactly the same name. And my server wouldn't know which one is the correct host. So to get around that, you can use tsk encryption. We discuss pay sky encryption light or us well, but for right now, I'm not gonna do that. So that's his annexation is stored on a private network. Happens to be on Windows 10 configured in the serve our to do active. Only chicks don't even have to change any firewall rules. But again, you don't get that grain icon, which is quite useful to look at sort of why I brought excellent. 14. Enable Passive Checks on the Windows Host Behind the Firewall: Okay, let's make this Asian here. Capable of accepting passive checks from the server that's going to configuration hosts. Here, this host, click the items. Let's get right down to the page three. Where this item is, that's disabled end. Enable it. Okay, now you guys have excite. That's D I only passive chick for the sergeant, Mr Michael. Time copy That one problem I have right now is fully configuration off my host That the interface is 1 27 001 So this is going to appear to be correct right from the beginning. We're gonna get data about system local time, but it's gonna be the cervix service system, Michael. Time system, Michael Time. And I'm getting some daughter graph last five minutes. And that is actually this is Arabic service system, Michael. Time because configuration host configuration, that's 1 27 001 What I need to do is all they give it on I p address all the DNS name and whichever port I'm gonna need to be out of. Give in order for the fire war to forward that message from the server to the correct agent on my network. But the first thing I can try and do is to figure out what the external I p addresses of my network. And that's it. There is type. What is my pay into Google or something? So I could add that I pay address here, but it's still not complete yet. My router doesn't know what to do with any messages coming to their to that ports. Only to add something. My firewall is gonna convert that I pee in that port to the address of my Zeb ex agent on my host. Tired of that right now. Okay, So I have configured Mike Firewall Any messages that my firewall sees to that port forwarded on to my host to that port update, And that thing is instantly green. But I wouldn't be trusting that right now because we had that looking at the server local time for a moment. But this should go read any moment in the cabinets. That's a problem with the passive chick. That is because on my configuration, fall on my host, my Windows 10 hosts on a private network. I haven't yet set the servers address. Okay, so it's red now. That took several minutes to actually update there has gone to the agent host configuration for now, that is. He is of ex Agent Deacon and set the correct server address. Because my civic surgeries cervix not shown it would come. Save task manager race. Start the agent party and take note of the interface address there. Okay, So my firewall I have now configured that anything from the outside 100 50. Go onto my internal most 100 50. But it's not over yet. I'll show you on the server, Zab X server here. And I cannot get tell Net to that port. So tone it. That 100 50. It's still trying to connect to the host even though I've set the firewall rule up. So what you gonna do, control? See on your host. Identifiable sittings, Windows Defender, foible Advanced settings in ben rules, new rule poured warm. 00 50. Allow the connection. The main problem public up to you. Cervix. 100 fifties on cooling it. There we go. Now back on those ethics server, I can now tell Mitt to that host very, very good that now amazed after some time that will become available. There we go. That is now getting a system local time using a passive chick from my host. That means even though I've got lots of active checks on this host, I can also have passive chicks. But I got there. I was pointing to ways there. Excellent firewalls could be quite problematic for some people to manage. There's all kinds of firewalls. Later on the course, Austin up the cervix, proxy and all my agents will connect to server by the cervix proxy, which means I don't need to manage firewall rules, but we'll put that light on excellent. 15. Install Zabbix Agent on a Mac OSX Behind a Firewall: Okay, so now I'm gonna stores a fixation on Mac OS six. So I ve insead onto my Mac and I called his epic stand like page open cervix agents were scrolled on. Mako is I've chosen 4.2. I'm not going to store agent version five because I'm unable to get 4.4 and five of the vics agents to work on Mac. Always six. Doesn't matter. This will still work. Not supposed to have different version Asians with your version of cervix. But this still works, so I'm gonna download that now. Download. So if you want to try installing the Asian those ethics five. You can do that. But for my Mac, it doesn't work. I have a Mac OS High Sierra version 10 points. Okay, so this down lighted, that's double Click it in store. Continue. Continue. Agree. Continue in. Store in store closed. Moved to trash. The installer. Okay, the open A terminal. I got eternal. Now we need to edit the configuration for that is in Jozo Michael E T c zer bix, that fixation dot com. So scroll down and four server said it to your server miners. Xev extort. Shawn was a year dot com. I'm also going to sit server active. It is not necessary on this. You actually want active checks if you don't have this perimeter. So if this primary is not specified active checks I disable. So you can just comment that line out completely if you wanted to, But I'm gonna leave it on their my host name. No one's I mag control likes to save. Yes. Okay, now we have to stop and start the service on American. It's more complicated than blocks. That is, to command the pseudo launch control. Unload library, launch demons, Com's Abdic's epics underscore agent d dot Pay list Now he lied it again. Very good. Now I need to configure my firewall to let messages from the server get to my Mac OS six miles epics Agent is listing by default on port 10050 But I'm already redirecting port 10050 to my windows hosts. So my firewall I'm gonna need to create another port. And for that to internal 10050 on the Mac. Okay, so I've done that now. So my existing firewall role from the last videos that So I've created new one. When my roadie gets 10052 I'm gonna ford them to the Shawn's. I make 10050 today I can create the most in Zerbe ICS. Okay, so let's create the host recall Shawn's Oh, I Mac the group. There is no group for Mac, so I'm gonna create one Die, Mac os six. So this cretin you the agent? No, I pay address. Is this from before? But this time the service going to be sending deport 10052 That's good. Templates. Operating systems Mac OS six. Now the MECO a six template doesn't actually have a passive and inactive version of the same template. It just has the older template pre 4.4, which is just passive chicks. Template OS Max. Always six select. Now add. Okay, So Shawn's I Mac Yeah, I can just check telling it from a server like I should get that. Okay, so my my server telnet 10052 Yes, and I'm connected. Excellent tennis to automatically closed came. So that means that should start working straightaway. There are IPs screen now now like that. I stored Zab ex agent for Celtics 4.2, and I've configured it in Zab IX five in the you are monitoring the latest starter Slick. The host thing. Mac OS six shillings. I Mac, it still works. Now. This isn't supposed to work, but it still does. Say, if you are able to get his epic Station five to work on a Mac, you can try his ethics 4.4 or even 64 point to it. But I found on my Mac I had to use a mix 4.2 agent. Anyway, everything works. Secrecy so far was to look at process a lot of my Mac display steps. Graph like a graphic, but now Pierce in my host list. Note how I'm using same my pay, but I'm listening to a different port. But internally, on the Mac, these FX agent is listening on a port 10050 Let's have a look at the pre built gross. It's a very simple template compared to the others. It's much more likely to work in the screens. Excellent 16. Install Zabbix Agent on a VM Behind a Firewall: Okay, so now I'm going to install Zerbe ICS agent on a virtual machine running on my windows 10. I will assign the agent in cervix with the active versions off the template, and I'll also set up a firewall rule so that I could do passive checks. My virtual machine manager is Oracle. Virtual Box is quite a bit of choice. The important thing to know is that your virtual machine is going to need to have an I P address on your network. Do that. Just ensure that if you have a day juicy piece ever like most people do on their home. Routers were on their office networks, slicked attached to British to depth. Um, like that and restart your virtual machines Started to get an I P. Address from your router on the network. So I'm on my virtual machine now. And if I type if con fig roll up a little that steel I paid dressed that my main network router is assigned. That's it there. So each machine on one network has a sign. I pay tress. Another thing. Also, I'm using OS boxes. They have all kinds of virtual machines. If you want to try them out. The important thing to note about OS Boxes machines, though, is the host name is always boxes. So if you do host name control, your host name here will be always boxes. And if you have many virtual machines, that will be called always boxes, which can cause a problem. So just rewrite the host name to being something unique on your network, and you can use the host name control for that example Here. Host name Troll said Host name. I've set you bunter 20 VM and make sure you have powered off the machine and race started it after doing that and after rebooting should be out of just being that from another computer on the same network. Ping on a 20. And again it went on to 1681 does when I way so that is working on my internal network, doesn't I? P address. I can now install Zeb Vexation. Don't so open a terminal that will be w get is epics. Five. Release civics five Local or this one is specific. For a bun to 20 this fame can access the Internet. Let's install the package police file. It's pseudo I pay t update. Oh, did again. Pseudo a p t up now pseudo a Pizzey. So that makes life in agent No, right. Excellent. Now to configure it Sudan and R E T c zer Bix bix agent dot com Have extortion on nausea dot com Also for the active and my highest name. But I knew 20 v m control X Saif Yes, Sweet. I service that ex agent restart and check its status. Okay, It's so good. It's open up those epics configuration most a new host de Bono 20 vm must be exactly the same as what's written in the configuration fall. I can use a capital unto day if I wanted groups Larks service. I must sit the interface now and I'm gonna use 10053 because I've used the ports already. My template will be the active template operating system Long explosive, excite, connective, select and and again figure at my router. So, Aiken rhetoric Port 100532 d u bun to be m So I've done my firewall configuration now to see whether I can telnet to that agent on the V ems on telling it. There is therefore three. Yeah, I can tone it so it wouldn't have any olive firewall rules blocking it anywhere, even on the BM. Depending on the version of the M you use, you might have a firewall by default blocking 10050 But I don't. This is gonna work excellent. So back into to Zab ICS. By this time, I should hopefully be receiving later Starter about my new the M ploy. And I am about 2:20 p.m. Very good. So there's quite a lot of information there. Let's have a look at all the CPU properties here as a stepped graph. Very good. Excellent. Five minutes last 15 minutes. Okay, so that was a virtual machine running on my computer. And I'm using a VM from always boxes that you can use VM smother places. If you look, there will be a slightly different. But that's the general concept. Okay, so that's good. Dallas enable this individual passive chick toe configuration hosts because right now it's not showing availability grain there, So it's update the items and select that specific item that is disabled. Some taste too down here. That being the system local times. The only item that is a passive item in this template that assigns active items. Let's enable them. All right. Local time is now enabled, and after some time, that should start showing grain. So what is go to the host lists now? Not yet. Lawyer? Yes, the autumn updates Every one minute. It should be any time now. And there we go. You Bono 20 enabled. And it's now showing grain because that single passive chick excellent in these are my ex telling two faces that forward to the internalized excellent. 17. Zabbix Agent Auto Registration: All right, I've got two more hosts. I'm going to add this one. He has sent us seven b m. It's gonna be running for my Windows 10 and another server on the Internet. SP co dot net and I've already installed is a fixation on both of these stinks. And in this video, I'm gonna auto register both of those. So that was behind a firewall on that one. Isn't I'm gonna auto add them to the group lilacs hosts, and I'm gonna auto assign them The active law knocks templates case. Let's look at the configuration for the centers here. E t. C is Arabic. So vexation conference. Okay, so I haven't started this year. It's currently stopped. I've set the server being Zerby sexual mosquito calm. But that's not important. Yeah, because not doing any passive chicks. But what's important is the server active here because I'm assigning the template with all the active chicks. The host name is sent off seven vm. And there's one more item down here called host metadata. I'm gonna add that lineups. I could put anything on a day as long as it's less than 255 characters. I'm going to use this information to know which template in which group to assign to on the cervix server during the order registration process during order. Registration is very limited. Darter that the Devon knows about to know what to do with the new host wanting to be registered. You could put something in your host name to say or suggest that it was locks and sent us is pretty good indicator. But not everyone names their hosts like this. So you can use the most metadata property here and just create something, Anything you like. Nice metadata from a equals Locks control X. Yes. Now, on my other server. On the instead, TSB code server missus aged onto it, done the same thing. I have installed the cervix agent on a bun to 18 this time. So that was the euro. Zab X five relates Bionic. There had to be careful about that Sudan NRDC's epics Agent con and you fly scroll down looking my sittings of sit server which was unnecessary until I do passive chicks. But I have sit active have said the host name to be a speak o dot net and my most metadata is also long locks Control X Now, Candace, Ethics configuration hosts. Neither of those service exists in this list. So let's order at them. The down here in actions. Look at this top Drop down here is not very visible in dispersion of sex five, But click order registration actions like that now I can cry in action. I'm gonna call the section Ordo headline. Ex hosts condition. We have some choices here. We could use host, name or host metadata or proxy select host Metadata Contains locks, ed Now click operations, let's and the host then and the host to a group Lord Ex service ad linked to Template. It's like your template. I'm going to use templates, always long expose epics. Agent active at That's very good. And okay, so I have a new action in here that should also add boasts that make active checks to the server was I contain? I submitted data equals locks. Those house should end up e and configuration heists in here. Now, know either of those servers appear in this list yet? Because I need to start those ethics agents on those service because I'm going to start his epics agent on my SP code service of ex agents. Start now. When this starts up, it makes active chicks immediately because it wants to number the configuration from the server. Right now, it's just do status just to make sure it's OK. So good. Okay and all my sent us the pseudo service. Zap picks my agent dot and that's do the status guys active. Now let's go back to have X server you. And if we look at monitoring hosts, well, I sent off seven. VM has already shown up, and so is his big toe dot net, So configuration hosts sent off. Seven of'em now exists in configuration. Heists has several items, so let's have a look at it by default. It goes into the discovered host group that I've also said added to the line Ex service group Daisy Interface Settings that Zivic Server has used does not address in a DNS name because it's coming from my internal network. It's society wants to use I P Doesn't matter. The template is that I was like expose vexation, active or hosts, and from other one sp code dot net time thing is given a night Pia Dennis chosen to use. I p put it into discovered host logic service templates once again. So you could add hosts using that method as well. So what decides to put a discovered hosting the discovered hosts group? Is this sitting down here in administration? General, Politically struck down, down in other Down the bottom. This is group four discovered host sickles discovered hosts. What? You can do anything you like, but that's works quite OK, because here, in monitoring lightest starter, you can also filter by discovered hosts apply, and in the list R s speaker Don't end more. I sent off seven VM. Now, neither of those servers have any passive checks enabled. So you won't get the grain availability or icon. They're my speaker dot Nets on the same network is my is epics serve on. So And I've already set the server parameter, so I could just enable this massive chicks right away. I want to skies done and with the Santos. Well, I'm gonna need a credit with firewall rule for that. I'm not gonna bother until I need to. All right, Speaker don't know. We just also doesn't quite show anything there yet, But if we back of the items there If I search by local time. Nice. Select. Yeah. Execute now because I said passive chick that will work. So hopefully next screen refresh No go. It works. Execute now, as I did, just think doesn't work on active chicks so you cannot send requests. Cannot send roll on unwto so yeah, Excellent says we did his order Added center seven b m end this SP co dot net house both of Malaga. Now, you could do that with all these hosts. But just know that the Mac OS 60 only has passive chicks in its template. So I mean, you could Bonilla action specifically for Mac OS six, but if you max behind a far will registration will happen, but the none of the items will work, And you won't get any data until you credit firewall. Or, of course, you could do that for the windows as well. They're excellent. 18. Install and Configure Zabbix Proxy: So in this video, I'm going to install a Zeb Bakes Proxy. The race of the assistance. I don't want to keep managing firewall rules. When I installed the cabana 22 Windows 10 the Mac OS six, I needed to set up firewall port forwarding Rules said those Arabic Server on a different network could send passive checks to them when I order registered the center. Seven. I didn't credit firewall rule, so I'm unable to send any passive check strictly to that yet. And we don't actually see that showing as available, either. In those epics, you are seven there. But since it's got an active templates, so I'm still getting data for so the band to the windows and sent us. They all have active items which were given to them from the active versions off the templates I signed in the Mac OS six is 100% passive items, so that does need a firewall rule toe work. Because active checks are sent directly to the server. It's like visiting a Web page in your browser. You initiate the request to the server. That's why active checks work and passive checks don't when the server is trying to push to the host. Okay, so first thing I'm gonna do is just delay or my firewall rules and watched the availability change. So I've deleted although firewall rules now. So after some time, the desktop and the Mac won't show the green availability icon anymore. Do you buy into is already Rick. So I've actually got it switched off right now because it's a virtual machine. Okay, there, Ghostie, Mac, and then goes to distort in. Just know I'm still getting active chicks from the desktop, but not from the Mac, because there are no active checks on, so that leads onto the proxy. Now I'm going to install the proxy on a raspberry pi. The proxy doesn't need a very high spec computer, especially if you install it using these sequel light database option. That's what I'm gonna do. The cervix proxy is very much like those that big server, except it doesn't have a user interface, but it supports all the main items active and passive that you might set up on the cervix civil. So when you start as epics proxy, it will ask the server for the configuration for any hosts that has been asked to monitor. So I will set up my hosts. These sings in the serve are to be monitored by this proxy. So when the proxy asks the server for information, wolf, a configuration serve out will tell it your monitoring these hosts and these are the items need to monitor whether they're active or passive. Okay, so let's install the proxy. Okay, so on my documentation page, I got lots of different scripts. City newspaper, operating system. I'm using rasp in and I'm using Zeb IX five. So I'm gonna use these. Commence here, and it's raz being buster. And I know it's for us being Buster because by type of host name control, it tells me Roz Bian Buster, let's get D repository. Que pseudo civics five Ross be in lace buster. I am excellent. Let's install the package A PC update. Now I'm gonna install those epics Proxy ones epics Proxy Secret Life three. Which is the easiest to sit up. If you install the mask, your the post grades version, you will also need to install the scammer and set your database up with secret like three. You don't have to install Schemer. It's optional, but I just go straight to a pseudo a B t install. Zeb bakes Proxy sequel Lights free so pseudo a p T install Z Vex proxy Askew like three Okay, now to edit the configuration form their dire all right ex proxy card. Now, just to be sure, the Zab its proxy is more similar to the cervix server than it is to his Have excited. It is not a septics agent waken installers at vexation on the cervix Proxim ordered in the next video, but right now, that's important. Tonight there's ABC's Proxies, more like a server than anything else. So there's the configuration now. The proxy mode. I'm gonna leave his default zero that is, active motor. The proxy will be making active checks to the Slavic server, asking for configurations. This means we don't have to edit the firewall and make any specific rules for it. If you were to use passive mode, that and that means there's Sebik Server will be sending caused directly to the proxy, and you'll need ever firewall rule for that. So I'm turning off on my football were also I'm leaving. My approximate zero server is six. Is that my host name. It is just that Ross P poem can lead to listen. Ports Defoe Next thing database. Since I'm using sq light three, I need to write the four name of a database here. I'm gonna put the temp photo temp's epics. Proxy db If I restart my server, that file will be recreated. Next time there's ethics. Proxies started the cervix proxy anne stores. I mean, it or two of data is a cache of data that is just being relayed through it. And if it doesn't need a daughter anymore, it deletes it. The user is Zab ICS. Okay. And now the other important thing to know is the frequency of how often the proxy gets his updates from the servant. It will update its local cash, both posts and items that its monitoring once every hour. We can change that if we like, but it's unnecessary. It will get a conflict when you first started up. And we can also enter a special command, which I'll show you later to re fish the confident cash in case we change any settings in the u I. And we want the rasp reply to instantly be updated If you have this value to low, it has put unnecessary strain on your proxy and server. Unless you're editing the configurations on your proxies continually 24 hours a day, once an hour is actually OK, but I'll show you how to update the conflict when you need to. Anyway, without changing that sitting around control X Yes, pseudo the tzar Bix Proxy start Now, the first time you start this it can take a little while because it has to build the database that I didn't run the dead cat command pseudo service is of X proxy status. There we go and it's running now. Next step is going to the fabrics, user interface administration proxies and we're going to add the proxy information here. Create proxy. I'm going to call it Ross Berry Pie. It's active by default, and that's all I need to do. That name is the same as the name in the configuration at now. We should just wait. That is last seen to update So ply ply no ago. Last seen three seconds ago This will very check once every 60 seconds. That sitting is also in the proxy configuration here in heart beat frequency. If you want to change that. Excellent. Now that's your proxy. That figured in Zab ICS is ABC's in and knows about that proxy. If you were to go to a host configuration highest such as this one a year, you can now say, monitored by proxy and shoes. Raspberry pi. I'm not going to that in this video just yet, because that's quite a lot of information taking already. If you've never done before the next video, I'm going to stores epics agent on the raspy pie as well. So we'll have to process is wearing in this raspberry pi. The proxy and the agent and the agent will be used to monitor brass people. And then, after stunned, I'll reconfigure all these to use the proxy. Excellent. 19. Configure Zabbix Agent on the Zabbix Proxy: Okay, so this time I'm going to install an agent on my rods before this is different and the cervix proxy processes just tonight, unlike any other. Let's do that. I already have downloaded and installed the package from before when I did the proxy. So I lean into just stall Zeb, ex agent. Okay. As you can see here, it's important that you have the right agent fuel operating system. So let's edit the configuration for time. Well, the serve our is 1 27 001 This agent, we'll be talking directly to the proxy, and that happens to be on the same computer. But my active chicks most again did the same thing is going to send its active checks. And by the proxy, which is 1 27 001 The host name Also Ross Reply. Now that's the same night, Miss my proxy in the public's user interface, but doesn't matter. This is referencing the agent, which I'm calling Ross people as well. I'm not order discovering this agent. You can experiment with that if you like. You could do like we did before with the host metadata. I'm doing this manually because I want to show what is exactly needed for it to work. Control X. Yes, Saif. Before I raced out the agent, I'm going to just configure it in the cervix front. End it. So my raspy pies on Anyway, the configuration hosts, that's credit new host, and I'm gonna call it Raspy Pie. Gonna put it into the Topix service group. The interface will be 1 27 001 on 100 50 and it's monitored by proxy. So that's the address that is gonna be sending passive checks to on the perspective of the raspberry pi proxy. Doesn't matter that they the same time. This is the agent. That's the proxy templates Is epics offering systems. I can either choose lan explosive ex agent or the agent active. I can't choose boys because otherwise I'll get cheap like it. There is I shall it to select, just to add to his agent host name already exist. Sunrise reply inherited from another templates. So just delete the one you don't want. I'm going to use active chicks where the Asian is gonna be sending directly to the proxy at like so now the raspberry pi hosts information has been added and you can see is monitored by Raspy Point. That's the Proxicom. Now our proxy doesn't know that there is a new host that it needs to monitor. So let's do a conflict. Cash relied on the proxy. That's the command. Their pseudo is their bigs. Proxy are convict, cache, Reload. I means runtime command. And that's the command that will tell the proxy to get its information from the server rather than waiting for the next Tom Moran, which could be an air away command sent successfully. It now knows about the agent, but the agent hasn't been started yet. So start the agent and chickens status cases running. Let's check the status of the proxy as well, and that is running. And just night you can see the cervix proxy configuration location written there. Never look at this again. It's not showing us active yet. That's because I don't have any passive chicks enabled. But let's just first look at a later starter. Say what? Do we see anything? There's nothing in latest started yet. All right, So OK, so eventually, after a minute, I got some data, it can take the little wall initially, but we can see all the daughter from the active checks now, sir. Monitoring how artists? There's my raspberry pi agent. It's not showing available year because I don't actually have any passive checks are. But since I'm connecting to it by the proxy, I don't need to create a firewall rule in order to get a passive check to it. So I'm gonna add a passive chick. Now click that and configuration items. Let's go down to these individual disabled passive chick just there and enable it just by clicking the disabled link and that now go back toothy or hosts list rats before I. Once again, the proxy doesn't know that there is a new item that it needs to check because it hasn't up that it is cash, possibly in the last day or so, I should rely on the cash za picks proxy are convict cash relied and after, say, 30 seconds, it starts to show now green, so that availability works now. Another thing that also works now that you're connecting by the proxy is before I showed that you can't check now anything that is active, but he couldn't execute that now. But she could do passive checks. For example, this system local time he is. This is a passive chick. You could do execute now only if that was on the same network or you had a firewall rule set up. But now that's going via a proxy that will work. Execute Now I go request, sent successfully. So that's one of the benefits you get by now using a proxy and you don't have to have the firewall configured. So it was. Get into monitoring hosts and we can see that the raspberry pi is joining available. It has active and passive chicks, no firewall rules, and it's connected via the proxy, so we can look at that in the configuration. Monitored by proxy was an agent monitored by a proxy that accepts to be on the same computer that we won 27 001 So the next video every point all of these existing agents to use the raspberry pi because right now they are all showing not available, especially desktop. The Mac, they're switched on you bunny. The Emmy switched off sites on available anyway, but also we set on, and the centers hasn't been configured for any passive checks yet, so we'll see that being green as well. Excellent 20. Reconfigure Zabbix Agents to use Zabbix Proxy: but this video I'm gonna reconfigure these agents tall, communicate by the proxy I've already done. Do you run to 20 VM? I'll demonstrate reconfiguring the Windows 10 in the Mac OS six and in the centres and the sent us is being auto registered. So we should see how that affects order. Registration once every started that. But these other to the windows and the Mac and you plan to I said, These are men nearly and this door, many manually and in the cervix. See why we can see did the You bunter Here is grain It's available on That's it's address from the perspective of the Wrath report proxy. So now I will do the Windows machine us this machine. I'm actually using trees to got the external interface selected. Okay, so the first thing I want to do configuration monitored by proxy Raspberry pi The agent interface from the perspective of the proxy will be the host name. It's like DNS Impress update. OK, let's open the configuration for my windows Agent. I've got it open in visual studio code. It's gonna change. The server now equals raspberry pi Osprey point Super active also equals Ross big boy. And that's the host. Time has a choice. Eso saved that past manager services and restart running the raspberry pi proxy doesn't yet know about this new agent, so I must to a convict cache reload. There it is. If you ever forget what that command is, you can just talk this h for help and it's up here. Ah, Runtime control Conflict cache Reload Relied the configuration cash. Okay, so let's look at the hosts monitoring heists and the desktop is now showing green availability because it's at least one passive chick. And that's the interface address. From the perspective of the raspberry pi proxy, I decided a command prompt on my windows. If you have problems connecting one thing you can Troy's pinging their proxy from your post that you Chinaman is also ping bras. Berry pie. I don't know. My host confined the raspy pie. Okay, the next one I'll do is the Mac OS six. I saw the insight into my Mac here that's edit. The configuration is a local e T c z Bix is exciting content. Sit e The thing. Hi. Just a proxy There were active, Ross replied. This name remains unchanged. No X. Yes. And we have to restart on a Mac. That's this command pseudo launch control. Unload. And then you point to the P list for and then reload that. Okay, let's go into deserve X. You are artists. Oh, I Mac. Now to update it from the perspective of the raspberry pi proxy cases, Morris A by proxy, the address no longer that it will be a that name. I can check the host name on the Mac. Okay, but so it ain't definite there. And the port will be 10050 members from the perspective of the raspberry pi slick Penis update on the raspberry pi we need to reach like the convict cash. The first told to show that I can actually ping that Mac from the raspberry pi. There we go, Control. See this conflict cache? Reload! There we go. That's done. That's over. The monitoring hosts. Okay, so I mac yet it's available. It's the last one to do now is thesis. Enter us seven of'em. I don't have any passing checks on it. That's not actually ever gonna show green there until I do that. But also my interface dresses wrong. Since this one was auto registered. Let's reconfigure it and restarted and see what happens. Okay, so this is the Santos. Let's edit the configuration fall. Sedona agencies, Epics of exciting content. Okay, rustic, point us. Now, I could also have this habit start showing. Was he dot com name? I only have two or more dresses and server active. If you actually want to manage more than one host record. Insides epic. See why I'm gonna gonna do one. And that is by the proxy in that war. Main less work for May. And of course, I have a value with most metadata that I'm using as partly auto registrations grow extra size. Yes. Okay. Okay. So that's Ray started now. Night of the proxy doesn't yet know about the centers. Seven b m. But what I started up it's going to make an actual check to the proxy, which is going to forward it onto the Zivic server and this epic service. Gonna respond back. It says, Okay. Eso pseudo service of exciting race time. Okay, so now if we just least give it 10 20 seconds or something. Look at that. Look at the configuration the configuration has added a new interface for us one onto 1681 There are non. This is from the perspective of the rods people. It's also said monitored by proxy. This original interface here is no longer nated or applicable. Weaken delayed that. And to do that will be to Lake DeLay and just copy that across to their that across to the impress removed. And I'll tell the proxy to use DNS because my D H C P server may decide to change your i p address at some point. So subtle. Seven PM Harm DNS Ross B. Boy Update. Excellent. Now to give it at least one passive chick items. That's this one here that's disabled The system, like with Tom Not so enabled. It's to Michael time. Very good. Just give us some time. Very good. So monitoring hosts there the proxy since it's cash only updates once an hour. I'm gonna have to refresh it because I just enabled a new item and the proxy doesn't know anything about it. My God, that's so that again. Okay. All right. So it's been some time since I made the configuration and my proxy still cannot communicate with the sent us doing passive chicks says he's cental seven b. M. I'm 100 50. No route to host because I go into my raspberry pi and I'll try and tell net to that most port 100 50 Excess What the agents listening on tone it. Settle seven B and Monte Rosa of 50. This is no never to host a came by that the Asians not running on the sent us or he has a firewall blocking. Okay, so I'm on my sent us there is a viable on it. I need to add a firewall role. So I come this what ports ripen already in Iran to me. So I'm gonna add one per minute at a port 100 50 TCP Can I success now? I need to reload success and then trying again from the proxy telling it. Like I said, I've been telling into the port Say Okay, So back on the cervix, you toilets. Mike, I quick passive chick or force one system local time. Execute now. Okay, I'll look who's epics enabled. There we go. So I could now say impassive chicks to my sent us seven as well. That's the configuration. Rosberg boy sent all 7 p.m. and s. Very good. So all those hosts 12345 or all Communicating by the proxy There's a combination of active checks, impassive chicks, Excellent. 21. Ensure Zabbix Agent and/or Proxy Auto Starts After Reboot: okay, Something. I haven't mentioned it on lilacs. Servers. If you reboot the server thes Abbott's agent. Want what? Oh, start. It's the same with his epics. Proxy. So very quickly I show you how to do that. Cases my raspberry pi. I'm just gonna make sure the agent restarts if I reboot good and also the proxy good. And on my bun too. Don't. And on the centers and studio system of control enables have exhortation dot service. Excellent. And I've already done it on my server and other agents as well. The Windows and the Mac. They are already started by default on system reboot anyway, so OK, excellent. 22. Enable PSK Encryption for Zabbix Agents: So why is a big serve? Our is on the Internet, which means I need to take encryption more seriously. I've installed an SSL certificate on the front end. Yeah, and you can see the certificate is valid. But this certificate is only for what we're seeing on the front end. So everything over port for 43 the html basically in a dollar being sent back boards between the that she server. In my case, 06 of a process. And the agent and a proxy here are all communicating on different ports. 100 50 51 52 etcetera. Three information traveling on those ports is not encrypted, so we can use peace K encryption for that. So O Shea had us set up ps k encryption. First off, I'll do it for these two agents here, which are also on the Internet and communicating directly with more civic. So don't look at a nation here first. What I'll do is Michael Final server configuration. Over here, there's an option for encryption. I'm gonna slate connection to hosting PS K and connections from host being pissed. K suspense gave both ways only two parameters. The identity end this secret, but we're going to my server, nail refined, and I'm gonna create a secret. First, I'm going to create myself a home folder for his ethics. I don't have one yet. So the D Home Mike directory, Zab ICS like that. See, day that makes I mean, I'm gonna quite a secret, which is basically just a random number using openness is so and nobody is that command there. And I'm going to write it straight to a four like So. Okay, now, just look at that. They could escape. And that's the random number. That's a 256 bit random number that consists of 64 hicks identical digits. So basically, that's a very large number, but you'll never guess. And here's another example here on the specifics documentation. The number has to be within a range, other minimum or maximum. So the minimum is 128 bit was 16 bytes long, or 2048 bit, which is 256 bytes long. My example is a 32 by P escape. That's 256 bits long 64 x identical digits. You know it's well and truly in between the range. Their dog just generated a 256 bit number there. Like I said, just remember that that's the path of the Father Holmes. A big secret Doc Pierce case. So this is copy that number and add it to the field for the secret. And that's it. They're the secret started Mozambique server here and accessible by the U I and also installed on the server running the agent. It's not transferred across the Internet. What is transferred across the Internet is the identity. So you need to come up with something you can have anything you like, but the identity part is not encrypted. So don't put anything sensitive in there. And so I'm just going to use something that is already known. I'm just gonna say, Refiner, but you could brought anything you liked now to press update Munger. Finest server now requires PS k. The communication both ways. So this is gonna break eventually because I haven't yet configure the Asian to use encryption. So read the file. They could Pierce K now to edit the configuration file for the agent. There we go sit on you know, 86 epics, Agent Cont and right at the bottom of the configuration file. So pace down a lot. I need to sit several properties here, right to the top of the tier list section and Kay Tillis related parameters. TLS connect the 1st 1 guys. That too. Tsk. And these are the options here. PS k TLS Except PS came Next ones Tillis ps K Identity. So I decided to call Cofina and the Tillis Pierce K fall, which is at I'm Plavix. Secret dog P s K control X Yes, case. That's also advisable that only those ABCs user can read this. You father, we just created the secret piss case. So they're here. We can change the owner. Zab IX z bix secret dot pay sky. But if we take that now, Ellis l hate Tous Owner is a Bix Cervix in the group as well. Then we need to change the access permissions using CH model C H Mart 640 Secret Pierce K. And if I do ls I'll height again? I'm a guy. Read. Write raid, honey for those epic's epics. Excellent. Let's restart this ethics agent. I can't really stop we can check its status excellence. All good. If you had a problem there, the agent wouldn't actually start. Let's go back to the You are now. That was pretty easy for me. There were no issues. It'll often you will get issues doing this yourself. So one option you have is to just double check the log files. So, tail tail, if bar law Zab, Zab ICS agent log and just see if there's anything there and the same on the server as well . So that was a good That's payscale encryption for Migra. Final service to that communication happened between my agent or my go find a server. And the server process on my cervix ever is now also encrypted. I'm not gonna do that from other servers. Well, excellent. 23. Enable PSK Encryption for Zabbix Proxy: Okay, so PS K encryption Now in regards to a proxy, I could also add Piers K encryption to all of the hosts behind the proxy and configure it beside the front end, and any message being sent or to and from the server would be encrypted. But actually you would only be encrypted between the host and the proxy. When the proxy starts up or gets his configuration, you will also download any information it has about PS K from the server. So the proxy will also have a copy of the secret locally, and so the only communications that will be encrypted are between the proxy and the agent. The communications between the proxy and the server will remain unencrypted. So another important point is encryption adds a little bit of lightened see to each message because it has to encrypt and de encrypt. So it's unnecessary to add encryption on all these hosts behind the firewall. Instead, you had encryption between the proxy and the server. Just the point. It's only unnecessary unless your corporate security policy says it must also be encrypted . But for me, it's unnecessary. Yali encryption I want is on this fruit here between the cervix proxy and the server. Because anything happening in here is basically a day Miller, Troy's son. So to configure encryption on the cervix proxy, we need to do like, this s o administration proxies. This is more proxy information here. Encryption is none. So if we just edit that press encryption up here, but the same options basically tsk. My proxy is running in active only, which is default. So Pierce K Identity. I'm just gonna call it raspberry pi. Call it anything you like. That's already known information. So it doesn't matter if that's going to be sent across the network in the P S k. Same thing, a random number. It's generate one. Okay. Same thing on my proxy. I'm gonna creditor. I'm fold offers epics. Okay, so energies think. Okay, CD. But this time, instead of out putting to a text fall, I'm just going to generate the number by itself, just like that. Like I NST random number. It's gonna make sure that's in the buffa. Now, I'm gonna dude over there and are a crit ps k and to space that and control X save use. Okay, so cat secret dot Pierce Co. And that's it. There need to change Shiina to the Zab excuse on this ethics group kind to add pseudo. And on a two, modify the permissions. Sudar, There we go. Okay. And then we go raid right rate on Eva's epic's epics, Clint. Okay, this secret goes into the user interface. There is raspberry pi boy identity and enforcing pace came. I can't multiple, but I'm a force payscale. It's the same thing is before I'm ensuring the communications encrypted. And I'm also ensuring that only one raspberry pi connected for doing this. Or I could create another service somewhere. Set up a cervix proxy, give it the host name of raspberry pi and connect to my zbig start. Sean was here and download the configurations, and I couldn't stop it unless I credit some firewall rule. But with the PS k. You can't do that unless you have a copy of the secret, which I'm gonna change after I have finished this video. So update that encryption PS K, I'm gonna lose connection with proxy. So let's compute the proxy. That's the proxy configuration. A dead end to the bottom and scroll up. Okay. Very Tillis, connect now the proxy should connect to the cervix server used for an active proxy ago, Sir Tillis act Pius came Tillis, except is not record for us. Used the passive proxies. But I'm gonna set it anyway. Just in case anything changes the Tillis ps k identity because raspberry pi deal is Pierce K file Arms ethics Secret pay sky. Yes. And restart. Ray, stop. Okay, check the status. Okay. If there was a problem, the proxy wouldn't have started back in the u I. Let's have a look. Last seen six seconds ago. Seen five lasting one. Oh, seems good. That's working. Could the hosts and see whether stunning issues I don't have the centre also your bodies we shot at the moment. So no concerned about that. But everything else seems to be working quite well. This top raspberry pi The Mac Slive ago buys epic server. These three lines of communication now are all encrypted. And that was unnecessary to add Pierce K for these hosts here. Now, if you did have Pierce k Tau, all these hosts and your didn't encrypt is Eriks Proxy communications and credit hours several internet and pretended to bathe at Zab ICS proxy with same highest name. You would get a copy off the configuration on the server because of server hadn't verified that you are the correct proxy. And that response would contain the encryption keys for all these hosts. So I suggest that's the first thing that you do encrypting between the proxy and the server . Okay, Excellent. And everything's still good. 24. Creating Host Items: Okay, so let's look at items will create some items manually. I'm gonna use a Windows 10 host that I installed. It's the Windows 10 VM. You can use any post you like. If you want a Windows 10 VM like I've got. I installed it from market soft here. Virtual machines. This virtual box option here, it's M S Edge win. Just note the network setting. This needs to be bridged. Adapt us so that you get an I P address on your network. When you first install it, you want to do a lot of updates. I could take quite a while, but that's all done. Now when you install a cervix agent, don't forget to set the firewall. It occurred if I will roll for in band rules and check that it's running and if you wanna are they pay to your virtual machine. Remote desktop sittings just have enabled remote desktop on end in Oracle virtual box. He has an option to start headless. This is all optional if you want. Perhaps you ever spare Windows computer. You want to use all you want to use. The original Windows computer doesn't matter also because it's sort of been covered When I set up my M s edge win host here, I auto registered it. My agent configuration here. Server raspberry pi because managed by the proxy server Active raspberry pi, nice name and the host metadata here I've just credit windows in za bix configuration actions are credit a new action auto add Windows hosts. And this time, the only things that does is heads the host and as the host of the Windows Service, it doesn't assign any templates. What we're gonna do is create items manually on this computer. Okay, so I look at the host again. A message when it's all configured correctly, has managed father proxy so it doesn't show any availability. It also doesn't have any graphs or screens pre built. It doesn't have any items, morning triggers or any discovery rules assigned it. Also, let's look at it configuration. No templates assigned. It'll the items. No items when you were sort of template. That's where the items come from. Templates also contained triggers often, and they'll also often contain discovery rules which also create items dynamically. They can contain more graphs and Web scenarios as well. For look at one of the other hosts where I did a sign, a template, This computer There are lives of autumns now 141. Many of them were credit from discovery rules in a lot of them, just directly from assaulting a template here. May the autumns of this host or agent active the settings for each of the autumn can be looked at total memory. Here we could look at that. We could see that the decide, um, with this great out boxes was credit from this template, which was credit from this template. And these are some of the sittings, the weaken weaken, I varietal. Inspect is a good way toe understand what is actually going on behind. But that's a lot of information to take in if you've never seen this before. So I'm gonna start off just like reading a couple of items manually back on to our host a message when him configuration items, I'm gonna cry our first autumn. That will be a passive check. So up here, my Colette, a za Bix Agent Ping, the type well, Bay zero Bix Agent, this is a passive chick and the key, depending on which type we have selected will get different options in this list. Here will be agent dot ping Quite a lot to choose from. If you want to know what any of these things are, you can find it in the officials. ABC's Documentations have excited here. Just search for using the Web search tour Agent Ping, agent availability chick. Then you can read all about many different default in bill items on this page, so I'm gonna select agent. That's it. That's the key. And that's D function that is getting the data for this autumn. The host interface is already configured. Top of information is numeric. The American sign means it's a number from zero upwards. If your response is likely to be a number containing negative values, then use numeric float that supports negative numbers. If it's a text, you can use other text log or a character for this one. I'm using the American side not going to set years. That's optional updates. Once a minute, every minute this item, Agent Ping will be called on this host looking for data. I can keep the data for 90 days or seven days or even one day. If I wanted and we can create trends. And I can create trends for a period of 365 days. Okay, that is all we need to do, right? I want to show you. Anyway, I'm going to create a new application called status. And that application named Status will be tagged to our item and will be able to filter. They're later started by that application. Name caught status. Okay, we can put a description if we like. That's enough for now. Okay, so we have one item on our host. A message. When? 10. This host is behind a proxy to proxy because I've got it set as updating once every hour. Doesn't yet know about this new item that it should be running. So on the proxy. Sudan's epics proxy our conflict cache Reload. Yeah, within a minute. We should have some Dato zap fixation because it's a passive check. I could also say execute now on older versions off his ethics that used to be called check . Now it's called Execute Nana. Request sent successfully monitoring latest starter built by l host a message within a ploy and then go last value equals one. Remember that doesn't work for you should away, especially go inbound rules. Sit on your Windows firewall anyway, that is all good. If I looked at the hosts again, a message win because it's a passive check. It's now showing availability. Green and I have one item. That's Craig. Two more items, these ones will be active chicks. Okay, so a message When config items Kurt in autumn this one I will call used space. See Dr Cervix Agent active and the key will Bay. It shows the active autumns well. Bay Kobe v fs fs Far system dot size disk space in bites or in percentage from title returns and interject for bites. Float or percentage. No eso vfx start fs starts size If we search for that via fest artifice on this page, it shows me of the f est artifice discovery get I knowed size this space in bites or in percentage from total. And this is how you use it vfx that if they start size, you kind of put of older or the name off a drive and then another perimeter describing what you want. Free title used that sent free that's 80% free or percent used on older versions of Zapp Bix in order templates. You may see it written like that. VFX start if it stopped free. But now it's via fist. RFs start size comma, Trey. There we go. So my file system will be C colon. Hey, don't Windows mode used because it is used there, Used there as well. All right, that's good type is new. American sign can be zero or above units, Aiken, actually sit that to be boats. My update interval. One minute, ocular for seven days. My application alcohol file system this time Clear, because the status is there from the last autumn and everything else is OK at. Okay, now, the proxy doesn't yet know about this, but I won't refresh the proxy cash right now. It's said. Oh, crate the third item. So let's just get back into this one. Used space. See, Dr. And down here, there's a clone option. So Chris clone and it's just created a copy of that item. So I've got three items now, but we haven't saved it yet. I'm gonna rename it to total space. See, Dr, you will also be active. The F s d t will be turtle for the C driver. The Americans signed by its update Interval. One minute. I mean, that is optional. We're just helping to tell the system when it displays it that it's bought seven days ball system. Very good ad. Okay, so we have three items manually. Credit on this post now, because they're active chicks. We can't check now on those. Oh, execute now. Wrong item type. It's only possible with these passive item types to check now, but yet still out. Proxy doesn't yet know about these new autumns. So let's refresh the proxy done. If I got a monitoring latest starter and we just a little patient, we should start seeing some daughter and last value. They would go for two gigabytes total space on the C drive and 21 gigabytes free. Excellent. That configuration posts. There we go, a message when we've just credit items manually, we don't have to use templates when you add servers to be monitored. His epics the templates provided in cervix are very good, but there's loads of information and a lot of it won't actually suit your use case. So there is a benefit actually creating things manually or even assigning a template, for example, on this desktop and disabling everything that you don't need. If you have 100 hosts and they've all got this template assigned, that's a lot of unnecessary work on those epic server. Only you will know what you want from your monitoring, but it's good to just look at all these things individually from time to time and little slowly sink into your head. What All these things are access. Just a lot of information taking in the beginning. Okay, and that was my Windows 10 a.m. And you can do that, too, if you want. 25. Creating Host Triggers: Let's look at a trigger nail. A simple trigger would be first on the global view. Here, topics is problems pine here these Airil created from triggers. When that item gets beyond a certain range or value or threshold, you can have a trigger, some kind of alert or information that you can use. And you should told I stinks. Problems. So quite a few things of heaven now. A lot of these things are created from the templates that were assigned earlier French of these hosts. But I'm gonna show you how to credit trigger manually. If we look at one of these hosts with all these triggers, for example, this one once again, that's a lot of information taking. If you have never seen it before. Basically, every time an item that has a trigger attached to it gets new daughter, the trigger will be run and checked against the daughter in the autumn. So I mean, you can look at days and learn all about triggers. It's a beauty, but I'll show you how to create one cane. Several credit trigger for this host here M s edge win 10. Will I want to know when it goes off line because right now I don't have any triggers on a look Configuration triggers because I didn't assign any templates to us, So I don't have any pre defined triggers. I'm gonna have to create one manually. So cry, trigger. I'm gonna call it Zab. Ex agent is not available. The severity. I'm going to choose disaster. We confuse what? Everyone. We will configure these later, but we can make them send out email alerts or SMS or slack alerts or telegram alerts. Many choices. Now, this is the expression that will run for our item. Donna, every time I get new daughter in the autumn. So, Chris, ad the item I want toe trigger on is deserving. Agent Ping function is a lot of functions to choose from here. I'm going to use no daughter, no data received urine, period of time to If there was no data for that period of time, it'll equal one which equals true or zero false and the motors default, which is strict. Ignore proxy time delay in sending down. Okay, so I'm gonna choose 120 seconds. Okay. So just look at this in the documentation. So on this page supported trigger functions. We got into no data. There is no data records seconds and Mart does says the period should not be less than 30 seconds because the history sinker process calculates dysfunctional every 30 seconds. Okay, now result he calls one. Okay, so no data 120 seconds equals True. I could also say not equal to zero, because that would equal the same thing. I was gonna go equals one. Okay, that's good insert. That's the expression. Everything else we can leave his Defoe now. Press ad. OK, so that's our first trigger there. Vexation not available for 120 seconds. So if that ever becomes true, we'll see a new entry in this problems pain. And we'll also ctm monitoring problems. So let's try and trigger that. I'm gonna turn off this serving now. Shut down. Excellent. Now wait for two minutes or 2.5 minutes and we should see a problem here, so I'm gonna fast for the video while we wait for that. Okay. Disaster problem. A message. When 10 06 agent is not available. That also shows up on this page a message When? If It's not available. So says up here. One disaster. Run him. Okay, so let's get into the problems. Monitoring problems here and just behind my head here in the AC column, but clicks that I can acknowledge the problem. OK, so acknowledge. I can leave it commenting for one, That problem has now been acknowledged. And if I that I can see it was acknowledged. Boy, the administrator to that time, I'm gonna switch the server back on time. Headless. Stop! So I'm doing it now on his way. A small amount of time. That problem will be resolved. Okay, The problem is now resolved. Figuration triggers. And that was the trigger that we just crowded. And the current value was okay. No daughter for 120 seconds. Excellent. 26. Creating Host Graphs: So in this video, O shea correct graph brown new host that were crowding sick spaniel E for S. O. M s edge win configuration items I have gone and credits more items. And as a good exercise for you, you should do this to this will make the graph much more interesting. Now we credit ping total and use space already. You should create these other five items CPU utilization in the memory ones. You can see here these settings for the key and the name is another screen that you could pause the video on. So they're also shows you the type that the data type was in the American signed or a numeric float. And also which application. So you should add the application to your crate items screen and to show you what one of those looks like CPU utilization 15 minutes and it goes just that's the name That's the key . That's the type numeric float CPU you may need to add The new application are typing it seven days 3 65 update interval. One minute you can add it. And once that is all good should start seeing data coming from your host many, many different values. Now when you're crowding items manually, you will make typos or your do various things. You make various mistakes. Configuration hosts items in the status column It might say UN supported Ironman supported by default nine supported item won't be rechecked for another 10 minutes. So if you discovered the humane A mistake like you did a typo in your key, for instance, or use incompatible data type in order to make the system recheck that value faster. Remember their active checks. We can't do execute now on an active chick. One thing you can change is down here. Administration general in the struck down other There is not Bosnia. Refresh on supporter items Do folk is 10 minutes may want to change just one minute warrior messing around and then put it back to 10 minutes later on if you want. Otherwise you will get unsupported items and the system will just keep re checking them every one minute when it might not be necessary. But you can put that back to 10. Best to default. So monitoring later. Starter. So this is optional. You don't have to create these extra items if you want but your graph will just be more interesting. For example, will credit graph on CPU utilization it would be something like that display stacked graph . We'll credit graph like that so that we don't have to keep going into later starter and selecting those boxes and creating that graph. And you can see his CPU utilization averaged over 15 minutes over five minutes in one minute and the aggregation of the 15 minutes in the five minutes that's just already set in the the item here. And just if you want to read more about each of these items to Skopje that it there, go to the official documentation breast control FC, get thes search on the browser and then give'em memory size and can read about the different possible modes. Once a mode default is total, but you can put active and on buffers cashed except file free. Same thing was system CPU. You copy that all discovered that you'd see all the our options. Go systems CPU. It goes quite a lot of different options for system CPU. I'll be using a system CPU. You two gonna have all see pews or selected number 01234 type idol. Nice user, which is the default cetera. Mode average one, which is default average five on average. 15. But some doing here average five. An average 15 returns a numeric float because it could be one point. Deeks, for example. Anyway, that's Rick Ragged Achraf as part off the most. So I don't have to keep manually creating it. Like so. Okay, so configuration hosts for my host a message when Braff's there. Credit graph Name CPU utilization with Sonat. That's self explanatory. Graph type normal stacked poi or exploded. Normal Show legend? Yes. Working time? Yes. Triggers. Yes. If we had any triggers monitoring those items would see that the trigger thresholds written on the graph is Well, believe all those 64. Okay, now, which items do we shone? A graph ad M s it when? 10 CPU, CPU, CPU, select. We can change their colors and we can change the drawer. Star line dot desk lan Petra. So this is a simple graph. Add CPU utilization. Now, if you wanna look at that monitoring hosts, we now have the opportunity and graphs one so we could just select that. And one graph appears we can change the line style if we like what it could be field or that with radiant, we could zoom into it like that. Well, look at the last five minutes or we can show the filter or remove the filters useful if we have too many graphs being drawn. So this chronograph figuration hosts grafts. Credit graph memory. I'm saying graph type normal This Just add the autumns memory. Select and add monitoring. I got two grafs Now, now I can select just one of the graphs pull the yellow or just both. Like Sir, Now you should experiment with all those sittings in the graph projection screen. You know, that's manually credit grass on our house and those items that we have on our heist. Now I think a pretty good, simple set of islands that you should have. When will your hosts? Although we could create more drives if you want. I was more drives. This is Zbig Spree much at its simplest. Well, Mike, it much more complicated as we go on. And if you want, you can cry. A graph for dis expects Izabal peeling as a black sauce. Excellent 27. Use The Email Media Type And Create A Send Only SMTP Server: we're not demonstrated triggers, and we saw the problems appear and disappear in the list in our city of watching the problems. Pain here and I could also be watching this problems screen here. We can also get alerts through other systems, such as email or SMS or slack or telegram. There's millions, so I'll show you how to at least get e mails now when you have a problem and you want to get an email for that. So if we look in administration media types, these are a whole bunch of media types that SAB X provides, and you'll have to configure agent every one of these. If you wanted to use any of these, they're all enabled by default, but none of them actually will do anything. But in this example, I'll show you how to actually use email. When you click email, you got the option to enter an SMTP server. If you already have a corporate SMTP civil, you should just use that mail dot your company dot com. But if you don't have one, I'll show you how to use this epic Serve our as an SMTP server as well. For that always a program called Post Fix. So on a Bantu, that's the line. You can run it on center, assess the line you can run. So I'm using about two on my my ZBIG server right now. Pseudo ape 18. Still mail you tills? Yes. Okay, so this is now helping us set up in SMTP civil, and I'm going to set it up as a send on the SMTP. So this several Lonnie send emails from this server, it won't be a relay for any other server. So the choice here, just a press, okay. And impress Internet site, which is the default press. Okay. Or enter now for the fully qualified domain name. That's this one here now to enter the fully qualified domain name and it's already done that for me. Okay, So okay, because it's done. Now, we have to also just edit the configuration file So you don't know 80. See posts, pics main sea of and just scroll down. Okay, so my host name is or even sits every start. Sharma zero concepts. Perfect. Okay, So for our net interfaces, type in Luke back life and only it's will ensure that only this server consent a mouse because otherwise another service gonna connect your server and send spam or something. So they were just making sure the only this civic and do it I net protocols I p the four. Now you can use IPTV six as well Or just leave it as all but I find that some email providers will reject by PV six if you haven't set it up correctly. Well, if you haven't severe SMTP server correctly But I'm just keeping this nicer simple control x to save Yes, naturally start pseudo service post fix, restart. And so and like a ticket status can it's good KLIA Now let's actually test My SMTP server can actually send an email by echo part set to mail This this is the sub yet I when ad men at suffix own wazir dot com to whichever email address you wanna send that too. Okay, Excellent. Now about my email. Well, my Gmail And there it is in my inbox. Well, in my spam mail photo that men, this is the subject message body. That's why this road message body. So at least I'm getting a miles now from my SMTP seven Gmail has allowed me to do that. All right, so let's now tip that happens. Epics, media types, email. SMTP server It's gonna be 1 $27. 001 Port 25 SMTP Helo Those epics that show mercy dot com the sender email Add minute cervix Sharma's It'll come. Just leave everything else. Plain text description Update enabled. Martin, we could test that again. Send to test subject. This is the message from cervix UK media type test successful. And if I open my spam inbox again Well, there we go from administers epics that Sean was He don't come. I can report is not Spain. And this is the test message from its epic. So that's working now. I'm not fussed that this is going in my spam folder because I'm yeah, only person who really cares about these emails. And I can credit role in my Gmail to sort those out. So but if you want a proper email SMTP server, you can probably buy one for, like, probably $1 a month, maybe from somewhere. Okay, cancel that. Now I'm going to disable all of these and just enabled the one that I'm using. Let go. Just email Okay, so now it's time to look at the actions that will get called whenever a trigger is triggered. So configuration actions and in this top drop down here trigger actions. These are the actual get cold whenever trigger happens. Right now, the action it's already pre configured in the default system is report problems to cervix administrators using all the media that is enabled. This action is disabled by default, so went in to enable it. If we don't enable that, we won't actually getting emails sort of system or SMS or anything else, such as slack or telegram, we can look at this rule if you like action, it's an action. There's no conditions is just whenever the system calls it operations, send a message to user groups. Zab ICS administrators, viral media immediately. That's all good. Basically, that is going to just look through which ever maybe a types my administrator user has. It's just add one. A my oh, I could add Mawr administrator a mouse if I liked Citro but don't have any way. And I'm only going to send emails on disaster pad and then update. Okay, so it's chick that media Okay, emails show mazir gmail dot com Yousef Severity equals disaster enabled, right? Configuration actions. Okay, so that's enabled. So now I'm gonna trigger that same alert that we set up where my M s edge win went off. I couldn't find it, So I'm gonna turn off, eh? Message right now. Okay, so it's a virtual machine. Pair off. Very good. And just white monitoring problems. And after a minute, I'm gonna fast forward this. I'll get in a mile, munch a mile here. Okay, So there's the disaster showing up in the problems monitoring problems in a voice. It has got the email from cervix as well. Let's have a little a mile. Problem is, a vexation is not available. Okay? Problem started at problem. Names at Vexation is unavailable. Most Emmis Edgerrin 10 disaster in some more information there. This information comes from a template. If we look at the media types, a mail message templates problem. This was the problem template that was used to that. Email problems started out of in time Event date. Event name, post host name. When a trigger is triggered, there's a whole lot of data that could be extracted and used elsewhere. and these things are called Mac Rose, and that's what's happening here. So if I go to the macros documentation, I can look up event dot time. This is ethics documentation control. If event dot time never go trigger based notifications and commands Problem update notifications. That's when it's available. Time of the event that triggered an action that we couldn't get that value. You nice curly braces there and print that in an email, he went dark time. We can also look at event dot name. Okay, event dot name, tour to ago trigger based notifications and commence problem of date notifications. Name of the problem of enter triggered in action so we could write anything like you know, ABC if we wanted to. And we could use different kinds of macro spares made truth from but not all macros are always available in a trigger. So to just make sure it's for trigger based notifications and commands Most host. So that's good. Now they're civil. Other templates here. Problem. Recovery. This is a template that will be used when ice, which my eh message went back on resolved in Aventura ation event name. It's pretty good as it is I don't have to update it. Okay, so alternate computer back on. Okay, so the message win there is headless. Stop. Very, very good. And let's go to monitoring problems. And we just wait for that to be resolved. And at the same time, I'll watch been Gmail. You know, fast forward the video. Okay. So resolved in four minutes, I guess resolved here in South Texas well resolved in four minutes is a vexation is not available. Problem has been resolved at time. Post M s. It went in severity. Was disaster the slope of that template again? A mile problem Recovery was host name event dot Severity You gonna see? You might. So that was a very simple is MTP server. And that works for May. And that works mostly because of the reverse. DNS. Look up, i e If I'm on a different server and I write host and it tells me No, I pay address and then I write host again with the high pay address. It resolves back to Zbig. Start shore Macedo, Come. That's a working reverse. Dennis, look up now. If you fuels epic server doesn't do that, then your emails are probably gonna be rejected at the email service. So you're trying to send to sort of make sure reverse DNs lookups work for your servant. You can check that the domain name that you have got exists in the hosts file. So cat you to see house. Okay, so Zbig start Showman's, you don't come That exists in my host for so you need to make sure if you're using digital ocean like I am in order to do that automatically when the server is built, you only have to just make sure that you have named you droplet the same. As what of your DNS name is gonna be So I got the DNs names Epic start Shulman's here. Come points to that. I pay address. So I've said it exactly the same Digital ocean and desolation is built. My server already with the host name configured. Very good. Another thing with your emails. If you have a corporate email SMTP server, I recommend using that. Avoiding the spam box is a very hard task and will take quite a lot of work to do. But right now I've just shown you how you can send emails using yours epic server. And that was a send only SMTP server. Excellent 28. Convert Host Items, Triggers and Graphs to a Template: Okay, so I've added another Windows 10 laptop here, and I auto registered it, using the same technique I did for the Windows 10 the M and that's it there. And when it was registered, I didn't assign it any templates either, the same as I did with them. A situation on the message wind down here with credit. Lots of autumns triggers, grabs, and it would be good to have exactly the same as does on the new desktop as well. Okay, So rather than crowding them all individually, I can actually just copy all of those across. But actually, the smartest thing to do would be to credit template that contains all of these items and triggers and graphs, and then just apply that to the new hosts and every new windows host that I want to have that template. So we go into items on the same. It's sediment where we credit them all manually. I can select the mall and press copy, and I can either copy to host groups like a Windows service, for example, or I could copy them all directly to the new host, or I could copy them to a new template I should credit new template because I haven't done that yet. Okay, so down here in templates, I'm going to create a new template. And I'm just gonna call it Windows by sick. Just for now, the group will be Windows service, and that's all I need to do. And And charities in the list doesn't contain any applications. Autumns triggers graphs. Now go back to the host filtering Just my windows service here, eh? Message win now in cervix five. If I copy to the new template here and just press copy, none of these applications will be copied across to the template. So it's new item example. These ones won't have any of these application properties copied across. Now, this is not essential to use this applications option here, but they're just very useful. For example, if I was to go to monitoring later starter, I can feel to just by the application status, for example, and what I get is all my hosts and just everything in status. So I could just quickly cried. I graph on the viability, but all my hosts, let's just why applications can be useful in your items. But anyway, let's go back to M s edge when here items and let's create these applications manually. So honest thing to do that first, this is the same for all earlier versions of his epics as well. But it may change in the future. It may be an option to do this sort of medically, but right now there isn't. Okay, so I'm just going to copy those applications to my template. This is my windows basic template. I just cried This new applications 1st 1 CPU boil system, memory and status. Your audio like that stayed here. So back to the host iMessage win items. Now, when I slicked that and I copy and I slipped money template windows by sick copy. Okay, I should see all the applications. Also in my new template, though, templates, windows, basic items eight end the applications have been sit. If I didn't move the applications first, they would all be just empty. Don't have to add to manually anyway. Later, if I decided I wanted them anyway. But that's all good. That template now has those items in it. Purse. Finish building this template. Go back to the host Frieda's. Let's copy that across. That's the one trigger that we credit for a message. When a copy to the template and also M s edge win. Let's do the graphs. The studio to those graphs copy to the template. When does by sick Very good. Look at the templates. Now Windows. Spacey has autumns, triggers and graphs. So several local the graphs here CPU utilization. This is from a template triggers. It's a template. Applications. Very good items bring good karma host down here. This new one that I have just added before can go into a templates and now a sign of Windows Basic and Press update. And that host now has those items, trees and graphs. And after some time it will become available and all start sayings of daughter. That is pretty much how it's done now. I could just have credited template from the ground up because we have a crate item option inside the template, safer triggers graphs will look at screens, discovery rules and lives scenarios later. But all those things could be done directly in a template as well. Okay, And here from the host that I credit that template from a message one here talking delayed everything items Italy triggers. The trigger was already deleted. All the dependencies have been delayed already. I could now go into the template section for this host and select a new template and this basic update pay. And they would go a message when it has four applications, eight items, one trigger and two graphs monitoring later. Starter. I have status if I also feel to baik Windows Service. There we go. After some time, we'll start getting daughter again for a message win. And this talk was, This is a laptop. Actually, despite the stacked graph, let's talk it over the last six hours last two days. Nice five minutes because there's a real bond. A proxy, a proxy doesn't yet know that there were any changes. I should do a confit cache, reload, and I go. And after a minute or two, we should start seeing daughter again. It just turns out I haven't yet said the firewall on my new laptop yet told out Zeb bakes 100 50 End my m s age when is switched off, so gonna start a message win and now gone many so firewall on my laptop. Okay, so I've turned on the eh message. When? And I've also added the firewall role on the Windows Defender. Fire War 100 50 inbound. So that now works Brilliant monitoring latest data. And I just thought about Windows Service and status. Splay stepped Craft magazine. More on. Also put us remove that. And I just show the one host. Okay, I'm getting data for everything When you first assign a template. Sometimes performance counters can take a minute or two before they start getting any data . So but it looks like a for may. Excellent templates make a C Windows basic has been assigned to those two hosts came excellent. 29. Monitoring Screens: okay. Screens monitoring screamed screens are a bit like dashboards when we can go to the dashboard and we can modify the widgets in the dashboard if we like. But a screen is like having multiple dashboards so we can create one. We get a default screen in a system, and this is just one element. And it's actually just the map. Yeah, that has been credit. Will look at maps later. This is a screen. So it's quite around Customs screen. Oh, various bits and paces. This is the idea. I'm gonna cool it, Peter, and will show the CPU values of all the hosts Ad. Okay, so let's go to its constructor. And here I can add columns and rows. So if I press the plus, there gives me a new column where I can change the element inside the calm. If I go here, gives me in Euro, I can change the element in the row. Okay, so default choices, graft. But we could have other things like actual ogle clock, for instance, most the time you'll just put a graft there so we can select a graph from one of our hosts . It took, for example, CPU utilization is one of the graphs that we've credit now. Template something. We can have another one on the other side. And Yelich COLUMN I'll let it for my other desktop. This to stop uses. One of the default is epics templates, So we had a lot more to choose from that the next row down here has something else. A graft prototype graft for top is a graph credit from a Discovery rule, but we'll look at that later. A history of events There we go Chinese that most group issues hosting for a simple graph is basically an individual item from my house. So any host you like, I'll choose I raspberry pi, for example. And I want to know about CPU utilization. This is a single item this time up today. Down here we can see all kinds of things, one that I find quite useful. His daughter Overview group, for example, locks service application being see to you and and that gives me rows of all the CPU properties for multiple hosts. And also they said, L A reid, good one to add is Euro. If you have another monitoring system such as cack tile solar winds or Negus, or even if you have some Cisco routers or other network devices, will have status pages. You can put the Ural in there. This is a euro from microphone a civil No, make the wits one sales and Flight 400 and I can line it. Use two columns for the common Spain and add. And then that's a graph from Graffagnino embedded in the screen. I mean the layout. It's not very good circuit just to just that. So this one, I will delete this one trouble too late. And that row I'll put daughter Overview discovered hosts, for example. See Pierre Tom spent two. And there we go, assisting Sam home, and that is automatically saved. So next time I come to monitoring screens, I said a list I can get straight to it. That's very good. That's a screen. Basically. Did you have many of those as you like? And a carats just at another row, actually to the top. Here, let me change that. I can put anything out. Lock in there. Trick arrive of you four discovered hosts. Aiken put away application, but won't and quite a lot of information. But if I decide I didn't want that and I want to lead the whole Royal Dis uses monos on just him. Time net. Whole rows deleted. So monitoring screens. All right, so it's just some of the options you can do with screen next video share to create templates screens. 30. Template Defined Screens: templates. Screens. Okay, Each of the hosts can have their own screens. Option as well, says monitoring hosts. And we can look at this screen for this. One here has to screen system performance and network interfaces. When you look at monitoring screens, none of those host level screens appear in this list. And if you get a configuration hosts, you don't actually get the option of the screens here, either. If you go into a host, I get the option here, either. Screens for hosts comes from templates. That's why I call it templates, screens to this template that we've been craving, we could add screen store it here, the templates that you're signing from Zab ICS, for example, this one here, this host I saw in that active agent template. It has a screen already called sister performance, and this is its constructor, so we can modify that. But on the template that we have bean creating weaken credit and screen you great screen called anything. System overview is okay. Doesn't matter about columns and rise weaken Ed does in the constructor if we want. While that number right change now, there are less choices in this compared to when we create a system screen, but we get graph, graph, prototype and the graphs Ah, the graphs that we've already credit CPU utilization. I can select that. Let's add the other one memory. Okay, it's at another right in the bottom. They change Simple graph. This is individual items, for example, used space on the C drive if you wanted to do that and simple graph prototypes. Once again, it's from Discovery rules and the euro like from before. Oh, cancel that one. Now we're not seeing any daughter These preview here because this is a template. So that sort of saved as well, because when you headed the screens saves automatically. But if I was to go now into monitoring hosts, the two hosts, which are the laptop and a message when actually neither of them are switched on right now , so I'll turn one of them on. Okay, so I just switched on a message win notice. The's screens now has a one after it so we can review that, and my mind is twisted on so we can start to see daughter in its own screen. Now there are other ways to get to this screen monitoring Lightest Arte. If you were to select your host here, Windows a message when a ploy and click that you got the screens option to stand there we can see and also away. You guys should talk to your host name into here M s head and Schwinn. There we go. And it shows up there the all the hosts up there top. You can click that it will take you to this grain and you compress screens again. Very good. And also in monitoring problems when you click your host here. OK, but what's again? Because a template little screen, you don't get them in a system monitoring screens there. This is very useful now, Craig around screens for the hosts and you do that in the template. Excellent. 31. Creating a Network Map: Okay. So far, through this course, I've been Crignis map by hand, and I'm using the website called drawed Ohio. There are many ways to draw diagrams, and you can also do that in Zab ICS. So in this video, I'll show you had a crate. This network map in Zab ICS in doing exhibits is very good, because all off the status of your hosts can also be shown on the screen. Okay, so monitoring maps, dear, this is the default map that you get. This just shows thes Arabic. Serve our and one particular trigger that has fired so more than 100 items having missing diner for more than 10 minutes. That's because I have several by virtual machines off it said we'll cry ourselves a new one . Total maps create a map. I'm a cynical network. I'm gonna make it 1200 by 800 leave. Everything else is default. But you can always come back to this later and change things. For example, how problems are displayed either as a single problem, a number of problems or number, plus expand the most critical. You can also use advanced labels. We can modify the different properties for each of the libels. Minimum severity. Here, there's no need to change sex. Can actually modify that on the map as well in real time. So I just add that that's good enough. Okay, let's go into this new map we discredit. There's nothing there. Edit map. First thing I want to do is add two squares, so there's a shapes and another shape never go. Okay, so I'm gonna call it Internet. Very good. That's a ploy. Make it 24 and very cool on top. Apply. Very good in the same on this one. 24 top apply. We can't actually see the text bond this panel. So actually, move this panel again if you wanted to. Another thing about this panel is I can just quickly change between the different shapes and a Dorsch. Give me the properties of the shape that has been selected. So right now, this is the public network shape. This is the Internet shape. Okay, So make sure that's all good now. Another thing, too, is it's important to update regularly. Just save your changes. I gather returned to the map list or just press cancelled. Continue editing. Okay, so now I'm gonna add a host to this part of the screen, add a server now. It's no attached to any of these shapes or anything. It's just positioned there. They could modify that. Now it gives me an image by default because that be sucking these other options. So that someone who is host the host well, bay my Zab X server down there. And instead of the label being new element, I could write is Arabic, so or I could use a macro. Yes, the macros host name host con on the fabrics. Macro documentation weaken. Search for other possibilities. Most dot Got host con host description host DNS host, host, etcetera. I'm gonna use lies. Once my image, I will use recommendable to your three day 96 close. Now, however, this looks is really your own personal preference. So it's up to you to use whichever styling you think is suitable. Someone's gonna use that image. Okay, It's gonna add two more hosts to my Internet section, never even longer finer on my speak hard service so I can add a new map element. Here we go. Same thing, just kind of copy that it's called a host. The host will be one of my locks. Service. You grade a nice six apply. And at another one, Like to most speak. Odin it my six. Very good. Okay, close. An update have is updated. What press? Okay you want? And you can come back to it again. That's it. It shows the values there and status being okay. That's it. Afford minimum severity is not classified. But I could say show me everything that is disaster. There's nothing that this disaster right now. School Hoy Average warning. That's from four more than 100 items having missing data for more than 10 minutes. That's because several of my hosts are off line. Okay, that we can go back in and out of the map and at more hosts, I'll let one of my firewall there add an element. My firewall is just a basic home firewalls. So I'm unable to install a Zab ex agent on it, or even glorious and MP citing credit host on it. So I'm just going to use an image. But if you have a proper cisco firewall or something, you can get that, uh, preserve this an MP host. Discuss snm he led one on the course pliable 96 Ploy. There it is. There lies well, another host, My bra three pie and I can use a different icon. But like recommendable one new three day 96. There it is. Update. I kind just cancelling justice down this screen. Now we can also draw lines between each of these hosts a link to add a link select to host . So all down one. Hold down Control and slick Another like that. So too were there selected now and now. Press ad link goes a link. Let's do the same down here at a link and also for the firewall at a link in between the firewall and the raspberry pi mentally. And that's the link property. Stanley and Weaken change his properties Also, by pressing the edit option there. Line bold line dot Dashed line color. That's the okay color close. So I'll address to my house and just fast forward the video and press update regularly. I'm gonna stand this screen. The host element. It is a different symbol. So a workstation there is, and then update just good and decide the rest and or just fast forward the video. Let's draw some lines so you have to be corrective because whenever you click something that Penhall comes up over top eyes what you're looking at underneath so often I'm slide in the windows around. Don't think there's any real easy way to manage that, other than doing it originated that map to make that look a little more pretty. For example, Aiken editor by Con Still, So instead of using that image for the Arabic server, can actually use a specific sepik server image down. Here's having service three day 96 if I want and all do the same for the Ross Big Boy. How he's a smaller image. Three day 64 Apply close update. Very good. You can spend some time making your map pretty not of the same thing. Okay, so one thing to when you are moving around the shape and ray changing its dimensions repressed, uptight, You get this area one shape one wits into jurors expected. Bisley. What that is is you need to just press a ploy on your shape, and now you should let you save it. Okay, Very good. So you will see the air up this is just something I don't think they picked up on during the development of civics. So just be aware that I do it again or similar that again. I'm gonna change the dimensions of this box here, and then I'm gonna press update. Then I get this era. So map update filed. But it fixed that just president. The impressive ploy and their press up tight. Thank a very good. And that's my map. And I'll spend some more time making anymore pretty. So Renee considers. Show me the hosts with this problems. Seven problems to problems. Vexation is not available or, no doubt of his 30 minutes. That's very, very good in a map. No disposition them a little noise, sir. It's really up to you. Tight, very good monitoring maps. And because that's a map, we can actually use that in a screen. So monitoring screens both screens create new screen network map ad. It is a screen change. A map being my network was center Middle had very good And that screen there so network map you can run in kiosk might here like that. So it's just one big full screen of actually pressed If 11 as well like that. And you could have that. I mean, to make it look a bit nicer on a monitor up on the wall on a spare computer. Your office when you could see straight away the status of all your service. Okay, Not support screens. They're quite useful for as a big status board somewhere in the office and one final fix for this map here that are just credit, but only just discovered. What the problem. Waas maps, edit map. This rename that to private network. Oh, my God. Okay, Screens. And they would go excellent. 32. Reading Windows Event Logs: Okay, so now I'm gonna show you a slightly more advanced item, and this one is specific to windows on my windows. Virtual Shane. Here. Why? In the event of you are and open Windows logs, application security set up, etcetera. They'll have these event I days we can monitor. These have been ideas in Zeb ICS. So show you how to do one of them. And that will be the security filed, Logan. Okay, So using the template that we have bean working on so far gone to its items and will create a new items that credit autumn, I'm gonna call this Biota. Logan, this is the windows of N i. D. Specific for fowl. On Needs to be a Zeb ex agent active and the K see event. Look, event Lok monitoring and returns a look. So click that okay for the name its security. That's the name names, security event, local security for the red chicks. Just put nothing for the severity. Do nothing. The source do nothing. And for the event I d or 6 to 5 max lines. But nothing leave the default. And for mode, do skip on the cervix. Documentation. This is a Windows specific item key event lock. So this is what we've just done. There's some examples there for the last one. Modi chose to you Skip, that is not the default. That's because the first time this item is run. If I didn't put Skip, it would scan every single event log in the computer, and that could take quite a while. So I'm only interested in what's gonna happen from now one. In terms of that have been I d 46 to 5. So that's why I've used the option Skip and this more information about the different properties there. But the event I did was the most important one and also the name the name of the event log . And it says here must be configured as an active chick. Also, the top of information was log update interval. One minute credit, new application called security. And let's see, I'm gonna keep my daughter. The Nani does, and you said that. Okay, then I d 46 to fight fouled Logan, the two hosts that use this template that is the laptop here, and the message win or a laptop switched off. The message wouldn't switched on their both behind the proxy signing to restart the proxy. So the proxy is aware of the new items. That's conflict. Cash relied. Yeah, that's dumb. Now my message when he I'm just gonna close that I'm just going to shut it down and then reconnect to it using virtual box. Just press star. Okay, let's just look at later. Starter monitoring later Starter. And already I can see down here there's a new event i D. For 6 to 5 filed. Long gone, But there's nothing in the history. There's no later started yet, so there's nothing to see. But it's gonna look at the history their last five minutes and now go in some oy a message when and generates and filed Logan's, they said, Eh? Message went there, Click it and just generate felled Logan. Incorrect. Try again. Now that's only one fouled log on. I can do lots of them, but I'm just gonna do one thinker and just white for a minute for that update and never got that. Now shows in Zab ICS not a for 64 5 Logan, and this is the text from the event log in Windows. It's quite a lot of information there, but that's basically it. The event I d was 46 to 5 and they can't use arm, which have found for Was this one here? I A user starting to start monitoring that on every host that uses that by item, then Okay, So many people have problems sitting out this one. As you saw, I didn't have any problems at all. It's gonna low gain to a message when one of the issues that you might have is the Zeb bakes Argentia five up services when it was installed, it logs on as the local system account. That's the permission, Zab excited needs. In order to better read the event looks if you bend your windows hosts or workstations slightly differently, then you can look at this page here. Minimum permission level for Windows agent items. Both these item case here, the recommended permission is that and that's the minimum technically acceptable permission for a particular thing. So event log recommended permission for his epics. Usar if you're going to manager is event log readers. If you use guests, yeses functionality is limited. So your cervix agent user is a guest usar Israel Markley toe work. You can get something done, but not for 6 to 5. Okay, so configuration templates when those basic items Nine items. So this again is a fixation. Active. That was the text there was them into it. Event log security. Kama Kama Kama Kama 46 to 5. Comma, Comma Skip Believe that off it will be all in your skin. All the old event looks that it hasn't history And it could take a little while before you actually see anything. So they go top of information, log during for whatever you want. Choice One minute. End up. Put into the security application. Excellent. 33. Item Preprocessing with Regex: OK in this video, I'm gonna take you through item pre processing with rejects with credit days filed Logan items and they're working, and I've just filtered this latest started. But I want to hosts with that template that contains those filed local on autumns. And if I look at one of them and it contains a lot of information about that log on failure event now, that's a lot of information to store and cervix or possibly you don't really want or that either. You just want a section of it. For example, the first line now the daughter returned from an item could be almost anything, and this is a good example to use because it just contains a lot of text, and Aiken just demonstrate extracting parts of it using pre processing. So this example I'll show you how to convert this item to only extract just the first line of text. So this just grab that and put it into a note pet. For now. Now go to a website called Rejects 101 dot com and in test string here, just paste that full text from the event log. Now I want to extract just the first line. I mean, he's a regular expression for that. So here the top line here, I can use no star in brackets. Those brackets here in the exploration section say it's the first capturing group and then it just describes further What's going on? So any rejects you right in here. This website will break it down for you and tell you what's actually happening. So what's happening years? Every line is being broken into individual lines and we can see on the right here. Match information. Match one match to match three. Match six has the line subject. Match nine has the line security I d. We just want the first line on account felt to log on so I can know modify our item inside Zbig to use that regular expression. Okay, so go to configuration templates items for that template that we were editing the event I d item and up here says pre processing. Here we go. Let's add a pre processing step and the option is regular expression. Unless the pattern output backslash zero that will output that their account felt logo. Now we can test this regular expression against some sample data, so test so that value a copy into the note pad and also copied into rejects. When I won, I was gonna put that in there employ and now pressed test. Okay, so it's returned the first line of the log fall. Okay, so we can close that now. We can update this autumn because this item gets run on hosts behind the proxy. I will also need to update the proxy thing and convict cache. Reload. So now, if I generated filed Look, one on one of those windows hosts this one example this is M S edge win. It's gonna generated filed logo on Enter Password Incorrect and go into monitoring later. Starter. And just what's the history for Emmis? It went 10 just white. There we go and account file to log on its only shown me one line rather than showing me the whole lot of the information now. So that is a little bit more easy to manage. Uses much less data inside yours epics, databases. Well, in case you were having thousands of these a day that he wanted to monitor. Okay, so the next thing you might want to try is you might not want the first line. You might want a different line. For example, Account name here. A message. Win 10. The Rejects for that is a little more complicated to get a different line like that. What you can do is you can before the capturing group. Here, you can write the string where it starts. So account name down there. So count name colon. Okay, so format she account name Colin. Eh? Message went in this what spicier is actually tabs. So I can actually just right before the capturing group slash tab slash t The tab in Addis highlights. Just that text without the word space. Show that again. And here it's highlighting the white spaces. Well, I don't want the world space. Okay, so it's just the word that I want. So four match is account name Corn with a message when 10 banging Group one. So that's the capturing group. First of value in the capturing group. That there. So we can add that to Zab ICS and actually just put that line now instead, off an account for to log on. And also, for example to say, wanted count domain instead, Citgo count main and will return work group Group one there may. Well, it's just test that can't name the copy down. Go into configuration templates into the item. Pre processing regular expression would place that with that. And we'll taste that again in here. I should put that value on the night paired. Apply and just do a quick test. What is done? Slash zero up there has printed at the whole line. Account name, eh? Message. When? 10. Now, if I want just that first value in the group, I would write slash one and test ago. It's just the first value in the group now. And you can see that here on rejects one on one as well. Group One. It's the first value slash Zero will bring you that. Slash one will give you that. Okay, now, I'm not gonna update Test that out. I'm just gonna expand this even further. I don't want the 1st 1 but the 2nd 1 here because this account name is actually written twice. An account name for the 2nd 1 is actually the user account that I want to know about his high user. That's so I use a This is the use of that was doing the fouled, Logan. Okay, so debt rejects is slightly more complicated. Very prepared it. So what it's doing is it's finding the first occurrence of account. Name its name, prodding a group off anything and even new lines as many times as possible. Then finding tab account name again. Blessed have slash tab and then the value down here being I user now rejects is hard to write. I didn't write this quickly. I had to try a lighter things before I got this. Correct. Some people are really good or rejects. Is but most people aren't. But expect to take a long time trying to get here. Rejects is correct. Anyway, that works for May. If I look at the match information down here, the four matches, all that stuff highlighted in blue, then one. I'm not really interested in that. I'm interested in what I got here. And group to I user, let's put the centers epics. Copy. Okay, that sit there and I want slash to, which is gonna give me back the value in group two down here. I user first sister is test, and the earliest result I use on has saved that update and update proxy. Okay, let's generate a filed Logan for this particular user. UNWTO password. Incorrect now monitoring. Lightest Otto. Let's look at the history last five minutes. It's just wait for that update and there is value. I user look, that 15 minutes we can see The first time I did it, I was pretending all the complete log. The second time Ali won the first line in the third time. I'm actually explicitly searching through it until I find the second occurrence of account name and then just taken that value there. Very good. So that's using item pre processing with regular expressions. Bring it. 34. Item Preprocessing with JavaScript: Okay, so I'm going to do another pre processing exercise. And this time I'm going to use JavaScript to get so go into the configuration to the template items de item pre processing and would still ate the one discredit but a new one. And this one will be Java script. Okay. And what is postscript now? It gives us some idea of what the script should do here. This is basically important output. So input, because the value and then you can just return the value unchanged. That's the airport. But that's pretty pointless. So I've got this script here that you can get from the documentation. Now. We'll just apply that for now, and we'll test it and input the value from before. Copy, paste, apply. And what is test that? Okay, so tells me I a user an account failed toe Logan. Okay, So how did it do that? Let's have a look. Look at the script here. It's breaking up all the lines by New Line credit, an array. So Betty dot split here is just splitting this string, which is called value into an array toe. The next line line zero. I'm just crowding a variable, which equals lines. Zero. That's the zero index of the array and then declaring a new variable account name because Justin empty string lines, which is the array for H line if line dot trim dot sub string 0/3 8 equals account name colon that stood in characters you can't name a coastline dot sub string 14 dot trim trim Removes white space from whatever line substrate, Ford ankles. This is quite simple Java script and common JavaScript. Any of these lines, you could just type into the search engine strike JavaScript sub string and you get an answer. JavaScript split. You get the answer. You want to know about what these things are? JavaScript borage will give you some examples. And who had the bottom? I'm returning decant name, which I've sit here, which is gonna take a why a user in our example. And Lauren zero, which the original string, He, uh, was an accountant. Photo logo. Okay, supply. And that's what happened when we did the test. I use a colon and a can't felt a local cool. So that's Java script. So basically, whatever that value we cause you can do all kinds of things would in return a new that you down there and a JavaScript engine use bites epics internally is for me a called duck type dot org's. It's unbearable JavaScript engine with a focus on portability and compact footprint. It's a very simple version of JavaScript engine. It doesn't do everything that JavaScript in the browser window, and it also any has partial support for years 2015 in 2016 Tetra. But just as long as you keep it simple, like you're just doing simple string functions or maybe some arithmetic like multiplication and division. It's gonna work anyway, only that you can test against a sample data, and I consider that works. So the difference here, compared to what I did with the rejects, is that I'm actually pending to values together here rather than returning one value like I wasn't the rejects example. So it's just test that the update proxy cache reload create a failed logging. There we go. Password is incorrect. And now go back to monitoring that a starter and wait for the latest nation to be retrieved the last four minutes, and there it is. I use a colon and account failed to looking. We're looking for the lost six. Ai was Sleeping guy nice to different versions of what I was doing with that text from the event. Look. Yeah, excellent. 35. Item Cloning to Create a PCI DSS Windows Template: hosts templates. Okay, so this is the Windows basic template will be working on. And this is the item here that we were bean working on as well. Therefore, 6 to 5 is only one event on this page. I've listed a lot of events. My days and all these together can be used to create what you can call a PC idea says Windows template. It's just the beginnings, but there's a lot of Avent ideas that you could have in that template. So in this video, I'm gonna put a template containing all these ideas and just clone it. You can build a quite quickly that way, so I'll just show you how it's done. And then at the end, you couldn't download it from get up if you wanted to. If you didn't want, just credit yourself doesn't take very long. Okay, so first thing I'm gonna do is create a new template, and I cool it PC idea sis windows, and I'm gonna put it into the group templates, modules. That's cool ad, and it's that it doesn't have any items, so it's add at least one autumn, so I'm gonna take the item from the windows by secure that day and just copy it across to the new template. There is peace, holiday assists, copy time items and it has one autumn and it's active. Event log security for 65 Skip. Perfect. Now, for the original template, I'm going to delete the ardent from there. Now I can add to my hosts the other template as well if I wanted to. I'm not gonna do that just yet, but ICAM later on now kind of two templates with same K. It would give me a duplication Eris. That's why related it from the windows. Basic template. Okay, so anyway, welcome. Do that. Right now, the templates, PC or items cases must get is a lot of ideas here. First fondue is 460 wait. Windows is starting up. They just go into that do clone, and they are can write 46 08 Windows is starting up for 60 Right, And it already has a pre processing step. That's the job script version that we did before, and because two events now, there are about 32 of them. So I'm just gonna bill does and fast forward the video total of fish, but it's very repetitive. Okay, so that's done. Now, I made several mistakes doing that, and I just fixed amount Wasn't that complicated, So I've got all of them now. Now, one thing I didn't do when I copied that what's, um, across to the new template? I didn't have any applications in the template. The one that I was missing was security. So when I added the first item or 6 to 5, it wasn't part of any security application here. Which means I'm not gonna be out of filter accusing later Starter point so easily toe older that now. So I'll create the application in my new template. Security at is good. Now, in autumns, I canal slicked security is there option? But rather than going through each and every item and doing it one by one, I'm gonna slick toe of them into a mass update Applications ad security update. Okay, so if I look at one of them now, they're part of the security application. Excellent. Let's check it all. Security. That's good. Now, a cradle these individually and I've also used to skip option there. Now, if you left the skip option off the first time this would run, your agent would be put under quite a lot of stress. You seep. You'd probably be 100% for quite a while because these 32 different items would be scanning your full event log. You control that if you like, but this is much more efficient by using the skip method here and even fast away off reading many items would be to even just have one item that skins all those ideas. I'll just demonstrate that is the key. 08 or 4609 or 46 10 or 46 11 and all the way through all the ideas. I'll put this in my documentation seeking copy. And if you prefer to do it this way, it's magical. Less options. When it comes to filtering and latest data, believe it there for you to experiment with. If you wanted to anyone I'm gonna cancel that. I'm just gonna have them all individual like this now to test it out. So on my host a message. When Here, I'm gonna add that template. They won their dialect and update. Okay, so it's now got 41 items we can see here is large of them. From the peace idea, says Windows template. Right? And because it's behind a proxy conflict cache. Reload. I'm now starting up my Emmis Edwin virtual machine. Let's get a monitoring lightest starter and we can see that there's a whole lot of new items here in under security here. Um, message one. And if I slogan Okay, boy, give it a minute. We'll start seeing daughter and all these rows America successful. Log on. So I'm gonna turn the soften restarted again. We'll see a whole lot more events showing up. Okay, so do one filed log on and then do want proper Logan. Very good. Have a look at the history. I case. The windows is starting up. System time was changed. Can't was successfully logged on its credit. User cares. Test user changes account talk like I eso a test user account was credited. Test user account was enabled and we can see here. That's the name test. A member was added to a security Nevil group down there. A user account was changed. Excellent. So you can see that That gives you quite a lot of visibility over how users could be managed on your windows hosts. If you want that template, I put it here, might get up. And in the next video, I show you how to install templates. Ok, excellent. 36. Import Templates: OK in this video, I'm going to show you how to import templates. Mississippi form For now, we just credited Template in last video that we could just import. But I'm gonna import different template, quite no template. But it's actually pretty good, and we'll see quite a few errors when I'm doing it. And then that means he will be ableto there's all these. Here is yourself one day if you see them. When you do different things on my documentation about a link here, they visit that link. It's a template about chicken. Whether dinner stems a blacklisted or not, it's on those ethics share website. So is it that website, and here it is, here Sabac share. There's all kinds of things on serving share lives and lighter templates, and you could just do a search for them. If you're looking for something in particular now, this one here we automatically checked in its black hole lists. There are instructions on it, and you can for those, but instead we'll do it this way. Just download the boil here and in At this two files. There's an XML, which is a template, and then there's an estate script of the template is gonna call XML file is the fall that were important is epics, So this will generate nearer the first time. So okay, and that's it there. And this will generate narrow for May because I haven't read the instructions anyway import and it says cannot find a value i p blacklists use in the item whatever template I pay. Blacklist This templates from Zab ICS to very old template. It doesn't have any value. Map ings in ni Exe Mel Foil This is the XML fall I just tried to upload, noticed minimize the nodes so we can see what's in it. There is a group name. There was a template, and that's all the information for the template. And then there's some triggers, and there's one of the triggers there, and you can read those if you like. It's quite useful. Reading these things gives you a very good understanding of how things might work. Now there are no value mapping in its old template from version two, so we'll have to manually create um so down here in administration General and it's dropped down is a thing called the value mapping and what this contains is often items come return numbers and you can say, rather than displaying number. Display this text. So also on this page, it says here create the falling value map Administration General Valium, having name I P blacklist surrendered at credit value map. I plea blacklist and the value zero is not listed in one was listed. Okay, so that just introduces value maps very quickly. You know, I just find that when I decided some page two, I pay blacklist. There it is, and we can edit that if we ever wanted to. Okay, going back to configuration templates important. Let's try that again. Blacklist Zab ICS Export templates dot xml Open all these tick boxes a goodbye day phone, so there's no need to change anything there unless your template does contain have screens or maps or images on media types. The rows are about updating the existing values or discrediting the new values or deleting the missing gives you more control over the import process. But all the defaults are pretty good. Important. Okay, imported to successfully, it's gonna look at it. It is template I pay blacklist got five items in a black least unknown because we haven't yet signed into any hosts. Now the type off item is an external chick, not anything else. That external chick is going to be a script that runs on the cervix so herself. That's the key There. Check DNS Bey. Eldar. Shh. It requires two parameters host dot DNs, which will get from the host that we assign this template to and then one of the DNS blacklist providers. There's five of them in this template items. Okay, So whether these things that are still relevant or whether or not there are better provided us is up to you, as you can see here, you could copy and modify the your old A off the provider because we're passing that you roll into the DNS spls site script. Eventually, when we set that up. Okay, so the next part is to copy this s hate script tears, Arabic civil here. It says user like all share Zab ICS external scripts. This is different on different systems. Our item type is an external chick. No external checker looking for Biles in the external chick folder now, the external check folder on your cervix server to normally be found this way. Their picks. Server hyphen Hey h for help down the bottom. It says External scripts. User shares have X external scripts. This page is hard coded and this folder maybe wrong. The best way to find the correct location of your external scripts folder is actually in their