The table provides details on the item keys that are supported only by Zabbix Windows agent.
Key | ||||
---|---|---|---|---|
Description | Return value | Parameters | Comments | |
eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxlines>,<mode>] | ||||
Event log monitoring. | Log | name - name of event log regexp - regular expression describing the required pattern severity - regular expression describing severity This parameter accepts the following values: "Information", "Warning", "Error", "Critical", "Verbose" (since Zabbix 2.2.0 running on Windows Vista or newer) source - regular expression describing source identifier (regular expression is supported since Zabbix 2.2.0) eventid - regular expression describing the event identifier(s) maxlines - maximum number of new lines per second the agent will send to Zabbix server or proxy. This parameter overrides the value of 'MaxLinesPerSecond' in zabbix_agentd.win.conf mode - possible values: all (default), skip - skip processing of older data (affects only newly created items). |
The item must be configured as an active check. Examples: => eventlog[Application] => eventlog[Security,,"Failure Audit",,^(529|680)$] => eventlog[System,,"Warning|Error"] => eventlog[System,,,,^1$] => eventlog[System,,,,@TWOSHORT] - here a custom regular expression named TWOSHORT is referenced (defined as a Result is TRUE type, the expression itself being ^1$\|^70$ ).Note that the agent is unable to send in events from the "Forwarded events" log. The mode parameter is supported since Zabbix 2.0.0."Windows Eventing 6.0" is supported since Zabbix 2.2.0. Note that selecting a non-Log type of information for this item will lead to the loss of local timestamp, as well as log severity and source information. See also additional information on log monitoring. |
|
net.if.list | ||||
Network interface list (includes interface type, status, IPv4 address, description). | Text | Supported since Zabbix agent version 1.8.1. Multi-byte interface names supported since Zabbix agent version 1.8.6. Disabled interfaces are not listed. Note that enabling/disabling some components may change their ordering in the Windows interface name. Some Windows versions (for example, Server 2008) might require the latest updates installed to support non-ASCII characters in interface names. |
||
perf_counter[counter,<interval>] | ||||
Value of any Windows performance counter. | Integer, float, string or text (depending on the request) | counter - path to the counter interval - last N seconds for storing the average value. The interval must be between 1 and 900 seconds (included) and the default value is 1. |
Performance Monitor can be used to obtain list of available counters. Until version 1.6 this parameter will return correct value only for counters that require just one sample (like \System\Threads). It will not work as expected for counters that require more than one sample - like CPU utilization. Since 1.6, interval is used, so the check returns an average value for last "interval" seconds every time.See also: Windows performance counters. |
|
perf_counter_en[counter,<interval>] | ||||
Value of any Windows performance counter in English. | Integer, float, string or text (depending on the request) | counter - path to the counter in English interval - last N seconds for storing the average value. The interval must be between 1 and 900 seconds (included) and the default value is 1. |
This item is only supported on Windows Server 2008/Vista and above. You can find the list of English strings by viewing the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 .Supported since Zabbix agent versions 4.0.13 and 4.2.7. |
|
perf_instance.discovery[object] | ||||
List of object instances of Windows performance counters. Used for low-level discovery. | JSON object | object - object name (localized) | Supported since Zabbix agent version 5.0.1. | |
perf_instance_en.discovery[object] | ||||
List of object instances of Windows performance counters, discovered using object names in English. Used for low-level discovery. | JSON object | object - object name (in English) | Supported since Zabbix agent version 5.0.1. | |
proc_info[process,<attribute>,<type>] | ||||
Various information about specific process(es). | Float | process - process name attribute - requested process attribute type - representation type (meaningful when more than one process with the same name exists) |
The following attributes are supported:vmsize (default) - size of process virtual memory in Kbytes wkset - size of process working set (amount of physical memory used by process) in Kbytes pf - number of page faults ktime - process kernel time in milliseconds utime - process user time in milliseconds io_read_b - number of bytes read by process during I/O operations io_read_op - number of read operation performed by process io_write_b - number of bytes written by process during I/O operations io_write_op - number of write operation performed by process io_other_b - number of bytes transferred by process during operations other than read and write operations io_other_op - number of I/O operations performed by process, other than read and write operations gdiobj - number of GDI objects used by process userobj - number of USER objects used by process Valid types are:avg (default) - average value for all processes named <process> min - minimum value among all processes named <process> max - maximum value among all processes named <process> sum - sum of values for all processes named <process> Examples: => proc_info[iexplore.exe,wkset,sum] - to get the amount of physical memory taken by all Internet Explorer processes => proc_info[iexplore.exe,pf,avg] - to get the average number of page faults for Internet Explorer processes Note that on a 64-bit system, a 64-bit Zabbix agent is required for this item to work correctly. Note: io_*, gdiobj and userobj attributes are available only on Windows 2000 and later versions of Windows, not on Windows NT 4.0. |
|
service.discovery | ||||
List of Windows services. Used for low-level discovery. | JSON object | Supported since Zabbix agent version 3.0. | ||
service.info[service,<param>] | ||||
Information about a service. | Integer - with param as state, startupString - with param as displayname, path, userText - with param as descriptionSpecifically for state: 0 - running, 1 - paused, 2 - start pending, 3 - pause pending, 4 - continue pending, 5 - stop pending, 6 - stopped, 7 - unknown, 255 - no such service Specifically for startup: 0 - automatic, 1 - automatic delayed, 2 - manual, 3 - disabled, 4 - unknown, 5 - automatic trigger start, 6 - automatic delayed trigger start, 7 - manual trigger start |
service - a real service name or its display name as seen in MMC Services snap-in param - state (default), displayname, path, user, startup or description |
Examples: => service.info[SNMPTRAP] - state of the SNMPTRAP service => service.info[SNMP Trap] - state of the same service, but with display name specified => service.info[EventLog,startup] - startup type of the EventLog service Items service.info[service,state] and service.info[service] will return the same information. Note that only with param as state this item returns a value for non-existing services (255).This item is supported since Zabbix 3.0.0. It should be used instead of the deprecated service_state[service] item. |
|
services[<type>,<state>,<exclude>] | ||||
Listing of services. | 0 - if empty Text - list of services separated by a newline |
type - all (default), automatic, manual or disabled state - all (default), stopped, started, start_pending, stop_pending, running, continue_pending, pause_pending or paused exclude - services to exclude from the result. Excluded services should be listed in double quotes, separated by comma, without spaces. |
Examples: => services[,started] - list of started services => services[automatic, stopped] - list of stopped services, that should be run => services[automatic, stopped, "service1,service2,service3"] - list of stopped services, that should be run, excluding services with names service1, service2 and service3 The exclude parameter is supported since Zabbix 1.8.1. |
|
wmi.get[<namespace>,<query>] | ||||
Execute WMI query and return the first selected object. | Integer, float, string or text (depending on the request) | namespace - WMI namespace query - WMI query returning a single object |
WMI queries are performed with WQL. Example: => wmi.get[root\cimv2,select status from Win32_DiskDrive where Name like '%PHYSICALDRIVE0%'] - returns the status of the first physical disk This key is supported since Zabbix 2.2.0. |
|
wmi.getall[<namespace>,<query>] | ||||
Execute WMI query and return the whole response. Can be used for low-level discovery. |
JSON object | namespace - WMI namespace query - WMI query |
WMI queries are performed with WQL. Example: => wmi.getall[root\cimv2,select * from Win32_DiskDrive where Name like '%PHYSICALDRIVE%'] - returns status information of physical disks JSONPath preprocessing can be used to point to more specific values in the returned JSON. This key is supported since Zabbix 4.4.0. |
|
vm.vmemory.size[<type>] | ||||
Virtual memory size in bytes or in percentage from total. | Integer - for bytes Float - for percentage |
type - possible values: available (available virtual memory), pavailable (available virtual memory, in percent), pused (used virtual memory, in percent), total (total virtual memory, default), used (used virtual memory) |
Example: => vm.vmemory.size[pavailable] → available virtual memory, in percentage Monitoring of virtual memory statistics is based on: * Total virtual memory on Windows (total physical + page file size); * The maximum amount of memory Zabbix agent can commit; * The current committed memory limit for the system or Zabbix agent, whichever is smaller. This key is supported since Zabbix 3.0.7 and 3.2.3. |
Parameters without angle brackets are mandatory. Parameters marked with angle brackets < > are optional.
The event log monitoring.
Return value: Log.
Parameters:
Comments:
Examples:
eventlog[Application]
eventlog[Security,,"Failure Audit",,^(529|680)$]
eventlog[System,,"Warning|Error"]
eventlog[System,,,,^1$]
eventlog[System,,,,@TWOSHORT] #here a custom regular expression named `TWOSHORT` is referenced (defined as a *Result is TRUE* type, the expression itself being `^1$|^70$`).
The network interface list (includes interface type, status, IPv4 address, description).
Return value: Text.
Comments:
The value of any Windows performance counter.
Return value: Integer, float, string or text (depending on the request).
Parameters:
interval
must be between 1 and 900 seconds (included) and the default value is 1.Comments:
interval
is used for counters that require more than one sample (like CPU utilization), so the check returns an average value for last "interval" seconds every time;
The value of any Windows performance counter in English.
Return value: Integer, float, string or text (depending on the request).
Parameters:
interval
must be between 1 and 900 seconds (included) and the default value is 1.Comments:
interval
is used for counters that require more than one sample (like CPU utilization), so the check returns an average value for last "interval" seconds every time;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
.
The list of object instances of Windows performance counters. Used for low-level discovery.
Return value: JSON object.
Parameter:
The list of object instances of Windows performance counters, discovered using the object names in English. Used for low-level discovery.
Return value: JSON object.
Parameter:
Various information about specific process(es).
Return value: Float.
Parameters:
Comments:
attributes
are supported:types
are:Examples:
proc_info[iexplore.exe,wkset,sum] #retrieve the amount of physical memory taken by all Internet Explorer processes
proc_info[iexplore.exe,pf,avg] #retrieve the average number of page faults for Internet Explorer processes
Return data for the specified value name in the Windows Registry key.
Return value: Integer, string or text (depending on the value type)
Parameters:
Comments:
Examples:
registry.data["HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting"] #return the data of the default value of this key
registry.data["HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting","EnableZip"] #return the data of the value named "Enable Zip" in this key
The list of Windows Registry values or keys located at given key.
Return value: JSON object.
Parameters:
mode
.Keys with spaces must be double-quoted.
Examples:
registry.get[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,values,"^DisplayName|DisplayVersion$"] #return the data of the values named "DisplayName" or "DisplayValue" in this key. The JSON will include details of the key, last subkey, value name, value type and value data.
registry.get[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,values] #return the data of the all values in this key. The JSON will include details of the key, last subkey, value name, value type and value data.
registry.get[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,keys] #return all subkeys of this key. The JSON will include details of the key and last subkey.
The list of Windows services. Used for low-level discovery.
Return value: JSON object.
Information about a service.
Return value: Integer - with param
as state, startup; String - with param
as displayname, path, user; Text - with param
as description
Specifically for state: 0 - running, 1 - paused, 2 - start pending, 3 - pause pending, 4 - continue pending, 5 - stop pending, 6 - stopped, 7 - unknown, 255 - no such service
Specifically for startup: 0 - automatic, 1 - automatic delayed, 2 - manual, 3 - disabled, 4 - unknown, 5 - automatic trigger start, 6 - automatic delayed trigger start, 7 - manual trigger start
Parameters:
Comments:
service.info[service,state]
and service.info[service]
will return the same information;param
as state this item returns a value for non-existing services (255).Examples:
service.info[SNMPTRAP] - state of the SNMPTRAP service;
service.info[SNMP Trap] - state of the same service, but with the display name specified;
service.info[EventLog,startup] - the startup type of the EventLog service
The listing of services.
Return value: 0 - if empty; Text - the list of services separated by a newline.
Parameters:
Examples:
services[,started] #returns the list of started services;
services[automatic, stopped] #returns the list of stopped services that should be running;
services[automatic, stopped, "service1,service2,service3"] #returns the list of stopped services that should be running, excluding services named "service1", "service2" and "service3"
The virtual memory size in bytes or in percentage from the total.
Return value: Integer - for bytes; float - for percentage.
Parameter:
Comments:
Example:
Execute a WMI query and return the first selected object.
Return value: Integer, float, string or text (depending on the request).
Parameters:
WMI queries are performed with WQL.
Example:
wmi.get[root\cimv2,select status from Win32_DiskDrive where Name like '%PHYSICALDRIVE0%'] #returns the status of the first physical disk
Execute a WMI query and return the whole response. Can be used for low-level discovery.
Return value: JSON object
Parameters:
Comments:
Example:
wmi.getall[root\cimv2,select * from Win32_DiskDrive where Name like '%PHYSICALDRIVE%'] #returns status information of physical disks
Este tutorial provê um passo a passo de como se configurar a monitoramento de serviços do Windows. Partimos do princípio de que o Zabbix Agent e o Zabbix Server estão configurados e operacionais.
Obter o nome do serviço.
Você pode obter o nome do serviço ao acessar a tela de Serviços no MMC e analisar as propriedades do serviço desejado. Na aba "Geral" você deve procurar pelo campo 'Nome do serviço'. Você usará o valor deste campo para configurar um item para monitoramento.
Por exemplo, se você quiser monitorar o serviço "Estação de trabalho" então o nome do serviço seria: LanmanWorkstation.
Configure um item para monitorar o serviço.
O item 'service.info[service,<param>]' obtém informações sobre um serviço em particular. Dependendo da informação que você precisar, defina a opção param para um destes valores: displayname, state, path, user, startup ou description (nome de exibição, estado, caminho, usuário, inicialização ou descrição, respectivamente). O valor padrão é state se param não for definido (service.info[service]).
O tipo do valor de retorno depende do que for definido no parâmetro param: inteiro para state e startup; string para displayname, path e user; texto para description.
Exemplo:
Dois mapeamentos de valor estão disponíveis, "Estado de serviço Windows" e "Tipo de inicialização de serviço Windows", para mapear um valor numérico obtido para uma representação textual na interface web do Zabbix.
A descoberta de baixo-nível provê um caminho para a criação automática de itens, gatilhos, e gráficos para diferentes entidades em um computador. O Zabbix pode monitorar automaticamente os serviços Windows de sua máquina, sem que você precise saber exatamente o nome do serviço para criar os itens manualmente. Um filtro pode ser utilizado para criar de fato itens, gatilhos, e gráficos apenas para os serviços de interesse.
This section provides details on the Zabbix agent items that are supported on Windows. The supported items are presented in two tables:
Windows-specific items sometimes are an approximate counterpart of a similar agent item, for example proc_info
, supported on Windows, roughly corresponds to the proc.mem
item, not supported on Windows.
Note that all item keys supported by Zabbix agent on Windows are also supported by Zabbix agent 2. See item keys supported by Zabbix agent 2 for additional item keys that you can use with the agent 2 only.
See also: Minimum permissions for Windows items
The table below lists Zabbix agent items that are supported on Windows:
Key | Comments |
---|---|
agent.hostmetadata | |
agent.hostname | |
agent.ping | |
agent.variant | |
agent.version | |
log[file,<regexp>,<encoding>,<maxlines>,<mode>,<output>,<maxdelay>,<options>] | This item is not supported for Windows Event Log. The persistent_dir parameter is not supported on Windows. |
log.count[file,<regexp>,<encoding>,<maxproclines>,<mode>,<maxdelay>,<options>] | This item is not supported for Windows Event Log. The persistent_dir parameter is not supported on Windows. |
logrt[file_regexp,<regexp>,<encoding>,<maxlines>,<mode>,<output>,<maxdelay>,<options>] | This item is not supported for Windows Event Log. The persistent_dir parameter is not supported on Windows. |
logrt.count[file_regexp,<regexp>,<encoding>,<maxproclines>,<mode>,<maxdelay>,<options>] | This item is not supported for Windows Event Log. The persistent_dir parameter is not supported on Windows. |
modbus.get[endpoint,<slave id>,<function>,<address>,<count>,<type>,<endianness>,<offset>] | |
net.dns[<ip>,name,<type>,<timeout>,<count>,<protocol>] | The ip , timeout and count parameters are ignored on Windows. |
net.dns.record[<ip>,name,<type>,<timeout>,<count>,<protocol>] | The ip , timeout and count parameters are ignored on Windows. |
net.if.discovery | Some Windows versions (for example, Server 2008) might require the latest updates installed to support non-ASCII characters in interface names. |
net.if.in[if,<mode>] | On Windows, the item gets values from 64-bit counters if available. 64-bit interface statistic counters were introduced in Windows Vista and Windows Server 2008. If 64-bit counters are not available, the agent uses 32-bit counters. Multi-byte interface names on Windows are supported. You may obtain network interface descriptions on Windows with net.if.discovery or net.if.list items. |
net.if.out[if,<mode>] | On Windows, the item gets values from 64-bit counters if available. 64-bit interface statistic counters were introduced in Windows Vista and Windows Server 2008. If 64-bit counters are not available, the agent uses 32-bit counters. Multi-byte interface names on Windows are supported. You may obtain network interface descriptions on Windows with net.if.discovery or net.if.list items. |
net.if.total[if,<mode>] | On Windows, the item gets values from 64-bit counters if available. 64-bit interface statistic counters were introduced in Windows Vista and Windows Server 2008. If 64-bit counters are not available, the agent uses 32-bit counters. You may obtain network interface descriptions on Windows with net.if.discovery or net.if.list items. |
net.tcp.listen[port] | |
net.tcp.port[<ip>,port] | |
net.tcp.service[service,<ip>,<port>] | Checking of LDAP and HTTPS on Windows is only supported by Zabbix agent 2. |
net.tcp.service.perf[service,<ip>,<port>] | Checking of LDAP and HTTPS on Windows is only supported by Zabbix agent 2. |
net.tcp.socket.count[<laddr>,<lport>,<raddr>,<rport>,<state>] | This item is supported on Linux by Zabbix agent, but on Windows it is supported only by Zabbix agent 2 on 64-bit Windows. |
net.udp.service[service,<ip>,<port>] | |
net.udp.service.perf[service,<ip>,<port>] | |
net.udp.socket.count[<laddr>,<lport>,<raddr>,<rport>,<state>] | This item is supported on Linux by Zabbix agent, but on Windows it is supported only by Zabbix agent 2 on 64-bit Windows. |
proc.num[<name>,<user>] | On Windows, only the name and user parameters are supported. |
system.cpu.discovery | |
system.cpu.load[<cpu>,<mode>] | |
system.cpu.num[<type>] | |
system.cpu.util[<cpu>,<type>,<mode>] | system is the only type parameter supported on Windows. |
system.hostname[<type>, <transform>] | The value is acquired by either GetComputerName() (for netbios) or gethostname() (for host) functions on Windows. Examples of returned values: => system.hostname → WIN-SERV2008-I6 => system.hostname[host] → Win-Serv2008-I6LonG => system.hostname[host,lower] → win-serv2008-i6long See also a more detailed description. |
system.localtime[<type>] | |
system.run[command,<mode>] | |
system.sw.arch | |
system.swap.size[<device>,<type>] | The pused type parameter is supported on Linux by Zabbix agent, but on Windows it is supported only by Zabbix agent 2.Note that this key might report incorrect swap space size/percentage on virtualized (VMware ESXi, VirtualBox) Windows platforms. In this case you may use the perf_counter[\700(_Total)\702] key to obtain correct swap space percentage. |
system.uname | Example of returned value: Windows ZABBIX-WIN 6.0.6001 Microsoft® Windows Server® 2008 Standard Service Pack 1 x86 On Windows the value for this item is obtained from Win32_OperatingSystem and Win32_Processor WMI classes. The OS name (including edition) might be translated to the user's display language. On some versions of Windows it contains trademark symbols and extra spaces. |
system.uptime | |
vfs.dir.count[dir,<regex_incl>,<regex_excl>,<types_incl>,<types_excl>,<max_depth>,<min_size>,<max_size>,<min_age>,<max_age>,<regex_excl_dir>] | On Windows, directory symlinks are skipped and hard links are counted only once. Example: ⇒ vfs.dir.count["C:\Users\ADMINI~1\AppData\Local\Temp"] - monitors the number of files in temporary directory |
vfs.dir.get[dir,<regex_incl>,<regex_excl>,<types_incl>,<types_excl>,<max_depth>,<min_size>,<max_size>,<min_age>,<max_age>,<regex_excl_dir>] | On Windows, directory symlinks are skipped and hard links are counted only once. Example: ⇒ vfs.dir.get["C:\Users\ADMINI~1\AppData\Local\Temp"] - retrieves the file list in temporary directory |
vfs.dir.size[dir,<regex_incl>,<regex_excl>,<mode>,<max_depth>,<regex_excl_dir>] | On Windows any symlink is skipped and hard links are taken into account only once. |
vfs.file.cksum[file,<mode>] | |
vfs.file.contents[file,<encoding>] | |
vfs.file.exists[file,<types_incl>,<types_excl>] | On Windows the double quotes have to be backslash '\' escaped and the whole item key enclosed in double quotes when using the command line utility for calling zabbix_get.exe or agent2. Note that the item may turn unsupported on Windows if a directory is searched within a non-existing directory, e.g. vfs.file.exists[C:\no\dir,dir] (where 'no' does not exist). |
vfs.file.get[file] | Supported file types on Windows: regular file, directory, symbolic link |
vfs.file.md5sum[file] | |
vfs.file.owner[file,<ownertype>,<resulttype>] | |
vfs.file.regexp[,regexp,<encoding>,<start line>,<end line>,<output>] | |
vfs.file.regmatch[file,regexp,<encoding>,<start line>,<end line>] | |
vfs.file.size[file,<mode>] | |
vfs.file.time[file,<mode>] | On Windows XP vfs.file.time[file,change] may be equal to vfs.file.time[file,access]. |
vfs.fs.discovery | The {#FSLABEL} macro is supported on Windows since Zabbix 6.0. |
vfs.fs.get | The {#FSLABEL} macro is supported on Windows since Zabbix 6.0. |
vfs.fs.size[fs,<mode>] | |
vm.memory.size[<mode>] | |
web.page.get[host,<path>,<port>] | |
web.page.perf[host,<path>,<port>] | |
web.page.regexp[host,<path>,<port>,regexp,<length>,<output>] | |
zabbix.stats[<ip>,<port>] | |
zabbix.stats[<ip>,<port>,queue,<from>,<to>] |