The Windows Zabbix agent items are presented in two lists:
Note that all item keys supported by Zabbix agent on Windows are also supported by the new generation Zabbix agent 2. See the additional item keys that you can use with the agent 2 only.
See also: Minimum permissions for Windows items
The table below lists Zabbix agent items that are supported on Windows and are shared with the UNIX Zabbix agent:
Item key | Description | Item group |
---|---|---|
log | The monitoring of a log file. This item is not supported for Windows Event Log. The persistent_dir parameter is not supported on Windows. |
Log monitoring |
log.count | The count of matched lines in a monitored log file. This item is not supported for Windows Event Log. The persistent_dir parameter is not supported on Windows. |
|
logrt | The monitoring of a log file that is rotated. This item is not supported for Windows Event Log. The persistent_dir parameter is not supported on Windows. |
|
logrt.count | The count of matched lines in a monitored log file that is rotated. This item is not supported for Windows Event Log. The persistent_dir parameter is not supported on Windows. |
|
modbus.get | Reads Modbus data. | Modbus |
net.dns | Checks if the DNS service is up. The ip , timeout and count parameters are ignored on Windows unless using Zabbix agent 2. |
Network |
net.dns.perf | Checks the performance of a DNS service. The ip , timeout and count parameters are ignored on Windows unless using Zabbix agent 2. |
|
net.dns.record | Performs a DNS query. The ip , timeout and count parameters are ignored on Windows unless using Zabbix agent 2. |
|
net.if.discovery | The list of network interfaces. Some Windows versions (for example, Server 2008) might require the latest updates installed to support non-ASCII characters in interface names. |
|
net.if.in | The incoming traffic statistics on a network interface. On Windows, the item gets values from 64-bit counters if available. 64-bit interface statistic counters were introduced in Windows Vista and Windows Server 2008. If 64-bit counters are not available, the agent uses 32-bit counters. Multi-byte interface names on Windows are supported. You may obtain network interface descriptions on Windows with net.if.discovery or net.if.list items. |
|
net.if.out | The outgoing traffic statistics on a network interface. On Windows, the item gets values from 64-bit counters if available. 64-bit interface statistic counters were introduced in Windows Vista and Windows Server 2008. If 64-bit counters are not available, the agent uses 32-bit counters. Multi-byte interface names on Windows are supported. You may obtain network interface descriptions on Windows with net.if.discovery or net.if.list items. |
|
net.if.total | The sum of incoming and outgoing traffic statistics on a network interface. On Windows, the item gets values from 64-bit counters if available. 64-bit interface statistic counters were introduced in Windows Vista and Windows Server 2008. If 64-bit counters are not available, the agent uses 32-bit counters. You may obtain network interface descriptions on Windows with net.if.discovery or net.if.list items. |
|
net.tcp.listen | Checks if this TCP port is in LISTEN state. | |
net.tcp.port | Checks if it is possible to make a TCP connection to the specified port. | |
net.tcp.service | Checks if a service is running and accepting TCP connections. Checking of LDAP and HTTPS on Windows is only supported by Zabbix agent 2. |
|
net.tcp.service.perf | Checks the performance of a TCP service. Checking of LDAP and HTTPS on Windows is only supported by Zabbix agent 2. |
|
net.tcp.socket.count | Returns the number of TCP sockets that match parameters. This item is supported on Linux by Zabbix agent, but on Windows it is supported only by Zabbix agent 2 on 64-bit Windows. |
|
net.udp.service | Checks if a service is running and responding to UDP requests. | |
net.udp.service.perf | Checks the performance of a UDP service. | |
net.udp.socket.count | Returns the number of UDP sockets that match parameters. This item is supported on Linux by Zabbix agent, but on Windows it is supported only by Zabbix agent 2 on 64-bit Windows. |
|
proc.num | The number of processes. On Windows, only the name and user parameters are supported. |
Processes |
system.cpu.discovery | The list of detected CPUs/CPU cores. | System |
system.cpu.load | The CPU load. When a collector process is started on Zabbix agent, the following performance counters are initialized and later used for this item: \System\Processor Queue Length |
|
system.cpu.num | The number of CPUs. | |
system.cpu.util | The CPU utilization percentage. The value is acquired using the Processor Time performance counter. Note that since Windows 8 its Task Manager shows CPU utilization based on the Processor Utility performance counter, while in previous versions it was the Processor Time counter (see more details). system is the only type parameter supported on Windows. |
|
system.hostname | The system host name. The value is acquired by either GetComputerName() (for netbios), GetComputerNameExA() (for fqdn), or gethostname() (for host) functions on Windows. See also a more detailed description. |
|
system.localtime | The system time. | |
system.run | Run the specified command on the host. | |
system.sw.arch | The software architecture information. | |
system.swap.size | The swap space size in bytes or in percentage from total. The pused type parameter is supported on Linux by Zabbix agent, but on Windows it is supported only by Zabbix agent 2.Note that this key might report incorrect swap space size/percentage on virtualized (VMware ESXi, VirtualBox) Windows platforms. In this case you may use the perf_counter[\700(_Total)\702] key to obtain correct swap space percentage. |
|
system.uname | Identification of the system. On Windows the value for this item is obtained from Win32_OperatingSystem and Win32_Processor WMI classes. The OS name (including edition) might be translated to the user's display language. On some versions of Windows it contains trademark symbols and extra spaces. |
|
system.uptime | The system uptime in seconds. | |
vfs.dir.count | The directory entry count. On Windows, directory symlinks are skipped and hard links are counted only once. |
Virtual file systems |
vfs.dir.get | The directory entry list. On Windows, directory symlinks are skipped and hard links are counted only once. |
|
vfs.dir.size | The directory size. On Windows any symlink is skipped and hard links are taken into account only once. |
|
vfs.file.cksum | The file checksum, calculated by the UNIX cksum algorithm. | |
vfs.file.contents | Retrieving the contents of a file. | |
vfs.file.exists | Checks if the file exists. On Windows the double quotes have to be backslash '\' escaped and the whole item key enclosed in double quotes when using the command line utility for calling zabbix_get.exe or agent2. Note that the item may turn unsupported on Windows if a directory is searched within a non-existing directory, e.g. vfs.file.exists[C:\no\dir,dir] (where 'no' does not exist). |
|
vfs.file.get | Returns information about a file. Supported file types on Windows: regular file, directory, symbolic link |
|
vfs.file.md5sum | The MD5 checksum of file. | |
vfs.file.owner | Retrieves the owner of a file. | |
vfs.file.regexp | Retrieve a string in the file. | |
vfs.file.regmatch | Find a string in the file. | |
vfs.file.size | The file size. | |
vfs.file.time | The file time information. On Windows XP vfs.file.time[file,change] may be equal to vfs.file.time[file,access] . |
|
vfs.fs.discovery | The list of mounted filesystems with their type and mount options. The {#FSLABEL} macro is supported on Windows. |
|
vfs.fs.get | The list of mounted filesystems with their type, available disk space, inode statistics and mount options. The {#FSLABEL} macro is supported on Windows. |
|
vfs.fs.size | The disk space in bytes or in percentage from total. | |
vm.memory.size | The memory size in bytes or in percentage from total. | Virtual memory |
web.page.get | Get the content of a web page. | Web monitoring |
web.page.perf | The loading time of a full web page. | |
web.page.regexp | Find a string on the web page. | |
agent.hostmetadata | The agent host metadata. | Zabbix |
agent.hostname | The agent host name. | |
agent.ping | The agent availability check. | |
agent.variant | The variant of Zabbix agent (Zabbix agent or Zabbix agent 2). | |
agent.version | The version of Zabbix agent. | |
zabbix.stats | Returns a set of Zabbix server or proxy internal metrics remotely. | |
zabbix.stats | Returns the number of monitored items in the queue which are delayed on Zabbix server or proxy remotely. |
The table provides details on the item keys that are supported only by the Windows Zabbix agent.
Windows-specific items sometimes are an approximate counterpart of a similar agent item, for example proc_info
, supported on Windows, roughly corresponds to the proc.mem
item, not supported on Windows.
The item key is a link to full item key details.
Item key | Description | Item group |
---|---|---|
eventlog | The Windows event log monitoring. | Log monitoring |
eventlog.count | The count of lines in the Windows event log. | |
net.if.list | The network interface list (includes interface type, status, IPv4 address, description). | Network |
perf_counter | The value of any Windows performance counter. | Performance counters |
perf_counter_en | The value of any Windows performance counter in English. | |
perf_instance.discovery | The list of object instances of Windows performance counters. | |
perf_instance_en.discovery | The list of object instances of Windows performance counters, discovered using the object names in English. | |
proc_info | Various information about specific process(es). | Processes |
registry.data | Return data for the specified value name in the Windows Registry key. | Registry |
registry.get | The list of Windows Registry values or keys located at given key. | |
service.discovery | The list of Windows services. | Services |
service.info | Information about a service. | |
services | The listing of services. | |
vm.vmemory.size | The virtual memory size in bytes or in percentage from the total. | Virtual memory |
wmi.get | Execute a WMI query and return the first selected object. | WMI |
wmi.getall | Execute a WMI query and return the whole response. |
Parameters without angle brackets are mandatory. Parameters marked with angle brackets < > are optional.
The event log monitoring.
Return value: Log.
Parameters:
Comments:
Examples:
eventlog[Application]
eventlog[Security,,"Failure Audit",,^(529|680)$]
eventlog[System,,"Warning|Error"]
eventlog[System,,,,^1$]
eventlog[System,,,,@TWOSHORT] #here a custom regular expression named `TWOSHORT` is referenced (defined as a *Result is TRUE* type, the expression itself being `^1$|^70$`).
The count of lines in the Windows event log.
Return value: Integer.
Parameters:
Comments:
Example:
The network interface list (includes interface type, status, IPv4 address, description).
Return value: Text.
Comments:
The value of any Windows performance counter.
Return value: Integer, float, string or text (depending on the request).
Parameters:
interval
must be between 1 and 900 seconds (included) and the default value is 1.Comments:
interval
is used for counters that require more than one sample (like CPU utilization), so the check returns an average value for last "interval" seconds every time;
The value of any Windows performance counter in English.
Return value: Integer, float, string or text (depending on the request).
Parameters:
interval
must be between 1 and 900 seconds (included) and the default value is 1.Comments:
interval
is used for counters that require more than one sample (like CPU utilization), so the check returns an average value for last "interval" seconds every time;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
.
The list of object instances of Windows performance counters. Used for low-level discovery.
Return value: JSON object.
Parameter:
The list of object instances of Windows performance counters, discovered using the object names in English. Used for low-level discovery.
Return value: JSON object.
Parameter:
Various information about specific process(es).
Return value: Float.
Parameters:
Comments:
attributes
are supported:types
are:Examples:
proc_info[iexplore.exe,wkset,sum] #retrieve the amount of physical memory taken by all Internet Explorer processes
proc_info[iexplore.exe,pf,avg] #retrieve the average number of page faults for Internet Explorer processes
Return data for the specified value name in the Windows Registry key.
Return value: Integer, string or text (depending on the value type)
Parameters:
Comments:
Examples:
registry.data["HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting"] #return the data of the default value of this key
registry.data["HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting","EnableZip"] #return the data of the value named "Enable Zip" in this key
The list of Windows Registry values or keys located at given key.
Return value: JSON object.
Parameters:
mode
.Keys with spaces must be double-quoted.
Examples:
registry.get[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,values,"^DisplayName|DisplayVersion$"] #return the data of the values named "DisplayName" or "DisplayValue" in this key. The JSON will include details of the key, last subkey, value name, value type and value data.
registry.get[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,values] #return the data of the all values in this key. The JSON will include details of the key, last subkey, value name, value type and value data.
registry.get[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,keys] #return all subkeys of this key. The JSON will include details of the key and last subkey.
The list of Windows services. Used for low-level discovery.
Return value: JSON object.
Information about a service.
Return value: Integer - with param
as state, startup; String - with param
as displayname, path, user; Text - with param
as description
Specifically for state: 0 - running, 1 - paused, 2 - start pending, 3 - pause pending, 4 - continue pending, 5 - stop pending, 6 - stopped, 7 - unknown, 255 - no such service
Specifically for startup: 0 - automatic, 1 - automatic delayed, 2 - manual, 3 - disabled, 4 - unknown, 5 - automatic trigger start, 6 - automatic delayed trigger start, 7 - manual trigger start
Parameters:
Comments:
service.info[service,state]
and service.info[service]
will return the same information;param
as state this item returns a value for non-existing services (255).Examples:
service.info[SNMPTRAP] - state of the SNMPTRAP service;
service.info[SNMP Trap] - state of the same service, but with the display name specified;
service.info[EventLog,startup] - the startup type of the EventLog service
The listing of services.
Return value: 0 - if empty; Text - the list of services separated by a newline.
Parameters:
Examples:
services[,started] #returns the list of started services;
services[automatic, stopped] #returns the list of stopped services that should be running;
services[automatic, stopped, "service1,service2,service3"] #returns the list of stopped services that should be running, excluding services named "service1", "service2" and "service3"
The virtual memory size in bytes or in percentage from the total.
Return value: Integer - for bytes; float - for percentage.
Parameter:
Comments:
Example:
Execute a WMI query and return the first selected object.
Return value: Integer, float, string or text (depending on the request).
Parameters:
WMI queries are performed with WQL.
Example:
wmi.get[root\cimv2,select status from Win32_DiskDrive where Name like '%PHYSICALDRIVE0%'] #returns the status of the first physical disk
Execute a WMI query and return the whole response. Can be used for low-level discovery.
Return value: JSON object
Parameters:
Comments:
Example:
wmi.getall[root\cimv2,select * from Win32_DiskDrive where Name like '%PHYSICALDRIVE%'] #returns status information of physical disks
This tutorial provides step-by-step instructions for setting up the monitoring of Windows services. It is assumed that Zabbix server and agent are configured and operational.
Get the service name.
You can get the service name by going to the MMC Services snap-in and bringing up the properties of the service. In the General tab you should see a field called "Service name". The value that follows is the name you will use when setting up an item for monitoring. For example, if you wanted to monitor the "workstation" service, then your service might be: lanmanworkstation.
Configure an item for monitoring the service.
The item service.info[service,<param>]
retrieves information about a particular service. Depending on the information you need, specify the param
option which accepts the following values: displayname, state, path, user, startup or description. The default value is state if param
is not specified (service.info[service]
).
The type of return value depends on chosen param
: integer for state and startup; character string for displayname, path and user; text for description.
Example:
service.info[lanmanworkstation]
The item service.info[lanmanworkstation]
will retrieve information about the state of the service as a numerical value. To map a numerical value to a text representation in the frontend ("0" as "Running", "1" as "Paused", etc.), you can configure value mapping on the host on which the item is configured. To do this, either link the template Windows services by Zabbix agent or Windows services by Zabbix agent active to the host, or configure on the host a new value map that is based on the Windows service state value map configured on the mentioned templates.
Note that both of the mentioned templates have a discovery rule configured that will discover services automatically. If you do not want this, you can disable the discovery rule on the host level once the template has been linked to the host.
Low-level discovery provides a way to automatically create items, triggers, and graphs for different entities on a computer. Zabbix can automatically start monitoring Windows services on your machine, without the need to know the exact name of a service or create items for each service manually. A filter can be used to generate real items, triggers, and graphs only for services of interest.