333 lines
11 KiB
YAML
333 lines
11 KiB
YAML
zabbix_export:
|
|
version: '5.2'
|
|
date: '2021-04-13T20:12:16Z'
|
|
groups:
|
|
-
|
|
name: Templates
|
|
-
|
|
name: Templates/Applications
|
|
templates:
|
|
-
|
|
template: 'Template App Nginx by Zabbix agent Enhanced'
|
|
name: 'Template App Nginx by Zabbix agent Enhanced'
|
|
description: |
|
|
This template extends the "Template App Nginx by Zabbix agent" template by adding :
|
|
* Certificate detection and verification
|
|
* Verification of the existence of a DNS entry for each "server_name"
|
|
* Analysis of virtual host logs (5XX responses)
|
|
* Verification of the status code of the roots of each virtual host
|
|
templates:
|
|
-
|
|
name: 'Template App Nginx by Zabbix agent'
|
|
groups:
|
|
-
|
|
name: Templates
|
|
-
|
|
name: Templates/Applications
|
|
applications:
|
|
-
|
|
name: DNS
|
|
-
|
|
name: Logs
|
|
-
|
|
name: TLS
|
|
discovery_rules:
|
|
-
|
|
name: 'Nginx Certificates discovery'
|
|
key: 'nginx_discovery[certificates]'
|
|
delay: 12h
|
|
lifetime: 48h
|
|
item_prototypes:
|
|
-
|
|
name: 'Information about {#DOMAIN} certificate'
|
|
type: EXTERNAL
|
|
key: 'cert-check["{HOST.CONN}",443,"{#DOMAIN}"]'
|
|
delay: 24h
|
|
history: 1d
|
|
trends: '0'
|
|
value_type: TEXT
|
|
applications:
|
|
-
|
|
name: 'Zabbix raw items'
|
|
-
|
|
name: 'Existence of {#DOMAIN} certificate'
|
|
type: DEPENDENT
|
|
key: 'cert-existence[{#DOMAIN}]'
|
|
delay: '0'
|
|
history: 7d
|
|
trends: '0'
|
|
value_type: CHAR
|
|
applications:
|
|
-
|
|
name: TLS
|
|
preprocessing:
|
|
-
|
|
type: JSONPATH
|
|
parameters:
|
|
- $.cert
|
|
-
|
|
type: DISCARD_UNCHANGED_HEARTBEAT
|
|
parameters:
|
|
- 3d
|
|
master_item:
|
|
key: 'cert-check["{HOST.CONN}",443,"{#DOMAIN}"]'
|
|
trigger_prototypes:
|
|
-
|
|
expression: '{str(true)}=0'
|
|
name: 'No valid {#DOMAIN} certificate'
|
|
priority: HIGH
|
|
manual_close: 'YES'
|
|
-
|
|
name: 'Remaining days of {#DOMAIN} certificate'
|
|
type: DEPENDENT
|
|
key: 'cert-remaining-days[{#DOMAIN}]'
|
|
delay: '0'
|
|
value_type: FLOAT
|
|
units: days
|
|
applications:
|
|
-
|
|
name: TLS
|
|
preprocessing:
|
|
-
|
|
type: JSONPATH
|
|
parameters:
|
|
- $.remaining_days
|
|
-
|
|
type: DISCARD_UNCHANGED_HEARTBEAT
|
|
parameters:
|
|
- 3d
|
|
master_item:
|
|
key: 'cert-check["{HOST.CONN}",443,"{#DOMAIN}"]'
|
|
trigger_prototypes:
|
|
-
|
|
expression: '{last()}<15'
|
|
name: 'TLS Certificate of {#DOMAIN} expires in less than 15 days'
|
|
priority: AVERAGE
|
|
manual_close: 'YES'
|
|
dependencies:
|
|
-
|
|
name: 'No valid {#DOMAIN} certificate'
|
|
expression: '{Template App Nginx by Zabbix agent Enhanced:cert-existence[{#DOMAIN}].str(true)}=0'
|
|
-
|
|
name: 'TLS Certificate of {#DOMAIN} have expired'
|
|
expression: '{Template App Nginx by Zabbix agent Enhanced:cert-remaining-days[{#DOMAIN}].last()}<1'
|
|
-
|
|
expression: '{last()}<1'
|
|
name: 'TLS Certificate of {#DOMAIN} have expired'
|
|
priority: HIGH
|
|
manual_close: 'YES'
|
|
-
|
|
name: 'Issuer of {#DOMAIN} certificate'
|
|
type: DEPENDENT
|
|
key: 'cert-remaining-issuer[{#DOMAIN}]'
|
|
delay: '0'
|
|
history: 7d
|
|
trends: '0'
|
|
value_type: TEXT
|
|
applications:
|
|
-
|
|
name: TLS
|
|
preprocessing:
|
|
-
|
|
type: JSONPATH
|
|
parameters:
|
|
- $.issuer
|
|
-
|
|
type: DISCARD_UNCHANGED_HEARTBEAT
|
|
parameters:
|
|
- 3d
|
|
master_item:
|
|
key: 'cert-check["{HOST.CONN}",443,"{#DOMAIN}"]'
|
|
trigger_prototypes:
|
|
-
|
|
expression: '{diff()}=1 and {strlen(#1)}>0'
|
|
name: 'The issuer of {#DOMAIN} certificate has changed'
|
|
priority: INFO
|
|
manual_close: 'YES'
|
|
-
|
|
name: 'Valid Hostname of {#DOMAIN} certificate'
|
|
type: DEPENDENT
|
|
key: 'cert-valid_hostname[{#DOMAIN}]'
|
|
delay: '0'
|
|
history: 7d
|
|
trends: '0'
|
|
value_type: CHAR
|
|
applications:
|
|
-
|
|
name: TLS
|
|
preprocessing:
|
|
-
|
|
type: JSONPATH
|
|
parameters:
|
|
- $.valid_hostname
|
|
-
|
|
type: DISCARD_UNCHANGED_HEARTBEAT
|
|
parameters:
|
|
- 3d
|
|
master_item:
|
|
key: 'cert-check["{HOST.CONN}",443,"{#DOMAIN}"]'
|
|
trigger_prototypes:
|
|
-
|
|
expression: '{str(true)}=0'
|
|
name: 'The hostname of the {#DOMAIN} certificate does not match'
|
|
priority: AVERAGE
|
|
dependencies:
|
|
-
|
|
name: 'No valid {#DOMAIN} certificate'
|
|
expression: '{Template App Nginx by Zabbix agent Enhanced:cert-existence[{#DOMAIN}].str(true)}=0'
|
|
-
|
|
name: 'HTTPS Status code for {#DOMAIN}'
|
|
type: DEPENDENT
|
|
key: 'https.request.code[{#DOMAIN}]'
|
|
delay: '0'
|
|
applications:
|
|
-
|
|
name: Nginx
|
|
preprocessing:
|
|
-
|
|
type: REGEX
|
|
parameters:
|
|
- '^HTTP\/.* (\d\d\d)'
|
|
- \1
|
|
-
|
|
type: DISCARD_UNCHANGED_HEARTBEAT
|
|
parameters:
|
|
- 1d
|
|
master_item:
|
|
key: 'https.request[{#DOMAIN}]'
|
|
trigger_prototypes:
|
|
-
|
|
expression: |
|
|
{last()}<200 or
|
|
{last()}>403
|
|
name: '{#DOMAIN} HTTPS Status code is not normal'
|
|
priority: AVERAGE
|
|
manual_close: 'YES'
|
|
-
|
|
name: 'HTTPS Request to {#DOMAIN}'
|
|
type: HTTP_AGENT
|
|
key: 'https.request[{#DOMAIN}]'
|
|
delay: 1h
|
|
history: 7d
|
|
trends: '0'
|
|
value_type: TEXT
|
|
applications:
|
|
-
|
|
name: 'Zabbix raw items'
|
|
url: 'https://{#DOMAIN}/'
|
|
status_codes: ''
|
|
follow_redirects: 'NO'
|
|
retrieve_mode: HEADERS
|
|
verify_peer: 'YES'
|
|
verify_host: 'YES'
|
|
-
|
|
name: 'Nginx Domains discovery'
|
|
key: 'nginx_discovery[domains]'
|
|
delay: 12h
|
|
lifetime: 48h
|
|
item_prototypes:
|
|
-
|
|
name: 'DNS entry for {#DOMAIN}'
|
|
type: EXTERNAL
|
|
key: 'dns-check[{#DOMAIN}]'
|
|
delay: 1h
|
|
trends: '0'
|
|
value_type: TEXT
|
|
applications:
|
|
-
|
|
name: DNS
|
|
trigger_prototypes:
|
|
-
|
|
expression: '{strlen()}<1'
|
|
name: 'No DNS Entry for {#DOMAIN}'
|
|
priority: AVERAGE
|
|
-
|
|
name: 'HTTP Status code for {#DOMAIN}'
|
|
type: DEPENDENT
|
|
key: 'http.request.code[{#DOMAIN}]'
|
|
delay: '0'
|
|
applications:
|
|
-
|
|
name: Nginx
|
|
preprocessing:
|
|
-
|
|
type: REGEX
|
|
parameters:
|
|
- '^HTTP\/.* (\d\d\d)'
|
|
- \1
|
|
-
|
|
type: DISCARD_UNCHANGED_HEARTBEAT
|
|
parameters:
|
|
- 1d
|
|
master_item:
|
|
key: 'http.request[{#DOMAIN}]'
|
|
trigger_prototypes:
|
|
-
|
|
expression: |
|
|
{last()}<200 or
|
|
{last()}>403
|
|
name: '{#DOMAIN} HTTP Status code is not normal'
|
|
priority: AVERAGE
|
|
manual_close: 'YES'
|
|
dependencies:
|
|
-
|
|
name: 'No DNS Entry for {#DOMAIN}'
|
|
expression: '{Template App Nginx by Zabbix agent Enhanced:dns-check[{#DOMAIN}].strlen()}<1'
|
|
-
|
|
name: 'HTTP Request to {#DOMAIN}'
|
|
type: HTTP_AGENT
|
|
key: 'http.request[{#DOMAIN}]'
|
|
delay: 1h
|
|
trends: '0'
|
|
value_type: TEXT
|
|
applications:
|
|
-
|
|
name: 'Zabbix raw items'
|
|
url: 'http://{#DOMAIN}/'
|
|
status_codes: ''
|
|
follow_redirects: 'NO'
|
|
retrieve_mode: HEADERS
|
|
-
|
|
name: 'Nginx Access Logs discovery'
|
|
key: 'nginx_discovery[logs]'
|
|
delay: 12h
|
|
lifetime: 48h
|
|
item_prototypes:
|
|
-
|
|
name: 'Number of 500 errors for {#DOMAIN}'
|
|
type: CALCULATED
|
|
key: '500errors.count[{#DOMAIN},{#PATH}]'
|
|
params: 'count("log[{#PATH},.*\\" 5\d\d ,,100,skip]",1m)'
|
|
applications:
|
|
-
|
|
name: Logs
|
|
preprocessing:
|
|
-
|
|
type: DISCARD_UNCHANGED_HEARTBEAT
|
|
parameters:
|
|
- 3d
|
|
-
|
|
name: '500 errors for {#DOMAIN}'
|
|
type: ZABBIX_ACTIVE
|
|
key: 'log[{#PATH},.*\" 5\d\d ,,100,skip]'
|
|
trends: '0'
|
|
value_type: LOG
|
|
description: 'PATH: {#PATH}'
|
|
applications:
|
|
-
|
|
name: Logs
|
|
trigger_prototypes:
|
|
-
|
|
expression: '{Template App Nginx by Zabbix agent Enhanced:log[{#PATH},.*\" 5\d\d ,,100,skip].nodata(1m)}=0 and {Template App Nginx by Zabbix agent Enhanced:500errors.count[{#DOMAIN},{#PATH}].last()}>={$500.ERROR.RATES}'
|
|
name: '{#DOMAIN}: Some 500 errors'
|
|
priority: HIGH
|
|
manual_close: 'YES'
|
|
tags:
|
|
-
|
|
tag: Web
|
|
macros:
|
|
-
|
|
macro: '{$500.ERROR.RATES}'
|
|
value: '10'
|
|
description: 'This macro is used as a threshold in 500 errors trigger.'
|