How to use filters to implement monitoring in Zabbix

Recently, when I was working on monitoring equipment, there were always alarms about ports being down. After checking the data, I found that the port had been down all along. After it was shut down, the alarm would continue to be sent out after a while. The leader also gave me feedback on why there were so many monitoring items but so much data was missing, and then he gave a lot of explanations. Therefore, I thought of using filters and adding regular expressions to remove these monitoring items that have no practical significance, and recorded them for your reference. The specific operations shall be subject to the actual situation.
Filters, as the name implies, filter out unnecessary monitoring items, such as ports with no data, ports that are always down, virtual ports, etc. Using filters in automatic discovery rules is very helpful for our monitoring needs.

The following uses the port status and virtual port of network devices as an example to briefly talk about how to use filters to help us achieve monitoring effects. It can also be used in other templates with automatic discovery rules. Before filtering, you can first observe the actual data and then use the filter.

1. Filter out virtual ports (Virtual Interface)

As shown in the figure below, ports such as Vlanif (VirtualLocalAreaNetworkIterface) are generally logical ports of the device and do not exist physically. Similar ports include virtual interface, Vinterface, etc., which are all virtual ports. There is no practical significance in monitoring these virtual ports, so they can be filtered appropriately.

Filtering method: Add the regular expression ^Vlanif in the automatic discovery rule, then click Check Now and wait for automatic discovery again to filter such monitoring items.

2. No closed or unknown ports are found

Usually the port status has three value mappings, namely 0 Unknown, 1 On, and 2 Down. Of course, each model of device may be different and needs to be queried based on the actual device OID. We usually create a trigger when the port status is Down, but if the port is always Off and keeps sending alarm messages, this does not meet the actual monitoring needs. Alarms should be sent only when the port status changes from Up to Down. Therefore, it is necessary to filter ports that are in Down state during automatic discovery.

Open the port status monitoring item and copy the oid to the automatic discovery rule

Add a regular expression to the filter to filter out ports with a status of 2 (Down).

Then add it to the automatic discovery rules. After updating, click Check Now. After the rules rediscover the data, the ports with a status of Down will be filtered out.

Of course, this is done by adding and modifying templates one by one. It is not convenient when there are many templates. You can create a global expression in Configuration - General - Regular Expression, and then reference it in the automatic discovery rule.

Example:

Reference method: Click Add expression, enter the macro, and use @Network interfaces for discovery.

Regarding the use of regular expressions, you can refer to some tutorial learning websites, such as Novice Tutorial, W3Cschool, etc.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.