Installing complementary monitoring with or on the IPFire server

ok, I got Zabbix on my spare supermicro server…Installed it as OS from ISO. Based upon Almalinux it seems, but uses RHEL syntax so I may be not completely lost in that having used Fedora a bit.
… hours upon hours of conf remains…

it is VERY underwhelming setting up a new system from scratch that requires tons of config and discovery. Well see how smart it is and what it discovers by itself after scanning my network ranges…

need to look up what stuff in IPFire FW may need addressing for it to run all over
the place and access everything

Thanks Adolf…

@robinr1 has created a zabbix template for IPFire which is mentioned in the wiki and info available from the github source
https://github.com/RobinR1/zbx-template-ipfire

Just had a power outage for about 45 minutes. It broke the Zabbix.

I will see if I can repair, but I honestly think it is the first time ever I have experienced an application to actually break due to the computer I is hosted on having a power outage.

Maybe a clean reboot will be enough.

(I realize this is not a Zabbix support thread… )

Na. Dead.

Hi! … I’m already a bit late to the party, it seems @bonnietwin is completely correct in his answers.
Zabbix has a set of default templates for different OS’es and applications, so it should be able to monitor already quite a few things in your network straight out of the box. And it has built in alerting to a bunch of services including mail, slack, telegram etc… making it quite easy to set that up. So it should be able to fit all your monitoring needs.

At first the learning curve may look steep and the configuration options are many and can be overwhelming. I suggest you start by checking out the Quickstart chapter in the documentation and/or this Zabbix Concepts youtube video. Make sure you clearly understand those concepts, but you should not yet bother too much about the server configuration file and all settings in it. The defaults should get you started just fine, and you can start fiddling with those once you are more familiar with how Zabbix works.
Make sure to check out the Zabbix blog and Zabbix YouTube channel as well as the YouTube channel of Dmitry Lambert, a Zabbix employee, for tons of useful guides, tutorials, explanations, etc…

As for deployment, on IPFire itself is, as @bonnietwin correctly pointed out, is not recommended, if even possible at all since it would require manually building all required dependencies for IPFire.
From what you wrote earlier, I understand you have installed the Zabbix appliance ISO. This is probably great for evaluating and exploring Zabbix a bit… but it is absolutely not recommended for production use.
See the requirements in the Zabbix documentation to get an idea of the minimal hw requirements.
I myself run Zabbix at home in a kvm virtual machine with 2vcpu’s and 4Gb ram assigned, running openSUSE Leap 15.5 with Apache, php, MariaDB and Zabbix, all in the same VM. Currently it processes an average of 33 incoming values per second monitoring 15 hosts (including IPFire) without breaking any sweat.
Anyway, I would recommend to install Zabbix server on a supported OS you are familiar with. Also check out this step-by-step deployment quide video.

About the breaking of your Zabbix instance… I don’t know what to say… I have been using Zabbix since 2009, set it up and maintained it in a handful of companies, and I’m still maintaining quite a big instance at my current company as well as experimenting with it at home. With several sudden and unexpected downtimes over the years due to power, failing network, storage/SAN etc… I may have been lucky, but I have never seen Zabbix break, unable to be recovered. Certainly not due to a power failure. The underlying databases I’ve used (MySQL, MariaDB, PostgreSQL/TimescaleDB) where always able to recover themselves without much manual intervention.
I do actually have never used the appliance ISO… maybe that’s one of the reasons why it is not recommended to use for production…

Welcome and don’t worry, as it is right now I am testing stuff and Zabbix is of course a prime candidate. There will be hiccups.

Tried the Hyper-V images but my Server 2022 did not like those at all, so I went for the ISO-on-hw to just get something started.

I will probably keep using the hardware server approach, since I have it available, but set up some Linux and following the basics of your recipe. Or maybe install the ISO in a Hyper-V could work too. It is less fiddly with databases and such doing it that way… I should go for more virtual, but as it is I can just do backups of the machines, not mirroring or clustering.

But I diverge… need to read more.

I’m sure you can a Zabbix Docker.

Yes indeed I can, but my docker is virtualized in Hyper-V so it would not be standalone - not that it needs to be. I even got Portainer running on it, I thought it would make things easier, but even if some things are easier, others are not.

Zabbix is working.

I spent about 10 hours on and off with several unexpected hurdles getting this up and running as a container in my Portainer environment. No conf done yet.

Hi all,
may a little OT even it is not available via Pakfire but i tried to get an Wazuh agent ready for IPFire whereby the Manager works on a CentOS VM even on a headless platform it was a fast setup.

The results are nice even with default settings and a platform (IPFire) which is not known in Wazuh.

Screenshot 2023-12-11 at 14-38-41 Wazuh - Wazuh1990×1434 244 KB

Screenshot 2023-12-11 at 14-41-07 Wazuh - Wazuh1990×1233 203 KB

Screenshot 2023-12-11 at 14-39-27 Wazuh - Wazuh1920×2570 239 KB

Best,

Erik

Also tried Wazuh. Still not doable on the IPFire machine, but I will not rant on that.
Wazuh has a greater focus on malware and vulnerabilities, hence you are recommended to install agents on monitored devices. I donät know how much actual “network monitoring” you get out of it.

Have spend a little time to get this LFS to work… my point of interest would be how you managed to get an Wazuh agent workable on IPFire machines (IPFire server or IPFire FW only)?
Network Monitoring: A lot for my opinion, even it is highly configurable but if you are interested, would you mind to open up a new topic ?

Best,

Erik

Didn’t. Not even tried. IPFire as such should be among the absolute safest machines I have, so not really a prority.

Sure, but this started with Zabbix and similars. You want one with Wazuh? In my opinion they have different focus.

Best,

Erik

yeah, well we have a wazuh thread, no need to post same thing twice…

You are very right about that. So the approach of just jumping in and hope that the interface is pedagogical enough to lead you to the right settings and a working config is not recommended…?

Discovery is not working, but I will have to watch and read. At the same time I have a PRTG running and it’s Discovery seems to work out of the box. So does Lansweepers. (Yes, I currently have 4 monitor systems running, Observium, Lansweeper, PRTG and Zabbix. Please don’t hurt me. )

The interface is very functional, but I wouldn’t call it very user friendly. But it gets a little better every release

Zabbix does nothing automatically “out-of-the-box” (which I liked very much about it after experimenting with several systems back in 2008; systems that claimed to do such things automatically proofed difficult to configure for exceptions and such.)

But Zabbix has 2 kinds of totally different and unrelated discovery mechanisms: So called Low Level Discovery (LLD) and Network Discovery or the slightly misleading name “Auto Discovery”.

Low Level Discovery is a method mainly for discovering a set of metrics on a specific host. For example LLD of all filesystems on a hosts: it will discover the filesystems and create a set of monitoring-items (total space, used space, free inodes, etc…) for each filesystem on that host. This type of discovery is configured on host level or in a host template (with a set of default templates containing LLD rules, included out-of-the-box for different OSes and applications).
LLD can also be used to discover new hosts; for example a LLD rule for a VMware vCenter host can discover all VM’s managed by that vCenter instance and create a host for each one and assign templates for monitoring those individual VM’s.

My IPFire template for example uses LLD to discover installed service addons on IPFire and for discovery of configured OpenVPN clients which will be created as new hosts in Zabbix (containing openvpn statistics for that client).

Network discovery is another mechanism that you can configure by defining a network range to scan and one or more checks to perform on found hosts (this can be checking for specific tcp ports to be open, or specific services listening on specific ports (ssh, http, smtp… ) etc… or trying to communicate with a Zabbix or SNMP agent already installed on the host.
Next to such a network discovery rule, you will need to add an action that will actually do something with the discovery result; like adding or removing the found host or adding/removing (a) template(s) to a host based on defined criteria (this port has to be open, that port should talk HTTP, installed Zabbix Agent’s reply for item system.uname should contain string “Linux”, …) .
Be ware: Actions are nothing specific to Discovery. Actions is a separate sort-of module in Zabbix that can do things as a reaction on things that happen in Zabbix, like a trigger (alarm) that goes off, or a host that is discovered, or a host is auto-registered (this is yet another mechanism of auto-discovery: auto-register a host when an Agent seeks contact with the Zabbix server by itself for the first time), etc…
Both discovery roles and actions can be enabled and disabled. So with a discovery rule enabled, but no actions enabled or vice versa, there will be nothing effectively happening.

But out-of-the-box there is only a simple example network discovery rule defined that can discover linux hosts based on installed agents when enabled. The example action that is defined for that example discovery rule, has actually no operations configured, so it does nothing, even when enabled. You will have to add at least a “Add host” operation to the predefined action for it to actually do something like register a found hosts.
Any “smart” discovery will need to be set up by yourself as you know your environment best.

I, myself, never actually used network discovery.
In small environments (like at home) I just manually create the required hosts and assign the required templates to them. In larger environments where there usually is also a CMDB containing all hosts, I use tools like Ansible to install/configure agents on the hosts and then register the hosts/assign templates, through the Zabbix API.

As creation of a host is as simple as just giving it a name, ip or hostname and assign a few templates to it depending on what you want to monitor on said host,
I don’t see the use in the hassle to define and maintain network discovery rules in controlled / self-managed environments. On the other hand, more dynamic environments where you don’t have control over which hosts are added to/removed from it, can greatly benefit from Network Discovery.

Well I do have these on Wifi

and these on Lan

image548×523 103 KB

So its borderline adding them manually or via Discovery.

Lansweeper has some werd hickups with snmp groups as well.

Maybe I should stick with it, they are improving a lot of network features …

Just a little hint, if you’re interested:
LibreNMS is a community-based fork of the last GPL-licensed version of Observium.

Regards

has phoneapps, that’s a plus… it would indicate it can actually discover smartphones and tablets as such