Monitoring with Zabbix Agent

Configure Zabbix Agent 2 for system monitoring, metrics collection, and alerting on Linux workstations authenticated via 802.1X.

Overview

Zabbix Agent 2 provides:

System metrics collection: CPU, memory, disk, network
Service monitoring: Process status, port availability
Log monitoring: Application and system logs
Active checks: Agent pushes data to Zabbix server
Passive checks: Server pulls data from agent

Zabbix Agent 2 is the modern, high-performance replacement for the legacy Zabbix Agent. It includes native support for plugins and better performance for high-frequency checks.

Prerequisites

Linux workstation with network connectivity
Zabbix Server IP address (your monitoring server)
Open ports: TCP 10050 (passive checks), TCP 10051 (active checks to server)

Installation

Ubuntu/Debian

# Add Zabbix repository
wget https://repo.zabbix.com/zabbix/7.0/ubuntu/pool/main/z/zabbix-release/\
zabbix-release_7.0-2+ubuntu$(lsb_release -rs)_all.deb
sudo dpkg -i zabbix-release_7.0-2+ubuntu$(lsb_release -rs)_all.deb
sudo apt update

# Install Zabbix Agent 2
sudo apt install -y zabbix-agent2 zabbix-agent2-plugin-*

# Enable and start
sudo systemctl enable zabbix-agent2
sudo systemctl start zabbix-agent2

RHEL/Rocky/AlmaLinux

# Add Zabbix repository
sudo rpm -Uvh https://repo.zabbix.com/zabbix/7.0/rhel/$(rpm -E %rhel)/x86_64/\
zabbix-release-7.0-2.el$(rpm -E %rhel).noarch.rpm
sudo dnf clean all

# Install Zabbix Agent 2
sudo dnf install -y zabbix-agent2 zabbix-agent2-plugin-*

# Enable and start
sudo systemctl enable zabbix-agent2
sudo systemctl start zabbix-agent2

Configuration

Basic Configuration

Edit /etc/zabbix/zabbix_agent2.conf:

# Zabbix server IP(s) - comma separated for multiple servers
Server=10.50.1.100,10.50.1.101

# Zabbix server for active checks
ServerActive=10.50.1.100:10051

# Unique hostname - MUST match host in Zabbix frontend
Hostname=$(hostname -f)

# Listen port (default 10050)
ListenPort=10050

# Allowed metrics
AllowKey=system.*
AllowKey=vfs.*
AllowKey=net.*
AllowKey=proc.*

# Log settings
LogFile=/var/log/zabbix/zabbix_agent2.log
LogFileSize=10

# Timeout for checks
Timeout=30

# Plugins
Plugins.SystemRun.LogRemoteCommands=1

Hostname MUST match exactly what’s configured in Zabbix frontend:

# Get FQDN for Zabbix hostname
hostname -f
# Example: research-wks01.inside.domusdigitalis.dev

# Set in config
Hostname=research-wks01.inside.domusdigitalis.dev

Mismatch will cause "host not found" errors in Zabbix server logs.

Home Enterprise Configuration

For home lab with inside.domusdigitalis.dev domain:

# Create clean config (backup original first)
sudo cp /etc/zabbix/zabbix_agent2.conf \
  /etc/zabbix/zabbix_agent2.conf.orig

sudo tee /etc/zabbix/zabbix_agent2.conf > /dev/null << EOF
# === Zabbix Server Connection ===
Server=10.50.1.100
ServerActive=10.50.1.100:10051

# === Host Identity ===
Hostname=$(hostname -f)
HostMetadata=linux-workstation 802.1x-authenticated

# === Allowed Metrics ===
AllowKey=system.*
AllowKey=vfs.*
AllowKey=net.*
AllowKey=proc.*
AllowKey=kernel.*

# === Logging ===
LogFile=/var/log/zabbix/zabbix_agent2.log
LogFileSize=10
DebugLevel=3

# === Performance ===
Timeout=30
Include=/etc/zabbix/zabbix_agent2.d/*.conf

# === Plugins ===
Plugins.SystemRun.LogRemoteCommands=1
EOF

# Restart agent
sudo systemctl restart zabbix-agent2

Firewall Configuration

If UFW is enabled:

# Allow Zabbix server to connect to agent
sudo ufw allow from 10.50.1.0/24 to any port 10050 proto tcp comment "Zabbix passive checks"

# Verify
sudo ufw status numbered

If using firewalld:

# Allow Zabbix server
sudo firewall-cmd --permanent --add-rich-rule='
  rule family="ipv4"
  source address="10.50.1.0/24"
  port protocol="tcp" port="10050" accept'
sudo firewall-cmd --reload

Verification

Agent Status

# Check service status
systemctl status zabbix-agent2 --no-pager

# Should show:
# ● zabbix-agent2.service - Zabbix Agent 2
#      Loaded: loaded
#      Active: active (running)

Configuration Test

# Test configuration file
sudo zabbix_agent2 -t agent.ping
# Expected: agent.ping [u|1]

sudo zabbix_agent2 -t system.hostname
# Expected: system.hostname [s|your-hostname.domain]

sudo zabbix_agent2 -t system.uname
# Expected: system.uname [s|Linux your-hostname 6.x.x...]

Log Monitoring

# Watch logs in real-time
sudo tail -f /var/log/zabbix/zabbix_agent2.log

# Check for errors
sudo grep -i error /var/log/zabbix/zabbix_agent2.log

# Verify server connection
sudo grep -i "active checks" /var/log/zabbix/zabbix_agent2.log
# Expected: active checks are enabled

Network Connectivity

# Test connectivity TO Zabbix server (agent → server for active checks)
nc -zv 10.50.1.100 10051
# Expected: Connection succeeded

# Test connectivity FROM Zabbix server (server → agent for passive checks)
# Run on Zabbix server:
zabbix_get -s <workstation-ip> -k agent.ping
# Expected: 1

Integration with 802.1X Environment

dACL Considerations

Ensure ISE dACL permits Zabbix traffic:

! In your authorization profile dACL, add:
permit tcp any host {dns-primary}00 eq 10051  # Active checks to server
permit tcp host {dns-primary}00 any eq 10050  # Passive checks from server

Monitoring 802.1X Session Status

Create custom user parameters in /etc/zabbix/zabbix_agent2.d/dot1x.conf:

# Check if 802.1X is authenticated
UserParameter=dot1x.authenticated,nmcli device status | grep -E 'ethernet.*connected' | wc -l

# Get current SSID/connection name
UserParameter=dot1x.connection,nmcli -g NAME connection show --active | head -1

# Check NetworkManager service
UserParameter=dot1x.nm.status,systemctl is-active NetworkManager

Restart agent:

sudo systemctl restart zabbix-agent2

Test custom parameters:

sudo zabbix_agent2 -t dot1x.authenticated
# Expected: dot1x.authenticated [u|1]

sudo zabbix_agent2 -t dot1x.connection
# Expected: dot1x.connection [s|Wired-802.1X]

Troubleshooting

Agent Not Starting

# Check syntax errors
sudo zabbix_agent2 -T

# Check configuration
sudo zabbix_agent2 -p
# Prints parsed config

# Check permissions
ls -la /var/log/zabbix/
# Should be owned by zabbix:zabbix

sudo chown -R zabbix:zabbix /var/log/zabbix/

Connection Refused

# Verify agent listening
sudo ss -tulnp | grep 10050
# Expected: tcp LISTEN 0.0.0.0:10050 users:(("zabbix_agent2"))

# Check firewall
sudo iptables -L INPUT -n -v | grep 10050

# Test from server
# On Zabbix server:
telnet <workstation-ip> 10050

"Host Not Found" in Zabbix Server

# Verify hostname matches frontend
hostname -f
# Compare with Zabbix frontend → Configuration → Hosts → Hostname

# If mismatch, update config
sudo sed -i 's/^Hostname=.*/Hostname=$(hostname -f)/' \
  /etc/zabbix/zabbix_agent2.conf
sudo systemctl restart zabbix-agent2

Active Checks Not Working

# Verify ServerActive is set
grep ServerActive /etc/zabbix/zabbix_agent2.conf
# Should show: ServerActive=10.50.1.100:10051

# Test connectivity to server active checks port
nc -zv 10.50.1.100 10051

# Check agent logs for refresh failures
sudo grep "refresh" /var/log/zabbix/zabbix_agent2.log

Monitoring Templates

Recommended Zabbix Templates

In Zabbix frontend, assign these templates to Linux workstation hosts:

Linux by Zabbix agent active - Core OS metrics
Network interfaces by Zabbix agent - NIC statistics
Filesystems by Zabbix agent - Disk usage
Processes by Zabbix agent - Process monitoring

Custom Template for 802.1X Workstations

Create custom items in Zabbix:

Item Name	Key	Description
802.1X Authentication Status	dot1x.authenticated	1 = authenticated, 0 = not authenticated
802.1X Connection Name	dot1x.connection	Active connection profile name
NetworkManager Status	dot1x.nm.status	NetworkManager service status

Item Name

Key

Description

802.1X Authentication Status

dot1x.authenticated

1 = authenticated, 0 = not authenticated

802.1X Connection Name

dot1x.connection

Active connection profile name

NetworkManager Status

dot1x.nm.status

NetworkManager service status

Create triggers:

802.1X authentication lost - Trigger if dot1x.authenticated = 0 for 5 minutes
NetworkManager down - Trigger if dot1x.nm.status != "active"

Best Practices

Security

Restrict Server parameter: Only allow known Zabbix server IPs
Use encryption: Configure TLS for agent-server communication
Limit AllowKey: Only permit necessary metrics
Disable remote commands: Set EnableRemoteCommands=0 unless needed

Performance

Tune Timeout: Adjust based on network latency (default 30s)
Monitor log size: Set LogFileSize appropriately
Use active checks: More efficient than passive checks for many items

Maintenance

Regular updates: Keep agent in sync with server version
Log rotation: Ensure logs don’t fill disk
Monitor agent health: Create self-monitoring items in Zabbix

Quick Reference

Common Commands

# Service management
sudo systemctl status zabbix-agent2
sudo systemctl restart zabbix-agent2
sudo systemctl enable zabbix-agent2

# Configuration test
sudo zabbix_agent2 -T
sudo zabbix_agent2 -t <item-key>

# Logs
sudo tail -f /var/log/zabbix/zabbix_agent2.log
sudo journalctl -u zabbix-agent2 -f

# Network check
sudo ss -tulnp | grep 10050
nc -zv <zabbix-server> 10051

Table 1. Key Files
File	Purpose
/etc/zabbix/zabbix_agent2.conf	Main configuration
/etc/zabbix/zabbix_agent2.d/	Custom configuration includes
/var/log/zabbix/zabbix_agent2.log	Agent log file
/usr/sbin/zabbix_agent2	Agent binary