Functionality

Zabbix takes a metrics-based approach. Data is initially collected either by the Zabbix server or by a Zabbix proxy and stored centrally in the server database for analysis.

The metrics – "items" in Zabbix-speak – are initially stateless and represent the raw data for visualizations and problem detection. Logical expressions, known as trigger expressions, are used to identify problems. The server evaluates them for each new record that reaches Zabbix.

A variety of item types are available in Zabbix that implement different data collection methods. The Zabbix agent is certainly the most effective and simplest option for classic operating system and application monitoring.

Agents

The Zabbix agent is available directly from the Zabbix website and package repositories for all major operating systems and architectures.

Zabbix 5.0 also added a more modern agent 2, which is only supported for Linux and Windows. It is functionally compatible with the traditional Zabbix agent written in C but has been implemented in Go to provide advanced features, such as native monitoring of MySQL, PostgreSQL, and Oracle databases; monitoring of TLS certificates; a subscription to MQTT (a machine to machine network protocol) topics; and much more. Especially exciting is that it can be extended with Go modules, which offer features such as persistent connections, your own program code running permanently with the agent, or the ability to implement complex business logic directly in the agent.

Both Zabbix agents can transmit data actively and passively to the Zabbix server or a Zabbix proxy, which enables flexible deployment scenarios adapted to the network situation and performance requirements. Additionally, agent 2 buffers the acquired metrics data in a local SQLite database on demand in case the proxy or server becomes unreachable. This feature is particularly useful for IoT applications. The native feature set of Zabbix agents [5] includes monitoring CPUs, memory, and disks, as well as advanced features such as Windows management instrumentation (WMI) queries, inventory queries, file and directory functions, and more.

Other Data Sources

In addition to the many ways to collect data about agents, simple communications connections (e.g., ICMP and TCP/UDP) are checked, and metrics such as response times are collected. Simple Network Management Protocol (SNMP) items let you query values by SNMP and field SNMP traps. These items support all SNMP protocols, security levels, encryption, and password hashing.

Also, you can execute SSH/Telnet commands and store their results, run queries by any Microsoft Open Database Connectivity (ODBC) database, read data from Java-based applications with the Java management extension (JMX), and collect sensor data from server hardware over the Intelligent Platform Management Interface (IPMI). Internal items reflect metrics that map the state and performance of the Zabbix monitoring engine itself and are used for self-monitoring of both the Zabbix server and the Zabbix proxies.

In recent years, Zabbix has invested a great deal of development in advanced data acquisition designed to do justice to the self-advertised all-in-one approach of the monitoring solution and to implement special monitoring requirements without the use of external scripts, as far as possible. In the meantime, you have extended item types, such as the HTTP item, which queries data from status web pages or the API endpoints of applications, or the script item, which enables virtually arbitrary function definitions with an integrated JavaScript interpreter.

For use cases that go beyond the supplied item types, the functionality of Zabbix itself, and the Zabbix agents, can be extended in many ways. The options range from including simple scripts, through extensions of the C-based monitoring core of the Zabbix server and proxies, to the previously mentioned Go plugins in agent 2.

Calculated items are used for aggregations and derivations from measured values. They have also seen a comprehensive feature update in version 6.0. For example, it is now possible to use tag markers and aggregation functions to perform dynamic computation on arbitrary, flexible numbers of items and save the results as another item. In this way, you can discover, say, how many systems in a certain category have a CPU load that exceeds a predefined threshold over a period of time. In the same way, you can count the total number of active users across all nodes in an application cluster.

Another recent important building block that has significantly revolutionized gathering data in Zabbix is the combination of dependent items and preprocessing. A variety of functions are available to preprocess monitoring data, ranging from simple text replacements with search and replace or with regular expressions, to advanced data extraction with JSONPath and XML Path and validation with flexible problem handling, to custom preprocessing with JavaScript.

For example, values can be extracted from JSON fragments or HTTP queries and processed as metrics for monitoring. The process of extracting multiple values from a single dataset with an HTTP item and distributing them across multiple dependent items now runs smoothly and does not rely on the use of external scripts.