Zabbix + ELK In A Box

Knowledge Base & Community Wiki

Zabbix + ELK In A Box

in

What Is Zabbix + ELK In A Box – A while ago we started asking ourselves the question, “What could we do to make it easier for our users to collect application performance metrics, infrastructure performance metrics and easily export them for purposes of visualization, modelling and forecasting”. What we came up with was a Virtual Machine based solution that would allow our users to easily perform the following tasks –

  • Monitor infrastructure performance
  • Monitor application performance
  • Collect machine data and logs
  • Collect application logs
  • Provide visualization capability
  • Allow for exporting of the relevant performance metrics for use in VisualizeIT

We toyed with many options and approaches and the approach we finally settled down with included –

  • Ubuntu Linux Virtual Machine (Ubuntu 14.04)
  • Zabbix 3.0 for purposes of infrastructure and application monitoring
  • ELK (Elasticsearch, Logstash, Kibana) for purposes of collecting machine data and log files

Zabbix + ELK in a box in essential is a collection of software that will allow you to monitor your applications, infrastructure and collect performance metrics that can be exported for further visualization, modelling and forecasting. You can access Zabbix + ELK In A Box at Sourceforget.net.

Please note that we are not resourced to provide any technical support, answer any technical queries, nor take any responsibility for what you might do with Zabbix + ELK In A Box. Please use the software provided in your environment at your own risk.

What are the components that make up Zabbix + ELK In A Box – Zabbix + ELK In A Box are essentially made up of the three components we’ve listed above.

  • Ubuntu Linux Virtual Machine (Ubuntu 14.04)
  • Zabbix 3.0 for purposes of infrastructure and application monitoring
  • ELK (Elasticsearch, Logstash, Kibana) for purposes of collecting machine data and log files
    • Filebeat – For collecting and parsing of machine data and log files locally
    • Topbeat – For collecting and parsing of infrastructure performance metrics locally

Ubuntu is a Debian-based Linux operating system and distribution for personal computers, smartphones and network servers. Ubuntu Linux as you would know is one of the most popular Linux distributions around with a large community following (very important for any opensource project you consider implementing). We love Ubuntu Linux for many reasons, one because its Opensource, second because it’s Linux, third because it’s based on Debiubuntu-logo112an and uses Debian’s awesome package management system i.e. apt-get. Talk to any Debian user and you’ll appreciate the beauty of apt-get and why the Opensource community is just so much in love with it.

Ubuntu is based on free software and named after the Southern African philosophy of ubuntu (literally, “human-ness”), which often is translated as “humanity towards others” or “the belief in a universal bond of sharing that connects all humanity”.  Development of Ubuntu is led by UK-based Canonical Ltd., a company owned by South African entrepreneur Mark Shuttleworth. Canonical generates revenue through the sale of technical support and other services related to Ubuntu. The Ubuntu project is publicly committed to the principles of open-source software development; people are encouraged to use free software, study how it works, improve upon it, and distribute it.

You can read more about Ubuntu at www.ubuntu.com.

Elasticsearch, Logstash, Kibana or ELK on the other hand is intended for purposes of collecting machine data, log aggregation, visualization and analytics solution based on a completely Open Source stack. ELK is  ELK consists of consists of three different Open Source components –elk-logos

  • Elasticsearch
  • Logstash
  • Kibana.

The three components that make up the ELK stack offer the following functionality –

  • Elasticsearch: A powerful open source search and analytics engine that makes data easy to explore. It is a search server based on Apache Lucene.
  • Logstash: A log management tool used for centralised logging, log enrichment and parsing.
  • Kibana: A browser-based HTML5 dashboard used to visualize Elasticsearch data.

The open-source ELK stack provides the ability to perform operational and data analytics including comprehensive text based search functionality on almost any type of structured or unstructured data source.

elk-flowAlthough they’ve all been built to work exceptionally well together, each one is a separate project that is driven by the open-source vendor Elastic—which itself began as an enterprise search platform vendor. Elasticsearch has now become a full-service analytics software company, mainly because of the success of the ELK stack and its acceptance globally as an Open Source analytics and visualization solution. Wide adoption of Elasticsearch for analytics has been the main driver of its popularity. ELK is very similar to Splunk or Sumologic in terms of basic functionality but is run as an Open Source platform.

To learn more about ELK (Elasticsearch, Logstash, Kibana) please visit – Elastic.

Zabbix is enterprise open source monitoring software for networks and applications, created by Alexei Vladishev. It is designed to monitor and track the status of various network services, servers, and other network hardware. Zabbix uses MySQL, PostgreSQL, SQLite, Oracle or IBM DB2 to store data. Its backenzabbixd is written in C and the web frontend is written in PHP.

Simple checks can verify the availability and responsiveness of standard services such as SMTP or HTTP without installing any software on the monitored host. A Zabbix agent can also be installed on UNIX and Windows hosts to monitor statistics such as CPU load, network utilization, disk space, etc. As an alternative to installing an agent on hosts, Zabbix includes support for monitoring via SNMP, TCP and ICMP checks, as well as over IPMI, JMX, SSH, Telnet and using custom parameters. Zabbix supports a variety of real-time notification mechanisms, including XMPP.

Zabbix offers several enterprise class features you would expect from a monitoring solution:

  • High performance, high capacity (able to monitor hundreds of thousands of devices)
  • Auto-discovery of servers and network devices. Low-level discovery
  • Distributed monitoring with centralized web administration
  • Support for both polling and trapping mechanisms
  • Native high performance agents (client software for Linux, Solaris, HP-UX, AIX, FreeBSD, OpenBSD, OS X, Tru64/OSF1, Windows 2000, Windows Server 2003, Windows XP, Windows Vista, Windows Server 2008, Windows 7)
  • Agent-less monitoring
  • JMX monitoring
  • Web monitoring
  • Secure user authentication
  • Flexible user permissions
  • Web-based interface
  • SLA, and ITIL KPI metrics on reporting
  • Flexible e-mail notification on predefined events
  • High-level (business) view of monitored resources through user-defined visual console screens and dashboards
  • Audit log

Released under the terms of GNU General Public License version 2, Zabbix is free software.

You can learn more about Zabbix at www.zabbix.com.

What do you need to set up Zabbix + ELK In A Box – You need the following in your environment to be able to use Zabbix + ELK In A Box.

  • Virtual Machine Manager e.g. Virtualbox (https://www.virtualbox.org/)
  • Static IP Address
  • 30 GB storage space to host the Virtualmachine
  • 2VCPU’s to be allocated to Zabbix + ELK In A Box
  • 4 GB of Memory to be allocated to Zabbix + ELK In A Box

The minimum recommended configuration would be 2 vCPU’s, 2GB Memory while the recommended configuration for Zabbix + ELK In A Box is 2 vCPU’s, 4 GB Memory.

The Zabbix 3.0 frontend service designed in PHP and hosted on Apache 2.x combined with the Zabbix Server doesn’t really consume a lot of resources. It’s the ELK (Elasticsearch, Logstash, Kibana) stack that runs on Java 7 which will consume bulk of the resources. We would highly recommend that you consider the following –

  • Use Zabbix + ELK In A Box for small environments i.e. 15-20 machines
  • Provision Zabbix + ELK In A Box on dedicated high performance storage e.g. FLASH Storage Disks
  • If you have larger monitoring requirements consider disabling the ELK (Elasticsearch, Kibana, Logstash) service and only running Zabbix on the virtual machine
  • If you have larger requirements for visualization, machine data collection and log file analysis we would highly recommend turning of Zabbix on the virtual machine and only running the ELK stack

We haven’t performed any major capacity planning exercises or performance validation exercises to validate the limits of what Zabbix + ELK In A Box can do at the recommended configuration i.e. 2 vCPU’s, 4 GB RAM. However, we would highly recommend that you use limit use of Zabbix + ELK In A Box to a small setup i.e. ~15-20 machines. For larger environments we would highly recommend designing and building your own scalable monitoring and log file analysis solution from scratch to meet your requirements.

Setting up Zabbix + ELK In A Box – We have performed a lot of initial configuration for you and while this is intended to get you up and running with minimal effort it also means you have to re-configure some of these settings so that you can get Zabbix + ELK In A Box up and running in your own environments.

Step 1 : Booting up Zabbix + ELK In A Box – To get a hang of what Zabbix + ELK In A Box looks like we would recommend that you now import the appliance (OVA Download file provided at Sourceforge.net) into Virtualbox or a similar virtual machine manager and then startup the virtual machine. As mentioned earlier, the minimum recommended configuration would be 2 vCPU’s, 2GB Memory while the recommended configuration for Zabbix + ELK In A Box is 2 vCPU’s, 4 GB Memory.

Once the machine has booted up you should be able to login to Zabbix + ELK In A Box using the following credentials –

  • Username – visualizeit
  • Password – p@ssw0rd123

User “visualizeit” also has “sudo” access which allows you to perform various administration tasks on your Zabbix + ELK In A Box installation. You should be able to run the following command to see all the relevant processes running on your virtual machine.

bash# ps eaxf

The MAC address for eth0 on the virtual machine we setup was “08:00:27:6d:d7:70”. This MAC address is provided by the virtual machine host and it is highly likely that your virtual machine host could change this MAC address. Please run the follow command to see the MAC address your virtual machine has assigned your ethernet interface. You will need to note down the MAC address so that you are able to assign your Zabbix + ELK In A Box a static IP address.

visualizeit@VisualizeITLogMonitVM:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:6d:d7:70
inet addr:192.168.1.12  Bcast:192.168.1.255  Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe6d:d770/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:6546 errors:0 dropped:0 overruns:0 frame:0
TX packets:6542 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:491175 (491.1 KB)  TX bytes:4251990 (4.2 MB)

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:65536  Metric:1
RX packets:89353 errors:0 dropped:0 overruns:0 frame:0
TX packets:89353 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16849112 (16.8 MB)  TX bytes:16849112 (16.8 MB)

We have highlighted the hardware MAC address in the above “ifconfig” command output using bold characters. Depending on your virtual machine setup, you might end up with the same or a different MAC address. Whatever the situation might be please write down the MAC address before you continue to the next step.

Please also note that assigning your virtual machine resources any lower than the recommended configuration is going to cause you a lot of grief and most probably will lead to complete frustration. We would highly encourage you to confirm the resource allocation to your Zabbix + ELK In A Box setup before you proceed to the next step.

Step 2 : Configuring your IP Address – Zabbix + ELK In A Box was initially configured with the following IP address i.e. 192.168.1.12. You will see remnants of this a few locations and we’ll help you sort that out in the coming sections. In this step we will deal with assigning your virtual machine a static IP address. Zabbix + ELK In A Box will need a static IP address to work and WILL NOT work without a static IP address. So if you can’t sort out a static IP address for your Zabbix + ELK In A Box setup, go no further. Sorting out a static IP address generally involves the following.

  • Obtaining the MAC address for your ethernet interface from your virtual machine
  • Logging onto your Active Directory solution if you are using Active Directory to provide DHCP services or
  • Logging onto your wireless or wired router if you are using it to provide DHCP services to your network
  • Adding the MAC address for your ELK In A Box to the list of interfaces allowed to obtain a DHCP lease (some networks clamp down on devices and only allow devices that are registered with the central device to obtain a DHCP lease)
  • Configuring your Active Directory DNS Service, Wireless Router or Wired Router to provide Zabbix + ELK In a Box a static IP address.

Once you have performed the above configuration, re-start your virtual machine using the following command.

bash# sudo reboot

Once the virtual machine has rebooted you should confirm that the IP address you’ve assigned via Active Directory DHCP or your wired/wireless router setting has worked. To do this you would need to run the “ifconfig” command again.

visualizeit@VisualizeITLogMonitVM:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:6d:d7:70
inet addr:192.168.1.12  Bcast:192.168.1.255  Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe6d:d770/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:6546 errors:0 dropped:0 overruns:0 frame:0
TX packets:6542 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:491175 (491.1 KB)  TX bytes:4251990 (4.2 MB)

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:65536  Metric:1
RX packets:89353 errors:0 dropped:0 overruns:0 frame:0
TX packets:89353 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16849112 (16.8 MB)  TX bytes:16849112 (16.8 MB)

In the above example we have highlighted the IP address on our virtual machine. This will be different in your case.

Before we move on to the next step let’s quickly take a look at what your hosts file looks like. Your hosts file is like your local DNS and since we expect most of you not to have a DNS setup you would need to go in and create static entries in your /etc/hosts file.

visualizeit@VisualizeITLogMonitVM:~$ cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       VisualizeITLogMonitVM

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Unless you are doing something really funky we would expect that most of you would not need to touch the hosts file. If you do need to create static entries pointing to different parts of your network infrastructure please feel free to edit the hosts file and create additional entries.

Step 3 : Confirming the essential services are up and running – If you have followed the steps mentioned above and have achieved the expected outcomes you should now have a virtual machine with all the necessary services up and running. To make life easier for you we have installed an application called “Monit” (www.monit.org) which monitors all the important services on Zabbix + ELK In A Box. You should now be able to access the Monit web interface via your web browser. In our environment we access Monit via http://192.168.1.12:1423 with the following user credentials –

  • Monit user – admin
  • Monit password – passw0rd123 (note there is not @ in the password)

The Monit web page will provide a view of all the services it is monitoring along with the load on the system and space on the disk. If any of the services have not started or have failed on start, Monit tries to re-start them for you. Monit is configured to try to auto-restart the failed services a few times before giving up. You will see the status of the running/failed services on the Monit web page. The list of services Monit is configured to monitor is as follows –

  • Apache
  • SSH
  • Cron
  • Logstash
  • Elasticsearch
  • Kibana
  • Zabbix Agent
  • Zabbix Server
  • Filebeat

monit_web_ui

If you have failed services, try stopping/starting (avoid a direct re-start) using the Monit web user interface. If inspite of repeated attempts to start the service you end up with failures it might warrant deeper inspection. To confirm that you have all the required services run the “netstat -ln” command and compare the output to what we have shown below.

visualizeit@VisualizeITLogMonitVM:~$ netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:1423            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:10051           0.0.0.0:*               LISTEN
tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN
tcp6       0      0 ::1:9200                :::*                    LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::5044                 :::*                    LISTEN
tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN
tcp6       0      0 ::1:9300                :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::10050                :::*                    LISTEN
tcp6       0      0 :::10051                :::*                    LISTEN
udp        0      0 0.0.0.0:36537           0.0.0.0:*
udp        0      0 0.0.0.0:12173           0.0.0.0:*
udp        0      0 0.0.0.0:68              0.0.0.0:*
udp        0      0 127.0.0.1:161           0.0.0.0:*
udp6       0      0 :::26896                :::*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     8991     /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     SEQPACKET  LISTENING     9284     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     9855     /var/agentx/master
unix  2      [ ACC ]     STREAM     LISTENING     8135     @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     9703     /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     9994     /var/run/mysqld/mysqld.sock
visualizeit@VisualizeITLogMonitVM:~$

The ports we have highlighted in bold are the ones you need to ensure are working. Do not worry about the ports listening on tcp or tcp6, what’s important is that all the relevant ports are open and listening for incoming connections.

Step 4 : Re-generating Logstash Certificates – Before we go any further we wanted to let you know that we’ve based a lot of the setup for Zabbix + ELK In A Box from the installation guide written by the wonderful people at Digital Ocean. You can read the 5 part series here – Howto install Elasticsearch, Logstash and Kibana (ELK) on Ubuntu 14.04.

The ELK setup we have configured includes the use of “Filebeat” to transfer log files and machine data into Zabbix + ELK In A Box. You can also setup “Topbeat” to send Operating System performance metrics to Zabbix + ELK In A Box. Topbeat and Filebeat are opensource projects from Elasticsearch which you will require to download and install across the machines from which you need to the infrastructure/application performance metrics and machine data/log files collected. More on that later in this article. For now lets go back to fixing the logstash certificates.

This section refers to the steps in Part I of the DigitalOcean guide titled “Install Logstash / Generate SSL Certificates”.  As we’ve mentioned earlier we are going to use Filebeat (Elasticsearch Open Source project) to ship logs from our Client Servers to our Zabbix + ELK In A Box. To be able to do that we need to create an SSL certificate and key pair. The certificate is used by Filebeat (and also Topbeat) to verify the identity of ELK Server. We have already created the directories that will store the certificate and private key with the following commands:

bash# sudo mkdir -p /etc/pki/tls/certs

bash# sudo mkdir /etc/pki/tls/private

Before you go any further we would recommend you take a backup of the following files and folders –

  • /etc/ssl/openssl.cnf
  • /etc/pki/tls/certs (folder)
  • /etc/pki/tls/private (folder)

As you’ve noted earlier this setup has assumed that you don’t have a DNS setup, that would allow your servers, that you will gather logs from, to resolve the IP address of your ELK Server. Hence we need to add your ELK Server’s private IP address to the subjectAltName (SAN) field of the SSL certificate that we are about to generate. To do so, open the OpenSSL configuration file:

bash# sudo vi /etc/ssl/openssl.cnf

Scroll down to the[ v3_ca ] section in the file, and you will notice that  it has the following configuration –

subjectAltName = IP: 192.168.1.12

Edit the [ v3_ca ] section in the file, and substitute the ELK Server’s private IP address instead of the IP address we’ve provided i.e. 192.168.1.12.

subjectAltName = IP: ELK_server_private_IP

Save the file and exit. Now re-generate the SSL certificate and private key in the appropriate locations (/etc/pki/tls/), with the following commands:

cd /etc/pki/tls

sudo openssl req -config /etc/ssl/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt

The logstash-forwarder.crt file will be copied to all of the servers that will send logs to Logstash but we will do that a little later. Let’s complete our Logstash configuration. If you have any issues with the configuration above or need to troubleshoot please read Part I of the 5 part series here – Howto install Elasticsearch, Logstash and Kibana (ELK) on Ubuntu 14.04.

Step 5 – Using Filebeat and setting up additional Filebeat clients to collect machine data and logs – Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis. Filebeat is currently setup on Zabbix + ELK In A Box to collect performance metrics locally and send it through to Logstash and Elasticsearch. As a result you should see a heap of entries from /var/log/*.log when you open up your Kibana dashboards.

You can read more about Filebeat at Elastic.co. A few additional things you should note.

We have loaded all the sample Kibana dashboards, visualizations and Beats index patterns provided into Elastisearch using the following commands.

curl -L -O https://download.elastic.co/beats/dashboards/beats-dashboards-1.1.0.zip

sudo apt-get -y install unzip

unzip beats-dashboards-*.zip

cd beats-dashboards-*

./load.sh

These index patterns will show up in the administration section in Kibana :

  • [packetbeat-]YYYY.MM.DD
  • [topbeat-]YYYY.MM.DD
  • [filebeat-]YYYY.MM.DD
  • [winlogbeat-]YYYY.MM.DD

The Filebeat index pattern has also been set as our default. Because we are planning on using Filebeat to ship logs to Elasticsearch, we have loaded a Filebeat index template. The index template will configure Elasticsearch to analyze incoming Filebeat fields in an intelligent way.

 Configuring additional machines across your environment to send machine data and logs to your Zabbix + ELK In A Box instance is not very difficult. What’s required is a simple installation and configuration of Filebeat. Please see the “Setup Filebeat” section within Part I of the 5 part series here – Howto install Elasticsearch, Logstash and Kibana (ELK) on Ubuntu 14.04.

Step 6 – Setting Up Topbeat clients to collect infrastructure performance metrics – We would highly recommend using Zabbix to collect infrastructure performance metrics from across your environment. Zabbix is a lot more light weight and is better suited to perform the job of an entreprise class monitoring solution.

Topbeat is an open source shipper for per-process CPU, memory, and disk usage metrics. It is akin to running a distributed “top” command on all of your infrastructure components, with results seamlessly collected, analyzed, and presented in a centralized manner. The current instance of Zabbix + ELK In A Box has Topbeat configured to collect and send through statistics through Logstash into Elasticsearch. However, we’ve disabled Topbeat (from collecting statistics of the local virtual machine) not wanting to add additional unwanted overhead. We have loaded the Topbeat index template into Elasticsearch. The index template will configure Elasticsearch to analyze incoming Topbeat fields in an intelligent way.

However, if you are keen to see what Topbeat has to offer head off to the Elastic website and check out the Topbeat project page. Configuring additional machines across your environment to send infrastructure performance metrics to your Zabbix + ELK In A Box instance is not very difficult either. What’s required is a simple installation and configuration of Topbeat. Please see the “Setup Filebeat” section within Part II of the 5 part series here – Howto install Elasticsearch, Logstash and Kibana (ELK) on Ubuntu 14.04.

Step 7 – Installing and configuration Zabbix agents – Zabbix is a highly scalable enterprise class monitoring solution. As we’ve mentioned earlier the virtual machine configuration should allow you to scale to at-least a 15-20 machine setup. To add additional machines to your Zabbix setup you will need the Zabbix agent installed on them.

  • Head over to the Zabbix 3.0 documentation to read up on installation and configuration of additional Zabbix Agents.
  • Packages for Ubuntu Linux are available as part of the standard repository. You will need to add the Zabbix repositories if you want to source updates from the Zabbix repository instead.
  • For windows you might want to head over to Suiviperf. Also suggest you read up on the following threads –
    • https://www.zabbix.com/documentation/3.0/manual/appendix/install/windows_agent
    • https://www.zabbix.com/forum/showthread.php?t=40868
    • http://www.2daygeek.com/add-remote-windows-host-on-zabbix-server-to-monitor/

Zabbix is really easy to work with and the community forums are a great place to head to if you are looking for assistance or support with any technical issues on Zabbix.

Step 8 – Accessing the Zabbix and Kibana Web User Interface – Now that you’ve got this far give yourself a pat on the back. You should now be able to login to the Zabbix console and the Kibana console to confirm that data is being collected and the relevant visualization/graphs are being created.

  • Kibana – http://Your IP Address:5601
  • Zabbix – http://Your IP Address/Zabbix

As we’ve mentioned earlier in our environment Zabbix + ELK In A Box was configured with IP address 192.168.1.12. This IP address would change based on the static IP address you’ve assigned via the Active Directory or wired / wireless router DHCP setup on your network.

Conclusion – We hope that this article has helped you with get up and running with Zabbix + ELK In A Box. As we have mentioned earlier, the reason for putting together ELK + Zabbix In A Box was to reduce the pain you have to go through to start collecting application, infrastructure performance metrics from across your environment for purposes of visualization, modelling and forecasting. Please note that we are not resourced to provide any technical support nor take any responsibility for what you might do with Zabbix + ELK In A Box. Please use the software provided in your environment at your own risk.

 

4

3

This entry was posted in   .
Bookmark the   permalink.

Admin has written 0 articles

VisualizeIT Administrator & Community Moderator

  • Didier Herrera

    Thanks a lot for this, was so easy to have everything up and running. In the documentation you missed to post the user and password for zabbix.

    • Didier Herrera

      What I did to access to Zabbix was:
      1) check in the file /etc/zabbix/zabbix_server.conf the values of mysql’s credentials for zabbix database.
      2) Access to the database with
      mysql -u zabbix -p (password is p@ssw0rd123)

      3) Reset admin password with:
      update zabbix.users set passwd=md5(‘p@ssw0rd123′) where alias=’Admin’;

      4) Access to zabbix:

      http://my_ip_address/zabbix

  • Jesse K Ziter

    I had trouble loading the OVA in VMware ESXi I get a “Line 25: Unsupported hardware family ‘virtualbox-2.2’.”any words from the wise ?