Network Management System – ZABBIX

Print version

3. Network Management System – ZABBIX

To access our SNMP values, any Network Management System (NMS) can be used. However, we recommend using the ZABBIX open source monitoring system. It can be downloaded at http://www.zabbix.com/download.php.

Zabbix features are explained here – https://www.zabbix.com/features.

If you have chosen the Zabbix software, please read the following pages where we offer a basic Starting Guide to RipEX2 and Zabbix co-working.

Whatever your choice of NMS, these sections may provide general hints and tips anyway.

[Note]Note

The following guide was tested with Zabbix LTS version 6.0. There is no RipEX2 application note for older Zabbix releases.

Take the opportunity to remotely access and test a live Zabbix demo. See the credentials within the text on the given link.

3.1. Installation and Documentation

Follow the Zabbix documentation at: https://www.zabbix.com/documentation/current/en/manual, download packages from https://www.zabbix.com/download and install Zabbix 6.0 LTS. We suggest using Debian11 (or newer) OS, MySQL database and Apache web server, because of our good experience and knowledge. If using different solution, our help can be limited.

[Note]Note

With previous Zabbix versions, we suggested using CentOS7 and CentOS8, but due to changes in distributing these operating systems, Debian OS seems to be much more appropriate.

Zabbix also offers paid support – see all the possible support tiers at https://www.zabbix.com/support.

Once Zabbix 6.0 LTS is installed, multiple additional installation steps are required so that you can monitor and maintain your RipEX2 (and any other RACOM products) network(s). Required steps are explained later within this application note.

We also offer Zabbix 6.0 LTS as a virtual, ready-to-be-used, image. It is called “RACOM Zabbix Appliance” or in short “RZA6”. Within this .ova image, functionality for all RACOM products is already installed and ready to be used. Contact our support to obtain this virtual machine and stay in touch with us for more details.

You can run this RZA6 as a virtual machine, e.g., within your VMware or VirtualBox environment (or any similar one).

3.1.1. Zabbix Installation from packages

Once you finish basic Zabbix 6.0 LTS installation following the Zabbix documentation, you can and should check this part for more details about required steps for RACOM products Zabbix support. The order of explained steps is not so important usually.

[Note]Note

If there is any particular Linux command, it is based on Debian11 OS.

We suggest various applications for future usage:

  • traceroute

  • nmap

  • zabbix-sender

  • sshpas

All the commands can be installed from the command line with:

# apt-get install traceroute nmap zabbix-sender sshpass

If you need, you can implement sending PDF reports automatically. The installation and functionality can vary from version to version so we do not describe step-by-step procedure here. Use Zabbix documentation for more details.
https://www.zabbix.com/documentation/current/en/manual/appendix/install/web_service

For RACOM products, multiple steps are required. Upload all the MIBs from respective devices (RipEX2 in our case) to /usr/share/snmp/mibs/ directory. For a proper functionality, add them to SNMP configuration file /etc/snmp/snmp.conf. E.g.:

mibs +/usr/share/snmp/mibs/MG-MIB.txt
mibs +/usr/share/snmp/mibs/RacomRay3.mib
mibs +/usr/share/snmp/mibs/RacomRay2.mib
mibs +/usr/share/snmp/mibs/RACOM-RipEX-1.0.4.0.mib
mibs +/usr/share/snmp/mibs/SNMPv2-TC.txt
mibs +/usr/share/snmp/mibs/RACOM-RA2-MIB

Templates

Download RipEX2 Zabbix 6.0 template from our website. Unzip the file and import zbx_export_ripex2.yaml into your Zabbix instance in Configuration -> Templates menu via web interface. The template consists of:

  • approximately 300 Item values (10 tags) which can be read from RipEX2 units (proprietary OIDs only – i.e., OID starting with 1.3.6.1.4.1.33555.3 prefix). For other general OIDs, use Zabbix predefined templates or do your own templates (e.g., SNMPv2-MIB::sysDescr.0, SNMPv2-MIB::sysName.0, …)

    • Most of the values are for Events and Traps

  • Discovery rules

    • For the 2.0.10.0 firmware, there are 9 Discovery rules

    • We use Discovery rules for RipEX2 statistics, because most statistics consist of individual lines within tables where each line is e.g., another RipEX2 unit, Ethernet port or SIM card – and because these tables can change based on configuration, HW capabilities and network diagram/topology, individual items must be discovered first.

    • Once discovered, new Items are automatically created and then, Zabbix handles them as basic Items. The only difference is that if a particular new Item becomes unsupported, Zabbix deletes it automatically after a predefined time.

Default Template settings:

  • All Items are in Disabled state

    • Most values are being updated once a day

  • All Discovery rules are disabled as well

    • Most values are being updated every 15 minutes

    • By default, each discovery rule is run every 8 hours – If you have a static network, it might be enough to run it once and disable the rules afterwards

Two calculated items were also predefined – they both sum all received/sent bytes for all neighbouring RipEX2 units (in GUI the values are displayed in Radio Protocol statistics table in “Total [B]” column). These values can be useful to show approximate value of data being transferred over the Radio channel, incl. control frames. Both can be found with a tag “Stats – Radio iface” or check the items with “SUM” key word.

Other important steps are for SNMP traps. Once the trap is received, it is handled by our script and for its proper functionality, the OID cannot be translated to text. Edit the snmptrapd:

# systemctl edit snmptrapd.service --force –full

Change the ExecStart variable:

ExecStart=/usr/sbin/snmptrapd -Lsd -f -p /run/snmptrapd.pid -On

The whole file should be:

# cat /etc/systemd/system/snmptrapd.service
[Unit]
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
After=network.target
ConditionPathExists=/etc/snmp/snmptrapd.conf
[Service]
Type=simple
ExecStart=/usr/sbin/snmptrapd -Lsd -f -p /run/snmptrapd.pid -On
ExecReload=/bin/kill -HUP $MAINPID
[Install]

For a proper functionality of RipEX2 SNMP notifications, multiple additional steps are required. The following sections focuses on SNMPv2c traps and informs. The SNMPv3 notifications are described later on. Also keep in mind that you could configure RipEX2 notifications different way (e.g., via SNMPTT) – here is just one approach described.

If not yet installed, install ‘snmptrapd’ daemon and enable it to be run automatically.

Within the downloaded .zip templates from our website, snmptrap.sh script is included. Copy the script into /usr/lib/zabbix/externalscripts/ directory and change the file privileges and make it executable.

# chown zabbix:zabbix /usr/lib/zabbix/externalscripts/snmptrap.sh
# chmod +x /usr/lib/zabbix/externalscripts/snmptrap.sh
[Note]Note

Your ‘zabbix’ user should be enabled. It should have a HOME directory set to /var/lib/zabbix/ and this user should be able to run the shell. E.g., this command can be helpful:

# usermod --shell /bin/bash zabbix

Check your ‘zabbix_sender’ path and if required, change it within the provided snmptrap.sh script accordingly.

# which zabbix_sender
/usr/bin/zabbix_sender

So, the script has this line inside:

ZABBIX_SENDER="/usr/bin/zabbix_sender";

The script parses the output of each received SNMP trap, selects the appropriate host and declares an associative array containing trap descriptions. Eventually, it sends the whole message to your Zabbix server.

The default path to a LOG file from snmptrap.sh script is /var/log/snmptrap/snmptrap.log. Create the directory and a file manually, if not yet created.

Another required step from the command line is to edit /etc/zabbix/zabbix_server.conf file. Find the appropriate lines and edit them to:

SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
StartSNMPTrapper=1

Zabbix, and especially your snmptrapd must know how to authenticate against the received traps/informs. If it is SNMPv2, it’s quite easy – you just need to allow particular community strings and also explicitly say that our snmptrap.sh must be executed upon a received trap/inform. Do this via /etc/snmp/snmptrapd.conf file. Example of such file:

authCommunity log,execute public
authCommunity log,execute mwl-snmp
authCommunity log,execute racom-snmp
traphandle default /bin/bash /usr/lib/zabbix/externalscripts/snmptrap.sh

With SNMPv3 it gets more complicated.

[Important]Important

Due to a bug in SNMP daemon, SNMPv3 informs are not working and cannot be selected. Once this 3rd party daemon is fixed, we add the functionality back to our RipEX2 release. RipEX2 FW version is 2.0.10.0 or older.

For SNMPv3 Informs (not traps), you need to create the user via createUser command. Stop the snmptrapd daemon:

# systemctl stop snmptrapd

Now, edit the /etc/snmp/snmptrapd.conf file and add these lines:

createUser racom MD5 "racom1234" DES "racom5678"
authUser log,execute,net racom

This should add the User “racom” with MD5 and DES secrets and authenticate him. Save the changes and start the snmptrapd daemon.

# systemctl start snmptrapd

Now, the SNMPv3 informs can be successfully received and used.

SNMPv3 Traps need a bit different command. Everything is the same, but the EngineID must be configured.

Each RipEX2 has a unique EngineID by default, you can also generate your own. This was explained in Section 2.4, “RipEX2 SNMP Settings”.

[Note]Note

If you generate your own EngineID, it is given as a text, but the EngineID is then read as HEX number. E.g. A generated EngineID in GUI is: “UULhM_jp2ObIoN8CVP8aUoaG2Hg”, but the Engine ID in HEX format which you need to set in snmptrapd.conf file is “800083130455554c684d5f6a70324f62496f4e384356503861556f6147324867”.

Stop the snmptrapd daemon again and add a similar line in the /etc/snmp/snmptrapd.conf file:

createUser -e 80008313030002a9200ad3 racom MD5 "racom1234" DES "racom5678"
authUser log,execute,net racom

This creates a “racom” user the same way as for the Informs, but the EngineID 80008313030002a9200ad3 is fixed and must correspond to the created one in RipEX2 web interface.

[Note]Note

The same procedure must be met for any other SNMPv3 devices and their SNMPv3 traps/informs (not just RipEX2).

Once you apply all the mentioned changes, it is suggested to reboot your Linux OS and check the functionality.

RipEX2 images

Hosts can be displayed in graphs. For such a purpose, we created multiple RipEX2 images of different size and with different borders (e.g., red border in case the unit is in a problem state). These images are included in the mentioned .zip file with RipEX2 template. Import them one by one in Administration – General – Images menu, or via directly via MySQL.

RipEX2 images in Zabbix

Fig. 3.1: RipEX2 images in Zabbix


3.1.2. RACOM Zabbix Appliance – RZA6

RZA6 is widely preconfigured.

You will still need to go through SNMP traps/informs section above so that you can use your particular community strings, and SNMv3 users. Otherwise, all should be prepared.

3.2. How to use RipEX2 template

Now, Zabbix should be ready for monitoring RipEX2 network. This chapter gives you a brief procedure to get started, but feel free to utilize different approach.

First, we suggest to create a Host – probably RipEX2 Base station accessible via Ethernet from Zabbix. Go to the Configuration – Hosts menu and click on the “Create host” button on top right corner.

New RipEX2 host

Fig. 3.2: New RipEX2 host


Always put the IP address of the unit to the “Host name” field so the SNMP notifications work (the script works with IP addresses). The “Visible name” can be set to any required value.

Select the “RipEX2 Template” so that the unit is preconfigured with all RipEX2 supported Items. Create a new, or add it to an existing one, RipEX2 group. You can name it as required – e.g., based on RipEX2 network location or particular customer company name. Set the SNMP Interface:

  • IP address

  • Port (usually UDP/161)

  • SNMP version (either v2c, or v3)

    • If v2c, set the community string to MACRO {$SNMP_COMMUNITY}

    • If v3, set the values according to your RipEX2 setup

      • Security name – {$SNMP_USER}

      • Authentication passphrase – {$SNMP_AUTHENTICATION}

      • Privacy passphrase – {$SNMP_ENCRYPTION}

    • Now, check and change MACROs in “Macros” tab

RipEX2 Host MACROs

Fig. 3.3: RipEX2 Host MACROs


You can either change the values in Template so it is the same in all your RipEX2 units, or you can set it per Host.

  • Check the “Use bulk requests” option because it optimizes data traffic being sent

Verify the Inventory tab – it should be set to “Automatic” so some of the values are automatically filled by SNMP queries. Click on the “Add” button – a new Host is created.

But the host is not monitored yet, because all the Items and Discoveries are disabled by default.

Only monitor the values which you really need and with reasonable update times. This is important for units accessible via the Radio channel – so that you limit data being sent over the narrow RipEX2 radio network.

Default update intervals are either 15 minutes, or 1 day. A template keeps up to 1 year of trends/history.

Go to the Host’s Items and enable required Items, you can also edit the SNMP query intervals and other parameters. As an example, we enable 4 Items with an App “tag” equal to “Station – Chassis” and we decrease Interval to just 1 minute.

If you want Traps/Informs to be working, you need to enable particular traps with App tag equal to TRAPS and enable Triggers accordingly (i.e., if you enable “Input voltage too high” Item, you also need to enable a Trigger for this Item).

Last important menu is “Discovered rules”. They are already explained on previous pages. If you want to discover particular Items, just enable required Discovery rule(s). E.g., enable “Discovery – Radio Signal Statistics” for receiving values from Statistics table containing RSS, MSE etc. with all neighbouring RipEX2 units.

You can check the data in the Monitoring – Latest data menu. Filter the values are required. All numeric values can be depicted in graphs. String values have their own history.

Other units can be easily added by a “Clone” button from this Host configuration. Just change appropriate IP addresses and ports. Divide them into groups (e.g., geographically). Choose wisely the monitored values and enabled discovery rules.

3.3. Zabbix Usage Hints and Tips

This application note cannot target all possible information about Zabbix and its usage. Check Zabbix documentation and Google forums for general help and guides. The following section provides several hints and tips for quicker and easier RipEX2 network monitoring. Information provided might not be fully explained or might be different in any other Zabbix version other than 6.0 LTS.

3.3.1. Maps

Having a map is handy way for a network overview. On a single map, or multiple maps (even hierarchical) you may see all RipEX2 units (and any other devices) and their status overview. There can be a plain/empty background, or e.g., some picture of a map (static).

Zabbix simple RipEX2 map

Fig. 3.4: Zabbix simple RipEX2 map


On the map above, we can see two RipEX2 units with a displayed name and current Radio temperature. If the unit has no Problem, an “OK” message is displayed and the Host borders are in green color. We also depict a radio link between these units and its RSS values. Details:

Host details:

Host details in maps

Fig. 3.5: Host details in maps


Label is set as follows:

{HOST.NAME}
Radio temperature = {?last(//radioTemperature)}

Select a particular host and you can change icons for various situations.

Example of the link Label:

<--- RSS: {?last(/192.168.132.200/radioSignalRssAvg[10.10.10.2])}
---> RSS: {?last(/192.168.132.203/radioSignalRssAvg[10.10.10.1])}

Even the link color can change in time – for example lower RSS than -90 dBm. You can create your own Trigger monitoring average RSS values.

3.3.2. Geographical Maps

New feature from 6.0 LTS Zabbix version are Geographical maps. If you add GPS coordinates to your RipEX2 hosts, you can display them on geographical maps.

Geographical map

Fig. 3.6: Geographical map


First, you need to add GPS coordinates in the Host Inventory.

Host GPS coordinates

Fig. 3.7: Host GPS coordinates


Another step is to enable and configure Geographical graphs. Go to Administration – General – Geographical maps menu. Set the required map source/provider. There is a list of default supported map sources, but you can also add “other”. Here is the example for Czech mapy.cz map source.

Zabbix Geographical maps

Fig. 3.8: Zabbix Geographical maps


Tile URL: https://mapserver.mapy.cz/turist-m/{z}-{x}-{y}

Attribution: <a href=”https://napoveda.seznam.cz/cz/mapy/mapy-licencni-podminky/licencni-podminky-mapovych-podkladu/%22%3E%C2%A9 Seznam.cz, a.s.</a>

Max zoom level: 18

The last step is to add Geographical map to your Dashboard. Edit the dashboard and add “Geomap” widget. Select its name, host group(s) and host(s). Save the changes.

Within the map, you can use a “zoom” feature. You can either see multiple hosts within one icon, or one icon is one host (it’s zoomed enough). You can then be forwarded into particular menus etc. Color of the Icons can be changed upon Host status. Read more in Zabbix documentation.

Geographical map host details

Fig. 3.9: Geographical map host details


3.3.3. Links from Zabbix to RipEX2 GUI

Units’ GUI can be accessed from Zabbix web interface from multiple menus.

A typical one is from simple maps. Configure the URL within the Host on the map and once you click on the Host in this map afterwards, you can be forwarded there. Keep in mind it is not possible from geographical maps.

URL link – maps

Fig. 3.10: URL link – maps


Another way is a link from Triggers so that if a Problem occurs, you can quickly go to the required web interface.

URL link – triggers

Fig. 3.11: URL link – triggers


The third option is to use Inventory for configuring URL. For every Host, you can enable the Inventory (serial number, OS, host type, …). Within many Inventory options, the URL can be defined.

URL link – Inventory

Fig. 3.12: URL link – Inventory


3.3.4. Scheduled Reports

Another useful feature is generating scheduled reports. You need to configure Scheduled reports in general. Once you have it, go to the Report – Scheduled reports menu and create a new one. Basically, Zabbix can send multiple users in regular intervals its Dashboard(s) as PDF.

More information e.g., here:
https://www.zabbix.com/documentation/current/en/manual/config/reports#configuration

3.3.5. Actions, Email notifications

In case of any issue within your network, e.g., drop in the signal quality, or the unit being unreachable, Zabbix can automatically send an e-mail to predefined e-mail addresses. See the following example for your reference, but customize it to suit your needs.

The e-mail can be set in the Administration – Media Types menu. Edit the E-mail type corresponding to your server settings. In our example, we use our own SMTP server reachable from Zabbix server. No special security or password is required. You should be able to use any SMTP server.

Zabbix Media type – Email

Fig. 3.13: Zabbix Media type – Email


The e-mails are sent to the users’ e-mail addresses. Go to the Administration – Users menu and configure the required e-mail addresses within the user’s details (Media).

User’s e-mail

Fig. 3.14: User’s e-mail


You define the time when the e-mail will be sent (e.g., do not send it over the night) and the severity of the issue (e.g., send me the e-mail just in case of a critical issue).

The last step is to configure the action – configure which issue causes the e-mail to be sent. Go to the Configuration – Actions – Trigger actions menu and create a new Action. Set a Name of the Action and its Conditions – trigger severities and host group are used within the screenshot below.

Action and its conditions

Fig. 3.15: Action and its conditions


Within the Operations tab, define one or multiple operations. In the example, once the Problem occurs, Zabbix sends an email. It sends such email every other day until the problem is fixed.

We also send a Recovery email to all involved recipients.

Action Operations

Fig. 3.16: Action Operations


Usually, you will use the MACROs for the e-mail body/subject. In this example, the Subject of the email will consist of the host’s Name, Trigger status (Problem or OK) and Event Name. Within the body of the message, there can be additional information such as the Trigger Severity, URL and the Issue details.

Action Operations details

Fig. 3.17: Action Operations details


3.3.6. Branding

Zabbix 6.0 LTS offers you to use your own company’s branding instead of Zabbix ones, or RACOM logos in case of using RZA6.

RACOM Branding

Fig. 3.18: RACOM Branding


General and brief procedure is described here:
https://www.zabbix.com/documentation/current/en/manual/web_interface/rebranding

For the RZA6, we created a file /usr/share/zabbix/local/conf/brand.conf.php with this content:

<?php
return [
'BRAND_LOGO' => 'racom/racom_logo.png',
'BRAND_LOGO_SIDEBAR' => 'racom/racom_logo.png',
'BRAND_LOGO_SIDEBAR_COMPACT' => 'racom/racom_logo_compact.png',
#'BRAND_HELP_URL' => 'https://www.racom.eu/ APP NOTE LINK '
];

Logos were scaled to 140×20 and 20×13 (compact one). The logos are placed in /usr/share/zabbix/racom/ directory. After these changes, the Login screen can look like:

RACOM Branding login page

Fig. 3.19: RACOM Branding login page


If you need any additional help or information, don’t hesitate to contact us at support@racom.eu. We are ready and happy to help you.

We do recommend using our RZA6 solution. If not in your real network, then as a start for getting familiar with RipEX2 SNMP and Zabbix NMS, because RZA6 has many configuration steps pre-configured and done.