Mastering Zabbix: From SNMP Basics to Full-Scale Monitoring Architecture

Outline

SNMP introduction

Monitoring process

Open‑source monitoring tool Zabbix

Implementation of Zabbix monitoring features

Supported database storage types

Components in Zabbix architecture

Zabbix logical architecture

Processes started by Zabbix Server

SNMP Introduction

Before introducing Zabbix, we first become familiar with SNMP.

SNMP: Simple Network Management Protocol

Translation: Simple Network Management Protocol

SNMP working modes:

NMS collects data from agent

Agent reports data to NMS

NMS requests agent to modify configuration

SNMP components:

MIB: management information base

MIB is the monitoring object and its attributes (including name, etc.)

SMI: MIB symbols

SNMP protocol

SNMP protocol versions:

v1, v2, v3

v2c: NMS → agent

Introduces community string concept, most commonly used version.

v3: authentication, encryption, decryption

Linux: net‑snmp package

Uses UDP; server listens on port 161, agent on port 162.

Monitoring Process

Data collection (alarm when data exceeds threshold) → data storage (time‑series data for monitoring graphs) → data display.

Open‑Source Monitoring Tool Zabbix

Zabbix is powerful; to understand its features we compare it with cacti and Nagios.

Cacti is a tool for data collection, storage, and web‑based display. It handles real‑time changes within thresholds well but has weak alarm capabilities.

Advantage: real‑time monitoring with intuitive web presentation.

Disadvantage: alarms not timely.

Nagios is strong on alarm functionality; it focuses on state changes (threshold breaches) and alerts via email, SMS, etc.

Advantage: rapid alerts.

Disadvantage: limited number of monitored hosts, low scalability.

Zabbix = cacti + Nagios

Advantage: combines both strengths, providing enterprise‑grade distributed monitoring.

Disadvantage: version 2.2 consumed high bandwidth, improved in 2.4.

Zabbix Monitoring Features Implementation

Zabbix has dedicated agents to monitor Linux, Windows, FreeBSD, etc.

Network devices are monitored via SNMP (SSH is rarely used).

Monitored objects:

Devices: servers, routers, switches

Software: OS, network, applications

Host performance metrics

Fault monitoring: down hosts, services unavailable, host unreachable

IPMI (Intelligent Platform Management Interface) – an open, free standard for hardware management.

Supported Database Storage Types

cacti: rrd (round robin database)
zabbix-database: MySQL, PGSQL (PostgreSQL), Oracle, DB2, SQLite

Components in Zabbix Architecture

zabbix-server: written in C

zabbix-agent: written in C

zabbix-web: GUI for configuration and display, developed in PHP

zabbix-proxy: component for distributed monitoring environments

Zabbix Logical Architecture

Define a template that includes multiple items, triggers, and graphs, then apply it to hosts or host groups.

The server monitors items via Zabbix.

Poller processes (multiple possible) collect information via SNMP and agent protocols.

If a threshold exceeds trigger conditions, an event is generated and actions are executed (run scripts, send email or SMS).

Maintenance mode can be set to suppress alerts during server upgrades.

Display workflow through logical topology diagram

Processes Started by Zabbix Server

See next article for configuration details.