While Zabbix supports a decent range of notification mechanisms, there always comes a time when you need something very specific and the default methods just don't cut it. For such situations, Zabbix supports custom scripts to be used as media.
Let's try to set one up:
- Open Administration | Media types and click on Create media type. Enter the following values:
-
- Name: Test script
- Type: Script
- Script name: testscript
- Script parameters: Click on the Add control and enter {ALERT.MESSAGE} in the new field:
- When you are done, click on the Add button at the bottom.
Now, we should make sure that this media is used at some point:
- Go to Administration | Users, click on monitoring_user in the ALIAS column, and switch to the Media tab.
- Click on Add in the Media section. In the Type drop-down, select Test script and, in the Send to field, enter [email protected]:
When you are done, click on Add and confirm these changes by clicking on Update in the user editing form. Before we continue with the script itself, navigate to Configuration | Actions and then click on Disabled next to SNMP action to enable this action.
We entered the script name, but where should the script be placed? Now is the time to return to where we haven't been for some time. Take a look at zabbix_server.conf and check what value the AlertScriptsPath option has. The default location will vary depending on the method of installation. If you installed it from the source, it will be /usr/local/share/zabbix/alertscripts. Distribution packages are likely to use some other directory. As with root, create a file called testscript in that directory:
# touch /path/to/testscript # chmod 755 /path/to/testscript
Populate it with the following content:
#!/bin/bash for i in "$@"; do echo "$i" >> /tmp/zabbix_script_received.log done
As you can see, we are simply logging each passed parameter to a file for examination. Now, generate some SNMP traps so that the snmptraps trigger switches to the PROBLEM state. Wait for the email to arrive, and then check the /tmp/zabbix_script_received.log file. It should have content similar to this:
Trigger: SNMP trap has arrived on snmptraps Trigger status: PROBLEM Trigger severity: Information Trigger URL: Item values: 1. Received SNMP traps (snmptraps:snmptraps): 192.168.56.11 "Critical Error" NET-SNMP-MIB::netSnmpExperimental 2. *UNKNOWN* (*UNKNOWN*:*UNKNOWN*): *UNKNOWN* 3. *UNKNOWN* (*UNKNOWN*:*UNKNOWN*): *UNKNOWN* Original event ID: 397
We can see that the whole message body from action properties is passed here with newlines intact. If we wanted to also know the user media Send to value to identify the Zabbix user who received this data, we would also pass the {ALERT.SENDTO} macro to our alert script. Similarly, to get the subject from the action properties, we would use the {ALERT.SUBJECT} macro.
From here, basically anything can be done with the data: passing it to issue management systems that do not have an email gateway, sending it through some media not supported directly by Zabbix, or displaying it somewhere.
Now, let's revisit action configuration. Open Configuration | Actions and click on Test action in the Name column. Now, we have a script being executed whenever monitoring_user receives a notification. But what if we would like to skip the script for notification, and only use it in a specific action? Thankfully, we don't have to create a separate user just for such a scenario:
- Switch to the Operations tab and, in the operations block, click on Edit next to the last operation. This will send a message to monitoring_user.
- Take a look at the Send only to drop-down. It lists all media types, and allows us to restrict a specific operation to a specific media type only. In this drop-down, choose Email.
- Click on the Update link at the bottom of the Operation details block, and then the Update button at the bottom.
By using the Send only to option, it is possible to use different notification methods for different situations without creating multiple fake user accounts. For example, a user might receive an email for the first few escalation steps, and then an SMS would be sent.