Monitoring of auditd.
This template is part of RaBe's Zabbix template and helpers collection.
Get info about auditd processes
proc.get[auditd,root,,summary]
Settings:
Item Setting | Value |
---|---|
Type | ZABBIX_ACTIVE |
Value type | TEXT |
State value that reflects whether the unit is currently active or not. The following states are currently defined: "active", "reloading", "inactive", "failed", "activating", and "deactivating".
rabe.auditd.active_state
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
History | 7d |
Source item | systemd.unit.get["auditd.service"] |
Preprocessing steps:
Type | Parameters |
---|---|
JSONPATH | ["$.ActiveState.state"] |
DISCARD_UNCHANGED_HEARTBEAT | ["30m"] |
Total CPU seconds (system) of auditd processes.
rabe.auditd.cputime_system
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
Value type | FLOAT |
History | 7d |
Source item | proc.get[auditd,root,,summary] |
Preprocessing steps:
Type | Parameters |
---|---|
JSONPATH | ["$[*].cputime_system.first()"] |
SIMPLE_CHANGE | [""] |
DISCARD_UNCHANGED_HEARTBEAT | ["5m"] |
Total CPU seconds (user) of auditd processes.
rabe.auditd.cputime_user
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
Value type | FLOAT |
History | 7d |
Source item | proc.get[auditd,root,,summary] |
Preprocessing steps:
Type | Parameters |
---|---|
JSONPATH | ["$[*].cputime_user.first()"] |
SIMPLE_CHANGE | [""] |
DISCARD_UNCHANGED_HEARTBEAT | ["5m"] |
State value that reflects whether the configuration file of this unit has been loaded. The following states are currently defined: "loaded", "error", and "masked".
rabe.auditd.load_state
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
History | 7d |
Source item | systemd.unit.get["auditd.service"] |
Preprocessing steps:
Type | Parameters |
---|---|
JSONPATH | ["$.LoadState.state"] |
DISCARD_UNCHANGED_HEARTBEAT | ["30m"] |
Number of auditd processes.
rabe.auditd.processes
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
History | 7d |
Source item | proc.get[auditd,root,,summary] |
Preprocessing steps:
Type | Parameters |
---|---|
JSONPATH | ["$[*].processes.first()"] |
DISCARD_UNCHANGED_HEARTBEAT | ["5m"] |
Memory usage of auditd processes.
rabe.auditd.rss
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
History | 7d |
Source item | proc.get[auditd,root,,summary] |
Preprocessing steps:
Type | Parameters |
---|---|
JSONPATH | ["$[*].rss.first()"] |
DISCARD_UNCHANGED_HEARTBEAT | ["5m"] |
Swap usage of auditd processes.
rabe.auditd.swap
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
History | 7d |
Source item | proc.get[auditd,root,,summary] |
Preprocessing steps:
Type | Parameters |
---|---|
JSONPATH | ["$[*].swap.first()"] |
DISCARD_UNCHANGED_HEARTBEAT | ["5m"] |
Number of auditd threads.
rabe.auditd.threads
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
History | 7d |
Source item | proc.get[auditd,root,,summary] |
Preprocessing steps:
Type | Parameters |
---|---|
JSONPATH | ["$[*].threads.first()"] |
DISCARD_UNCHANGED_HEARTBEAT | ["5m"] |
Encodes the install state of the unit file of FragmentPath. It currently knows the following states: "enabled", "enabled-runtime", "linked", "linked-runtime", "masked", "masked-runtime", "static", "disabled", and "invalid".
rabe.auditd.unitfile_state
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
History | 7d |
Source item | systemd.unit.get["auditd.service"] |
Preprocessing steps:
Type | Parameters |
---|---|
JSONPATH | ["$.UnitFileState.state"] |
DISCARD_UNCHANGED_HEARTBEAT | ["30m"] |
Number of seconds since unit entered the active state.
rabe.auditd.uptime
Settings:
Item Setting | Value |
---|---|
Type | DEPENDENT |
Value type | FLOAT in uptime |
History | 7d |
Source item | systemd.unit.get["auditd.service"] |
Preprocessing steps:
Type | Parameters |
---|---|
JAVASCRIPT | ["data = JSON.parse(value);\nif (data.ActiveEnterTimestamp > data.ActiveExitTimestamp) {\n return Math.floor(Date.now() / 1000) - Number(data.ActiveEnterTimestamp) / 1000000;\n}\nreturn null;\n"] |
Get unit info from systemd
systemd.unit.get["auditd.service"]
Settings:
Item Setting | Value |
---|---|
Type | ZABBIX_ACTIVE |
Value type | TEXT |
Settings:
Trigger Setting | Values |
---|---|
Priority | WARNING |
Manual close | YES |
last(/auditd/rabe.auditd.active_state)<>1
No running auditd processes. Settings:
Trigger Setting | Values |
---|---|
Priority | HIGH |
last(/auditd/rabe.auditd.processes)<{$AUDITD.THRESHOLD.MIN_PROC}
Settings:
Trigger Setting | Values |
---|---|
Priority | INFO |
Manual close | YES |
last(/auditd/rabe.auditd.uptime)<=10m
The following Zabbix macros are configured via this template.
Minimum amount of processes expected to be running at all times.
Default:
1
The following Zabbix dashboards are included in this template.
- auditd: Overview
This template is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3 of the License.
Copyright (c) 2017 - 2024 Radio Bern RaBe