Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

Zabbix Template: auditd

class: software target: auditd vendor: RaBe version: 6.4

Monitoring of auditd.

This template is part of RaBe's Zabbix template and helpers collection.

Items

Item: auditd: process summary

component: raw

Get info about auditd processes

proc.get[auditd,root,,summary]

Settings:

Item Setting Value
Type ZABBIX_ACTIVE
Value type TEXT

Item: auditd: Unit active state

component: service

State value that reflects whether the unit is currently active or not. The following states are currently defined: "active", "reloading", "inactive", "failed", "activating", and "deactivating".

rabe.auditd.active_state

Settings:

Item Setting Value
Type DEPENDENT
History 7d
Source item systemd.unit.get["auditd.service"]

Preprocessing steps:

Type Parameters
JSONPATH ["$.ActiveState.state"]
DISCARD_UNCHANGED_HEARTBEAT ["30m"]

Item: auditd: CPU seconds (system)

component: auditd

Total CPU seconds (system) of auditd processes.

rabe.auditd.cputime_system

Settings:

Item Setting Value
Type DEPENDENT
Value type FLOAT
History 7d
Source item proc.get[auditd,root,,summary]

Preprocessing steps:

Type Parameters
JSONPATH ["$[*].cputime_system.first()"]
SIMPLE_CHANGE [""]
DISCARD_UNCHANGED_HEARTBEAT ["5m"]

Item: auditd: CPU seconds (user)

component: auditd

Total CPU seconds (user) of auditd processes.

rabe.auditd.cputime_user

Settings:

Item Setting Value
Type DEPENDENT
Value type FLOAT
History 7d
Source item proc.get[auditd,root,,summary]

Preprocessing steps:

Type Parameters
JSONPATH ["$[*].cputime_user.first()"]
SIMPLE_CHANGE [""]
DISCARD_UNCHANGED_HEARTBEAT ["5m"]

Item: auditd: Service load state

component: service

State value that reflects whether the configuration file of this unit has been loaded. The following states are currently defined: "loaded", "error", and "masked".

rabe.auditd.load_state

Settings:

Item Setting Value
Type DEPENDENT
History 7d
Source item systemd.unit.get["auditd.service"]

Preprocessing steps:

Type Parameters
JSONPATH ["$.LoadState.state"]
DISCARD_UNCHANGED_HEARTBEAT ["30m"]

Item: auditd: Number of processes

component: auditd

Number of auditd processes.

rabe.auditd.processes

Settings:

Item Setting Value
Type DEPENDENT
History 7d
Source item proc.get[auditd,root,,summary]

Preprocessing steps:

Type Parameters
JSONPATH ["$[*].processes.first()"]
DISCARD_UNCHANGED_HEARTBEAT ["5m"]

Item: auditd: Memory usage (RSS)

component: auditd

Memory usage of auditd processes.

rabe.auditd.rss

Settings:

Item Setting Value
Type DEPENDENT
History 7d
Source item proc.get[auditd,root,,summary]

Preprocessing steps:

Type Parameters
JSONPATH ["$[*].rss.first()"]
DISCARD_UNCHANGED_HEARTBEAT ["5m"]

Item: auditd: Swap usage

component: auditd

Swap usage of auditd processes.

rabe.auditd.swap

Settings:

Item Setting Value
Type DEPENDENT
History 7d
Source item proc.get[auditd,root,,summary]

Preprocessing steps:

Type Parameters
JSONPATH ["$[*].swap.first()"]
DISCARD_UNCHANGED_HEARTBEAT ["5m"]

Item: auditd: Number of threads

component: auditd

Number of auditd threads.

rabe.auditd.threads

Settings:

Item Setting Value
Type DEPENDENT
History 7d
Source item proc.get[auditd,root,,summary]

Preprocessing steps:

Type Parameters
JSONPATH ["$[*].threads.first()"]
DISCARD_UNCHANGED_HEARTBEAT ["5m"]

Item: auditd: Unit file state

component: service

Encodes the install state of the unit file of FragmentPath. It currently knows the following states: "enabled", "enabled-runtime", "linked", "linked-runtime", "masked", "masked-runtime", "static", "disabled", and "invalid".

rabe.auditd.unitfile_state

Settings:

Item Setting Value
Type DEPENDENT
History 7d
Source item systemd.unit.get["auditd.service"]

Preprocessing steps:

Type Parameters
JSONPATH ["$.UnitFileState.state"]
DISCARD_UNCHANGED_HEARTBEAT ["30m"]

Item: auditd: Uptime

component: service

Number of seconds since unit entered the active state.

rabe.auditd.uptime

Settings:

Item Setting Value
Type DEPENDENT
Value type FLOAT in uptime
History 7d
Source item systemd.unit.get["auditd.service"]

Preprocessing steps:

Type Parameters
JAVASCRIPT ["data = JSON.parse(value);\nif (data.ActiveEnterTimestamp > data.ActiveExitTimestamp) {\n return Math.floor(Date.now() / 1000) - Number(data.ActiveEnterTimestamp) / 1000000;\n}\nreturn null;\n"]

Item: auditd: unit info

component: raw component: unit

Get unit info from systemd

systemd.unit.get["auditd.service"]

Settings:

Item Setting Value
Type ZABBIX_ACTIVE
Value type TEXT

Triggers

Trigger: auditd: Service is not running

scope: availability

Settings:

Trigger Setting Values
Priority WARNING
Manual close YES
last(/auditd/rabe.auditd.active_state)<>1

Trigger: auditd: No running processes

scope: availability

No running auditd processes. Settings:

Trigger Setting Values
Priority HIGH
last(/auditd/rabe.auditd.processes)<{$AUDITD.THRESHOLD.MIN_PROC}

Trigger: auditd: has been restarted

scope: notice

Settings:

Trigger Setting Values
Priority INFO
Manual close YES
last(/auditd/rabe.auditd.uptime)<=10m

Macros

The following Zabbix macros are configured via this template.

Macro: {$AUDITD.THRESHOLD.MIN_PROC}

Minimum amount of processes expected to be running at all times.

Default:

1

Dashboards

The following Zabbix dashboards are included in this template.

  • auditd: Overview

License

This template is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3 of the License.

Copyright

Copyright (c) 2017 - 2024 Radio Bern RaBe