Zabbix_LLD (Low-Level-Discovery)_Filter Monitoring Item
By default, the network interface LLD in Template OS Windows and Template OS Linux automatically discovers all interfaces except the loopback interface, when this is not the interface we want.
For example, I have a Linux server with the following network cards:
[root@webserver] - [Thu Oct 13] - [13:35:24] [~]
em1 Link encap:Ethernet HWaddr 78:2B:CB:68:E9:E4
em2 Link encap:Ethernet HWaddr 78:2B:CB:68:E9:E6
em3 Link encap:Ethernet HWaddr 78:2B:CB:68:E9:E8
em4 Link encap:Ethernet HWaddr 78:2B:CB:68:E9:EA
Windows servers, and the following network cards:
Here, we just want to monitor the physical network card, or the network card we want to monitor, rather than the bridge interface or virtual network card, to reduce unnecessary monitoring items to reduce the pressure of Server. At the same time, it prevents Item s from producing a large number of Not supported states. It takes about a month to wait for these unsupported monitors to be automatically deleted. At the same time, a large number of logs will be generated.
Analysis of LLD Filtration Principle
First look at the rules for automatic discovery of network interfaces in Template OS Windows or Template Linux Windows templates
The box in the following figure represents the meaning shown in the figure.
Look at the filters and see the filtering rules that zabbix uses by default:
Next, look at the content of the regular expression "@Network interfaces for discovery". The "Network interfaces for discovery" is just the name of a group of regular expressions, whose content is viewed at the location in the following figure:
In the box below is the filtering rule. By default, there are only two kinds of filtering rules: "^lo$" and "^Software Loopback Interface", as shown in the following figure:
So, what is the filtering rule? We need to view and analyze the results of LLD execution, and execute the following commands on the Zabbix Server side to see the Json value returned:
[root@localhost] - [Thu Oct 13] - [11:58:27] [~]#zabbix_get -s 172.24.10.4 -p 10050 -k net.if.discovery
{"data":[{"{#IFNAME}":"WAN Miniport (IPv6)"},{"{#IFNAME}":"WAN Miniport (Network Monitor)"},{"{#IFNAME}":"WAN Mini port(net watcher) - 360entbw Miniport"},{"{#IFNAME}":"Intel(R) PRO/1000 MT Network Connection - 360entbw Miniport-QoS Packet Scheduler-0000"},{"{#IFNAME}":"WAN Mini port(IP) - 360entbw Miniport"},{"{#IFNAME}":"Intel(R) PRO/1000 MT Network Connection"},{"{#IFNAME}":"WAN Miniport (IP)"},{"{#IFNAME}":"Intel(R) PRO/1000 MT Network Connection - 360entbw Miniport-WFP LightWeight Filter-0000"},{"{#IFNAME}":"WAN Mini port(net watcher) - 360entbw Miniport-QoS Packet Scheduler-0000"},{"{#IFNAME}":"Intel(R) PRO/1000 MT Network Connection - 360entbw Miniport"},{"{#IFNAME}":"WAN Mini port(IP) - 360entbw Miniport-QoS Packet Scheduler-0000"},{"{#IFNAME}":"WAN Miniport (IPv6)-QoS Packet Scheduler-0000"},{"{#IFNAME}":"Intel(R) PRO/1000 MT Network Connection - 360entbw Miniport-360LanProtect-0000"},{"{#IFNAME}":"WAN Miniport (PPPOE)"},{"{#IFNAME}":"RAS Async Adapter"},{"{#IFNAME}":"Software Loopback Interface 1"},{"{#IFNAME}":"WAN Miniport (SSTP)"},{"{#IFNAME}":"WAN Miniport (IKEv2)"},{"{#IFNAME}":"WAN Miniport (L2TP)"},{"{#IFNAME}":"WAN Miniport (PPTP)"},{"{#IFNAME}":"Microsoft ISATAP Adapter"},{"{#IFNAME}":"Teredo Tunneling Pseudo-Interface"}]}
OK, beautify the result with JSON beautifying tool (search JSON beautifying tool):
{
"data": [
{
"{#IFNAME}": "WAN Miniport (IPv6)"
},
{
"{#IFNAME}": "WAN Miniport (Network Monitor)"
},
{
"{#IFNAME}": "WAN Mini port(net watcher) - 360entbw Miniport"
},
{
"{#IFNAME}": "Intel(R) PRO/1000 MT Network Connection - 360entbw Miniport-QoS Packet Scheduler-0000"
},
{
"{#IFNAME}": "WAN Mini port(IP) - 360entbw Miniport"
},
{
"{#IFNAME}": "Intel(R) PRO/1000 MT Network Connection"
},
{
"{#IFNAME}": "WAN Miniport (IP)"
},
{
"{#IFNAME}": "Intel(R) PRO/1000 MT Network Connection - 360entbw Miniport-WFP LightWeight Filter-0000"
},
{
"{#IFNAME}": "WAN Mini port(net watcher) - 360entbw Miniport-QoS Packet Scheduler-0000"
},
{
"{#IFNAME}": "Intel(R) PRO/1000 MT Network Connection - 360entbw Miniport"
},
{
"{#IFNAME}": "WAN Mini port(IP) - 360entbw Miniport-QoS Packet Scheduler-0000"
},
{
"{#IFNAME}": "WAN Miniport (IPv6)-QoS Packet Scheduler-0000"
},
{
"{#IFNAME}": "Intel(R) PRO/1000 MT Network Connection - 360entbw Miniport-360LanProtect-0000"
},
{
"{#IFNAME}": "WAN Miniport (PPPOE)"
},
{
"{#IFNAME}": "RAS Async Adapter"
},
{
"{#IFNAME}": "Software Loopback Interface 1"
},
{
"{#IFNAME}": "WAN Miniport (SSTP)"
},
{
"{#IFNAME}": "WAN Miniport (IKEv2)"
},
{
"{#IFNAME}": "WAN Miniport (L2TP)"
},
{
"{#IFNAME}": "WAN Miniport (PPTP)"
},
{
"{#IFNAME}": "Microsoft ISATAP Adapter"
},
{
"{#IFNAME}": "Teredo Tunneling Pseudo-Interface"
}
]
}
From the above view, we can see that Zabbix filters the above results through the regular expression "Network interfaces for discovery" in the system, and the qualified content will be monitored by Zabbix.
Solution
Since the analysis of LLD filtering principle is known above, the solution will not be too arduous. We only need to modify the default filtering rule "Network interfaces for discovery" of zabbix and add custom filtering rules. The following is my filtering rule:
To ensure that the new configuration's regular expression takes effect and to see the result of the response, we need to uncorrelate the template of the host you want to view and change the time interval of automatic discovery to 60 seconds, as follows:
OK, after the setup is completed, it will be filtered according to the rules you modify. The results after filtering are as follows:
So far, our problems have been solved.