ZABBIX – listing permissions

Today one of our security officer asked me to retrieve a list of users and permissions from our zabbix systems.

The problem occured while I was trying to associate users’ groups to hosts’ groups. There is in fact one subsite “permissions” under “Administration” -> “Users” after clicking on particular group link. But you cannot copy any information from there. Additionally if you have many groups that would be tidious task.

Instead of that I decided to retrieve the permissions from the database: here is the working sql command:

SELECT r.permission as "Permissions", g.name as "User Group", z.name as "Host Group" FROM zabbix.rights as r
join zabbix.usrgrp as g
on r.groupid = g.usrgrpid
join zabbix.groups as z
on z.groupid = r.id

2 in the “permission” column means “read” access, 3 means “read/write” permissions.

IBM Tivoli Storage Manager (TSM) – monitoring DB backup state with ZABBIX.

Hi Guys,

If you would like to monitor your TSM server with ZABBIX for ex., here are some useful selects to TSM database. Below are user parameters that has to be put in zabbix_agentd.conf:

UserParameter=Scratch,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 1”
UserParameter=Buffhit,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 2”
UserParameter=FreeSpaceDb,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 3”
UserParameter=FreeSpaceLog,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 4”
UserParameter=SchedulesMissed,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 5”
UserParameter=SchedulesFailed,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 6”
UserParameter=PathsOffline,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 7”
UserParameter=HighSGTUtilization,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 8”
UserParameter=RwErrors,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 9”
UserParameter=UnVolumes,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 10”
UserParameter=UnHosts,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 11”
UserParameter=Scratch_BCKP,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 12”
UserParameter=Scratch_OFF,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 13”
UserParameter=TsmBackupStatus,%systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe /nologo “C:\zabbix\TsmInformation.ps1 14”

And here is a powershell script that retrieves those pieces of information:

param($select)

switch ($select)
{
1 {$select = "select count(*) as Scratch from libvolumes where status='Scratch'"}
2 {$select = "select buff_hit_ratio from db"}
3 {$select = "select cast((free_space_mb/1024) as decimal(8,2)) from db"}
4 {$select = "select free_space_mb/1024 from log"}
5 {$select = "select count(*) from events where status='Missed'"}
6 {$select = "select count(*) from events where status='Failed'"}
7 {$select = "select count(*) from paths where NOT online='YES'"}
8 {$select = "select count(*) from stgpools where pct_utilized>95"}
9 {$select = "select count(*) from volumes where read_errors>0 or write_errors>0"}
10 {$select = "select count(*) from volumes where access='UNAVAILABLE'"}
11 {$select = "select count(*) from nodes where node_name NOT IN (select node_name from associations)"}
12 {$select = "select count(*) as Scratch from libvolumes where status='Scratch' and library_name='TS3310_BCKP'"}
13 {$select = "select count(*) as Scratch from libvolumes where status='Scratch' and library_name='TS3310_OFF'"}
14 {$select = "select last_backup_date from DB"}
default {"BRAK PARAMETRÓW"}
}

$a = (& C:\Progra~1\Tivoli\TSM\baclient\dsmadmc.exe -optfile=C:\Progra~1\Tivoli\TSM\baclient\dsm.opt -id=Admin -pa=<PUT_HERE_YOUR_TSM_PASSWORD> -display=list -dataonly=yes "$select")
$b = $a | Select-Object -first 1
$c = $b.split(":")
$d = $c[1].Substring(1)
#$d = $d.replace(".",",")
if ( $d -match " ") {
$e = $d.split(" ")
$f = $e[0].Substring(0)
$d = Get-Date
$data = (get-date).ToString("yyyy-MM-dd")
$data2 = (get-date).AddDays(-1).ToString("yyyy-MM-dd")
if (($f -eq $data) -or (($f -eq $data2) -and ($d.Hour -lt "10")) ){
"BACKUP UP TO DATE"
} else { $f }
} else { $d }

Powershell / ZABBIX – Gathering information about processes, that has the same name, by PID.

The first post will be about my last issue. My colleague from work wanted me to monitor memory utilization by each oracle processes – and connect them to the appropriate service. ZABBIX let us to monitor procesess, but the problem is, as far as I know, we can monitor them by name, not by the PID, and everything will be all right if those processes haven’t got the same name “oracle.exe”…

So from that point I knew I should use the “UserParamater” to get them. Additional issue, and very obvious, is that those PIDs are changing with every OS reboot. The solution is a script in powershell that you can run after each reboot, for ex. in “task scheduler”. It will create/update *.vbs scripts that are responsible for gathering the data about the memory utilization, of course zabbix_agentd.conf has to contain lines like:

UserParameter=GetMemoryVCS02DB,%systemroot%\system32\cscript.exe /nologo c:\zabbix\OracleServiceVCS02DB.vbs

to refer to those scripts. Script is very simple and looks like this:

$services = (gwmi WIn32_Service | where {$_.name -match "OracleService"})

foreach ($service in $services) {
$f = $service.name + ".vbs"
$p = $service.ProcessID
If ($f) {Clear-Content $f}
out-file -filepath $f -append -inputobject 'Set objWMI = GetObject("winmgmts:\\.\root\cimv2")'
out-file -filepath $f -append -inputobject "Set colObjects = objWMI.ExecQuery(`"SELECT * FROM Win32_Process WHERE ProcessID =`'$p`'`")"
out-file -filepath $f -append -inputobject 'For Each Item in colObjects'
out-file -filepath $f -append -inputobject 'wScript.Echo Item.WorkingSetSize'
out-file -filepath $f -append -inputobject 'Next'

}