Collect alerts from Nagios and Zabbix in Azure Monitor from Log Analytics agent for Linux

Note

As part of the ongoing transition from Microsoft Operations Management Suite (OMS) to Azure Monitor, the OMS Agent for Windows or Linux will be referred to as the Log Analytics agent for Windows and Log Analytics agent for Linux.

<<<<<<< HEAD Nagios and Zabbix are open source monitoring tools. You can collect alerts from these tools into Azure Monitor in order to analyze them with log data from other sources. This article describes how to configure the Log Analytics agent for Linux to collect alerts from these systems.

Note

Alerts created by Azure Monitor are stored separately from log data and not accessible from log queries.

Nagios and Zabbix are open source monitoring tools. You can collect alerts from these tools into Log Analytics in order to analyze them along with alerts from other sources. This article describes how to configure the Log Analytics agent for Linux to collect alerts from these systems.

98b6f1655e9ada6d4b6a408ada0f1e4c9ed727d2

Prerequisites

The Log Analytics agent for Linux supports collecting alerts from Nagios up to version 4.2.x, and Zabbix up to version 2.x.

Configure alert collection

Configuring Nagios alert collection

To collect alerts, perform the following steps on the Nagios server.

  1. Grant the user omsagent read access to the Nagios log file /var/log/nagios/nagios.log. Assuming the nagios.log file is owned by the group nagios, you can add the user omsagent to the nagios group.

    sudo usermod -a -G nagios omsagent

  2. Modify the configuration file at /etc/opt/microsoft/omsagent/<workspace id>/conf/omsagent.conf. Ensure the following entries are present and not commented out:

    <source>  
      type tail  
      #Update path to point to your nagios.log  
      path /var/log/nagios/nagios.log  
      format none  
      tag oms.nagios  
    </source>  
    
    <filter oms.nagios>  
      type filter_nagios_log  
    </filter>  
    
  3. Restart the omsagent daemon

    sudo sh /opt/microsoft/omsagent/bin/service_control restart
    

Configuring Zabbix alert collection

To collect alerts from a Zabbix server, you need to specify a user and password in clear text. While not ideal, we recommend that you create a Zabbix user with read-only permissions to catch relevant alarms.

To collect alerts on the Nagios server, perform the following steps.

  1. Modify the configuration file at /etc/opt/microsoft/omsagent/<workspace id>/conf/omsagent.conf. Ensure the following entries are present and not commented out. Change the user name and password to values for your Zabbix environment.

     <source>
      type zabbix_alerts
      run_interval 1m
      tag oms.zabbix
      zabbix_url http://localhost/zabbix/api_jsonrpc.php
      zabbix_username Admin
      zabbix_password zabbix
     </source>
    
  2. Restart the omsagent daemon

    sudo sh /opt/microsoft/omsagent/bin/service_control restart

Alert records

You can retrieve alert records from Nagios and Zabbix using log queries in Azure Monitor.

Nagios Alert records

Alert records collected by Nagios have a Type of Alert and a SourceSystem of Nagios. They have the properties in the following table.

Property Description
Type Alert
SourceSystem Nagios
AlertName Name of the alert.
AlertDescription Description of the alert.
AlertState Status of the service or host.

OK
WARNING
UP
DOWN
HostName Name of the host that created the alert.
PriorityNumber Priority level of the alert.
StateType The type of state of the alert.

SOFT - Issue that has not been rechecked.
HARD - Issue that has been rechecked a specified number of times.
TimeGenerated Date and time the alert was created.

Zabbix alert records

Alert records collected by Zabbix have a Type of Alert and a SourceSystem of Zabbix. They have the properties in the following table.

Property Description
Type Alert
SourceSystem Zabbix
AlertName Name of the alert.
AlertPriority Severity of the alert.

not classified
information
warning
average
high
disaster
AlertState State of the alert.

0 - State is up-to-date.
1 - State is unknown.
AlertTypeNumber Specifies whether alert can generate multiple problem events.

0 - State is up-to-date.
1 - State is unknown.
Comments Additional comments for alert.
HostName Name of the host that created the alert.
PriorityNumber Value indicating severity of the alert.

0 - not classified
1 - information
2 - warning
3 - average
4 - high
5 - disaster
TimeGenerated Date and time the alert was created.
TimeLastModified Date and time the state of the alert was last changed.

Next steps

  • Learn about alerts in Azure Monitor.
  • Learn about log queries to analyze the data collected from data sources and solutions.