A Review of Zabbix – Zabbix Rules! (Part 1)


It was 1992, the Internet was still an uncertain “dream technology” by scientists, and I was working at SprintLink.   My role was the lead systems engineer to set up the network and security management center for SprintLink and Managed Router Network (MRN) team.

We used HP Open View Network Node Manager (NNM) for our core network monitoring system.  The first version I installed was a black-and-white version, illustrating how long ago that was!   Then, around 1994 onwards, I installed similar systems at over 20 USAF bases world wide, standing up the original Base Network Control Centers (BNCC)s for AF, now called NOSCs (Network and Operations Security Centers), unless the name had changed.  Then in the late 1990s, I performed a similar task for S.W.I.F.T.’s main nerve center (in Virginia), putting together the core systems for network and security monitoring using Micromuse NetCool, acquired later by IBM.

It was years of work in network and security management that peaked my interest in complex event processing.   I have installed many such systems and found most of them to be “noise generators” and not nearly as useful as we needed for day-to-day operations management.   Some of my thoughts on this topic can be found in Trend Prediction in Network Monitoring Systems, The Genesis of Complex Event Processing: Asymmetric Capabilities and many other posts on this blog.

Most network and security management systems can process a stream of events and run rules against streaming events.  In fact, I evaluated a few of the “so-called CEP engines” for network and security management and found them to be a step backwards, not forward, for processing network and security events.  The truth of the matter is that there exists really mature network and security management software in the market to process events.  None that I have found, however, are userful at statistical analysis for outage prediction and forecasting; but they are good rule-based event processors.  This leads us to Zabbix.

reborg installed Zabbix (note: with a word of thanks to reborg at The UNIX and Linux Forums for initially suggesting Zabbix and doing the initial install) for monitoring a busy production LAMP website.  In a nutshell, reborg is a big fan of Ubuntu Linux, the site runs Ubuntu, and Zabbix installs quite easy on Ubuntu. Here is a nice summary of the Zabbix installation process and around 40 screenshots of Zabbix running.

In Part 2 of our Zabbix review, I will talk about rules and sliding time windows for processing events in Zabbix.  I will also discuss how to extend Zabbix to monitor just about anything.  I will also discuss graphs, screens and visulations.   After all, it is still difficult more machine to predict outages and forecast future events.  The best technology we have today are human eyes and brains looking at time-series charts and graphs.  Zabbix certainly an amazing basic graphical capability for visual correlation and event prediction. Please stay tuned for part 2 of A Review of Zabbix – Zabbix Rules!