System Requirements
Requirements
Zabbix has specific hardware and software requirements that must be met, and these requirements may change over time. They also depend on the size of your setup and the software stack you select. Before purchasing hardware or installing a database version, it's essential to consult the Zabbix documentation for the most up-to-date requirements for the version you plan to install. You can find the latest requirements https://www.zabbix.com/documentation/current/en/manual/installation/requirements. Make sure to select the correct Zabbix version from the list.
For smaller or test setups, Zabbix can comfortably run on a system with 2 CPUs and 8 GB of RAM. However, your setup size, the number of items you monitor, the triggers you create, and how long you plan to retain data will impact resource requirements. In today's virtualised environments, my advice is to start small and scale up as needed.
You can install all components (Zabbix server, database, web server) on a single machine or distribute them across multiple servers. For simplicity, take note of the server details:
| Component | IP Address |
|---|---|
| Zabbix Server | |
| Database Server | |
| Web Server |
???+ tip Zabbix package names often use dashes (-) in their names, such as
zabbix-get or zabbix-sender, but the binaries themselves may use underscores
(_), like zabbix_sender or zabbix_server. This naming discrepancy can
sometimes be confusing, particularly if you are using packages from non-official
Zabbix repositories. Always check if a binary uses a dash or an underscore when
troubleshooting.
???+ note Starting from Zabbix 7.2, only MySQL (including its forks) and PostgreSQL are supported as back-end databases. Earlier versions of Zabbix also included support for Oracle Database; however, this support was discontinued with Zabbix 7.0 LTS, making it the last LTS version to officially support Oracle DB.
Basic OS Configuration
Operating systems, so many choices, each with its own advantages and loyal user base. While Zabbix can be installed on a wide range of platforms, documenting the process for every available OS would be impractical. To keep this book focused and efficient, we have chosen to cover only the most widely used options: Ubuntu and Red Hat based distributions.
Since not everyone has access to a Red Hat Enterprise Linux (RHEL) subscription even though a developer account provides limited access we have opted for Rocky Linux as a readily available alternative. For this book, we will be using Rocky Linux 9.x and Ubuntu LTS 24.04.x.
Firewall
Before installing Zabbix, it's essential to properly prepare the operating system. The first step is to ensure that the firewall is installed and configured.
To install and enable the firewall, run the following command:
!!! info "Install and enable the firewall" RedHat yaml dnf install firewalld
systemctl enable firewalld --now Ubuntu yaml sudo apt install ufw -y
sudo ufw enable
Once installed, you can configure the necessary ports. For Zabbix, we need to
allow access to port 10051/tcp, which is where the Zabbix trapper listens for
incoming data. Use the following command to open this port in the firewall:
!!! info "Allow Zabbix trapper access" RedHat yaml firewall-cmd
--add-service=zabbix-server --permanent Ubuntu yaml sudo ufw allow
10051/tcp
If the service is not recognized, you can manually specify the port:
!!! info "Add port instead of the service name" yaml firewall-cmd
--add-port=10051/tcp --permanent
???+ note "Firewalld is the replacement for iptables in RHEL-based systems and allows changes to take effect immediately without needing to restart the service. If your distribution does not use Firewalld, refer to your OS documentation for the appropriate firewall configuration steps." Ubuntu makes use of UFW and is merely a frontend for iptables.
An alternative approach is to define dedicated firewall zones for specific use cases. For example...
!!! info "Create a firewalld zone" yaml firewall-cmd
--new-zone=postgresql-access --permanent You can confirm the creation of the
zone by executing the following command:
!!! info "Verify the zone creation" yaml firewall-cmd --get-zones block
dmz drop external home internal nm-shared postgresql-access public trusted work
Using zones in firewalld to configure firewall rules for PostgreSQL provides several advantages in terms of security, flexibility, and ease of management. Here’s why zones are beneficial:
- Granular Access Control :
- firewalld zones allow different levels of trust for different network interfaces and IP ranges. You can define which systems are allowed to connect to PostgreSQL based on their trust level.
- Simplified Rule management:
- Instead of manually defining complex iptables rules, zones provide an organized way to group and manage firewall rules based on usage scenarios.
- Enhanced security:
- By restricting PostgreSQL access to a specific zone, you prevent unauthorized connections from other interfaces or networks.
- Dynamic configuration:
- firewalld supports runtime and permanent rule configurations, allowing changes without disrupting existing connections.
- Multi-Interface support:
- If the server has multiple network interfaces, zones allow different security policies for each interface.
Bringing everything together it would look like this:
!!! info "Firewalld with zone config" yaml firewall-cmd --new-zone=db_zone
--permanent firewall-cmd --zone=db_zone --add-service=postgresql --permanent
firewall-cmd --zone=db_zone --add-source=xxx.xxx.xxx.xxx/32 --permanent
firewall-cmd --reload
Where the source IP is the only address permitted to establish a connection to
the database.
Time Server
Another crucial step is configuring the time server and syncing the Zabbix server using an NTP client. Accurate time synchronization is vital for Zabbix, both for the server and the devices it monitors. If one of the hosts has an incorrect time zone, it could lead to confusion, such as investigating an issue in Zabbix that appears to have happened hours earlier than it actually did.
To install and enable chrony, our NTP client, use the following command:
!!! info "Install NTP client" RedHat yaml dnf install chrony systemctl
enable chronyd --now Ubuntu yaml sudo apt install chrony -y
After installation, verify that Chrony is enabled and running by checking it's status with the following command:
!!! info "Check status chronyd" yaml systemctl status chronyd
???+ note "what is apt or dnf" "dnf is a package manager used in Red Hat-based
systems. If you're using another distribution, replace dnf with your
appropriate package manager, such as zyper, apt, or yum. Chrony is a
modern replacement for ntpd, offering faster and more accurate time
synchronization. If your OS does not support
Chrony, consider using ntpd instead."
Once Chrony is installed, the next step is to ensure the correct time zone is
set. You can view your current time configuration using the timedatectl
command:
!!! info "check the time config" timedatectl
``` yaml
Local time: Thu 2023-11-16 15:09:14 UTC
Universal time: Thu 2023-11-16 15:09:14 UTC
RTC time: Thu 2023-11-16 15:09:15
Time zone: UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
```
Ensure that the Chrony service is active (refer to the previous steps if needed). To set the correct time zone, first, you can list all available time zones with the following command:
!!! info "list the timezones" yaml timedatectl list-timezones This
command will display a list of available time zones, allowing you to select the
one closest to your location. For example:
!!! info "List of all the timezones available" yaml Africa/Abidjan
Africa/Accra ... Pacific/Tongatapu Pacific/Wake Pacific/Wallis UTC
Once you've identified your time zone, configure it using the following command:
!!! info "Set the timezone" yaml timedatectl set-timezone
Europe/Brussels
To verify that the time zone has been configured correctly, use the
timedatectl command again:
!!! info "Check the time and zone" yaml timedatectl
``` yaml
Local time: Thu 2023-11-16 16:13:35 CET
Universal time: Thu 2023-11-16 15:13:35 UTC
RTC time: Thu 2023-11-16 15:13:36
**Time zone: Europe/Brussels (CET, +0100)**
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
```
Note
to ensure that server logs across global deployments are synchronized. Zabbix supports user-based time zone settings, which allows the server to remain in UTC while individual users can adjust the time zone via the interface if needed.
Verifying Chrony Synchronization
To ensure that Chrony is synchronizing with the correct time servers, you can run the following command:
!!! info "Verify chrony" yaml chronyc
The output should resemble:
!!! info "Verify your chrony output" ``` yaml chrony version 4.2 Copyright (C) 1997-2003, 2007, 2009-2021 Richard P. Curnow and others chrony comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public License version 2 for details.
chronyc>
```
Once inside the Chrony prompt, type the following to check the sources:
!!! info "" yaml chronyc> sources
Example output:
!!! info "Check your time server sources" bash MS Name/IP address Stratum
Poll Reach LastRx Last sample
===============================================================================
^- 51-15-20-83.rev.poneytel> 2 9 377 354 +429us[ +429us] +/- 342ms ^-
5.255.99.180 2 10 377 620 +7424us[+7424us] +/- 37ms ^- hachi.paina.net 2 10 377
412 +445us[ +445us] +/- 39ms ^* leontp1.office.panq.nl 1 10 377 904 +6806ns[
+171us] +/- 2336us
In this example, the NTP servers in use are located outside your local region. It is recommended to switch to time servers in your country or, if available, to a dedicated company time server. You can find local NTP servers here: www.ntppool.org.
Updating Time Servers
To update the time servers, modify the /etc/chrony.conf file under RedHat
based systems if you use Ubuntu edit /etc/chrony/chrony.conf . Replace the
existing NTP server with one closer to your location.
Example of the current configuration:
!!! info "example ntp pool config" yaml # Use public servers from the
pool.ntp.org project. # Please consider joining the pool
(http://www.pool.ntp.org/join.html). pool 2.centos.pool.ntp.org iburst
Change the pools you want to a local time server:
``` yaml
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool be.pool.ntp.org iburst
```
After making this change, restart the Chrony service to apply the new configuration:
!!! info "restart the chrony service" yaml systemctl restart chronyd
Verifying Updated Time Servers
Check the time sources again to ensure that the new local servers are in use:
!!! info "Check chrony sources" yaml chronyc> sources
Example of expected output with local servers:
!!! info "Example output" yaml MS Name/IP address Stratum Poll Reach LastRx
Last sample
===============================================================================
^- ntp1.unix-solutions.be 2 6 17 43 -375us[ -676us] +/- 28ms ^* ntp.devrandom.be
2 6 17 43 -579us[ -880us] +/- 2877us ^+ time.cloudflare.com 3 6 17 43 +328us[
+27us] +/- 2620us ^+ time.cloudflare.com 3 6 17 43
This confirms that the system is now using local time servers.