zabbixj
zabbixj copied to clipboard
michaelquigley
Connecting from zabbix-get to ExamplePassiveAgent does not work
Hi,
i am trying to test ExamplePassiveAgent using the official zabbix_get test program. I get an error message saying: check acces restrictions in Zabbix-agent configuration.
How can I solve this?
Thanks for your help!
Allard
There aren't any access restrictions in the Zabbix/J agents, so that message is likely hiding something else... like a network issue or similar. Are you sure you're connecting zabbix_get to the correct IP/port combination for your ExamplePassiveAgent?
Maybe post the entire transcript of what you're doing?
Hello Michael,
first of all I want to thank you for trying to help me.
The context of my question comes from my idea to write a Zabbix agent in Java for z/OS. I allready wrote an agent running on a Raspberry Pi that is kicked of from an agent running locally on Linux. The standard zabbix-agent kicks off a Python program running locally through zabbix-agent user defined parameters. The Python Program in its turn connects to a Zabbix-agent written in REXX running on z/OS. This works fine.
But my challenge is to write a java agent that runs on OMVS on Z/OS that communicates directly with the zabbix server. Without the need of the inbetween step on linux described above.
Thats how I came on the ZabbixJ programs you have written.
So, I tried ExamplePassiveAgent with ExamplePassiveAgentClient responding a random number (example.random). This works fine, from any machine on my LAN.
However, when i try to reach ExamplePassiveAgent from Zabbix server I get the message that there is an empty response.
So I decided to use zabbix_get to see what happens. And I get the error message as described earlier. This is strange because ExamplePassiveAgent does not check whether the zabbix-server is allowed to connect.
The error occurs even if zabbix_get and ExamplePassiveAgent are on the same machine. Also using 127.0.0.1 versus 192.168.2.9 (the ip-adress on the LAN) makes no difference.
Any suggestions?
Kind regards Allard
Op ma 1 feb. 202 1 om 18:24 schreef Michael Quigley [email protected]
There aren't any access restrictions in the Zabbix/J agents, so that message is likely hiding something else... like a network issue or similar. Are you sure you're connecting zabbix_get to the correct IP/port combination for your ExamplePassiveAgent?
Maybe post the entire transcript of what you're doing?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/michaelquigley/zabbixj/issues/18#issuecomment-771019985, or unsubscribe https://github.com/notifications/unsubscribe-auth/AET5SGLL7EBIP7TTCSXXWSTS43PULANCNFSM4W3QZ4DA .
I haven't really put any work into this project for quite a number of years. It hasn't really needed anything as it's pretty simple in what it does.
I looked this morning and it appears that Zabbix is already up to version 5. I wonder if maybe the protocol has been revised slightly so that newer versions are no longer compatible with this protocol?
The protocol itself (when this was implemented) is just a basic TCP socket with some text strings that are exchanged.
You might try reaching out to folks in the Zabbix community to see if they can offer any help with it. I would let them know that you're working with an older agent.
I did see that it looks like the Zabbix protocol now has support for TLS encryption. I wonder if maybe there's a requirement that TLS be enabled, or some such that's preventing this from working.
If you find out from the Zabbix folks that we need to make a change to Zabbix/J, I could look into implementing that. But as it stands right now, I don't have a Zabbix environment to test with.
Hopefully there is a switch or setting in Zabbix that will allow it to interact using same protocol that Zabbix/J is using.
Hello Michael,
thanks again, I posted on the Zabbix-forum this morning:
Op ma 1 feb. 2021 om 20:34 schreef Michael Quigley <[email protected]
I haven't really put any work into this project for quite a number of years. It hasn't really needed anything as it's pretty simple in what it does.
I looked this morning and it appears that Zabbix is already up to version 5. I wonder if maybe the protocol has been revised slightly so that newer versions are no longer compatible with this protocol?
The protocol itself (when this was implemented) is just a basic TCP socket with some text strings that are exchanged.
You might try reaching out to folks in the Zabbix community to see if they can offer any help with it. I would let them know that you're working with an older agent.
I did see that it looks like the Zabbix protocol now has support for TLS encryption. I wonder if maybe there's a requirement that TLS be enabled, or some such that's preventing this from working.
If you find out from the Zabbix folks that we need to make a change to Zabbix/J, I could look into implementing that. But as it stands right now, I don't have a Zabbix environment to test with.
Hopefully there is a switch or setting in Zabbix that will allow it to interact using same protocol that Zabbix/J is using.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/michaelquigley/zabbixj/issues/18#issuecomment-771103933, or unsubscribe https://github.com/notifications/unsubscribe-auth/AET5SGPXSLSJWFMRQGRC723S4365XANCNFSM4W3QZ4DA .
Ok! Please let me know what you find out? I'll keep this issue open until you've got this sorted out.
Hello Michael.
I found the following on the Zabbix-site:
**PLAIN TEXT PROTOCOL DROPPED
Support for the plain text protocol has been dropped and a header is now mandatory. A header has been added to Zabbix get requests, Zabbix server/proxy passive check requests and frontend requests to Zabbix server.
As a consequence, Zabbix agents that are older than version 1.4 are no longer supported. Also, messages from self-written senders will be rejected if the header is absent. Whereas previously Zabbix trappers would accept messages without headers as well as messages with headers, now they will only accept messages with protocol header.
Requests from an older Zabbix get version to the new agent will fail. Note that in this case the following error message is displayed:
Check access restrictions in Zabbix agent configuration**
This is exactly the symptome I have found using the combination zabbix_get <-> ExamplePassiveAgent.
So I think the problem is in the missing HEADER in the response message from WorkerThread.
Kind regards Allard
Header implementation details:
https://www.zabbix.com/documentation/4.0/manual/appendix/protocols/header_datalen
Unfortunately it may take me a little bit to get to a place where I can implement this in Zabbix/J. I'll have to set up Zabbix in a testing environment (I'm not actually using Zabbix any longer).
If you want to submit a PR for this, that would also be welcome.
hello Michael,
thanks a lot. I would be happy of you just made a little change to WorkerThread to include the Header (maybe only test it with zabbix_get) and send me the code.
I can test it for you,
I can also take the change and put it in my own code on z/OS and see if that works.
Kind regards
Allard
Op wo 3 feb. 2021 om 21:24 schreef Michael Quigley <[email protected]
Unfortunately it may take me a little bit to get to a place where I can implement this in Zabbix/J. I'll have to set up Zabbix in a testing environment (I'm not actually using Zabbix any longer).
If you want to submit a PR for this, that would also be welcome.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/michaelquigley/zabbixj/issues/18#issuecomment-772798351, or unsubscribe https://github.com/notifications/unsubscribe-auth/AET5SGOCOV5UWSLAZ36I54LS5GWIRANCNFSM4W3QZ4DA .