ADVANTECH Zabbix Integration Installation Guide

ADVANTECH Zabbix Integration

Used symbols

• Danger: Information regarding user safety or potential damage to the router.
• Attention:  Problems that can arise in specific situations.
• Information, notice:  Useful tips or information of special interest.
• Example:  Example of function, command or script.

Open Source Software License

The software in this device uses various pieces of open-source software governed by the following licenses: GPL versions 2 and 3, LGPL version 2, BSD- style licenses, MIT-style licenses. The list of components, together with complete license texts, can be found on the device itself: See the Licenses link at the bottom of the router’s main Web page (General Status) or point your browser to address DEVICE_IP/licenses. CGI. If you are interested in obtaining the source, please get in touch with us at: techSupport@advantech- bb.com

Modifications and debugging of LGPL-linked executables

The device manufacturer with this grants the right to use debugging techniques (e.g., decompilation) and make customer modifications of any executable linked with a LGPL library for its purposes. Note these rights are limited to the customer’s usage. No further distribution of such modified executables and no transmission of the information obtained during these actions may be done.

Advantech Czech s.r.o., Sokolska 71, 562 04 Usti nad Orlici, Czech Republic.
Document No. APP-0089-EN, revision from October 4, 2022. Released in the Czech Republic.

Zabbix Server

Remote monitoring is the process of supervising IT systems from a central management server. In general, monitoring improves reliability and security of your network because it facilitates early detection of erroneous conditions. For an introduction of remote monitoring and a list of other monitoring tools, please see the Remote Monitoring Application Note [1]. This document describes the monitoring of Advantech cellular routers using Zabbix 5.0 LTS. Zabbix is an open-source monitoring software tool for diverse IT components, including networks, servers, virtual machines (VMs) and cloud services. It can monitor numerous parameters of a network and the health and integrity of servers1.

Monitoring Operations

Zabbix monitors Hosts (e.g. routers) through one or more Interfaces. There are two interface types (protocols) that can be used with Advantech routers:

• SNMP, which supports also SNMP Traps (see Section 2).
• Agent, which supports both active and passive checks (see Section 3).

Individual status checks are defined as Items. Each Item represents a specific Type of information (numeric or character), obtained via a specific check type (SNMP, SSH, passive or active agent) with a specific update period and storage interval. Each item has a unique Key, e.g. “system.cpu.load”. A set of Items (and other entities such as Triggers, Graphs, or Discovery Rules) can be grouped together into a Template to speed up the deployment of monitoring tasks on a host. Templates are linked to Hosts or to other Templates. Templates for Advantech router monitoring zbx_conel_templates.xml can be downloaded from the Advantech Engineering Portal2. Items are logically grouped into Applications (e.g. Info, Status, Interfaces). Some Items also auto- populate host Inventory fields (e.g. Name, OS, Serial Number).

To start monitoring a router you need to create a Host, and

1. Give it an arbitrary but unique Hostname,
2. Assign the Host to a Host group, e.g. “Routers”,
3. Set Interfaces that should be used (SNMP or Agent), possibly including Encryption keys,
4. Link templates that define the Items to be monitored (see the following sections for a list of compatible templates).

If everything works fine, you should after some minutes see

• Green Availability and Agent encryption indicators under Configuration – Hosts,
• Router inventory details under Inventory – Hosts,
• Retrieved status information under Monitoring – Latest data

Every item has a defied refresh rate, so some items may populated later than others. If you want to request an immediate update of specific (or all) items, open the Host Configuration, click Items on the top bar, then check the items you want to update and click the Execute now button.

Server Installation and Configuration

The easiest way to install a Zabbix server is to download3 the ISO image and install4 a Zabbix Appliance on a virtual machine, e.g. VirtualBox5. The „root“ password will be „zabbix“; you will need this only for advanced configuration changes, such as deployment of TLS certificates.

• Once installed, connect from your Web browser to the admin Web page at http:// and login as „Admin“ with a password „zabbix“.
• If you want to use Advantech Templates, download zbx_conel_templates.xml from the Advantech Engineering Portal, then enter the Zabbix Configuration section and click Templates, or enter http:///templates.php and then import the zbx_conel_templates.xmlfile.

Zabbix SNMP Templates

To monitor an Advantech cellular router via the standard SNMP

• In the router configuration [2], enable the SNMP service,
• In the Zabbix Host Configuration, add a SNMP Interface and link the Host to one or more SNMP Templates (see below).

The Zabbix Router App is not required for the SNMP monitoring. The following SNMP Templates can be used with Advantech cellular routers (indentation shows nested templates)

Serial Number A

Module Generic SNMP| SNMP agent availability System name

System object ID System description System location System contact details Uptime

|

Name

Location Contact

Module ICMP Ping| ICMP ping ICMP loss

ICMP response time

|
Module Interfaces Simple SNMP| Interface type Operational status Speed

Bits received Bits sent

Inbound packets discarded Inbound packets with errors Outbound packets discarded Outbound packets with errors

|
Module Conel Mobile 1 SNMP [3]| Modem IMEI Modem ESN Modem MEID Mobile registration Mobile technology Mobile operator Mobile card Mobile uptime

Mobile signal quality Mobile signal level (CSQ) Mobile signal strength Strength threshold Fair (A)

Strength threshold Weak (B)

| Serial Number B
---|---|---
Module Conel Mobile 1 Data SNMP [3]| Mobile inbound data 1/2 Mobile outbound data 1/2 Mobile connections 1/2 Mobile online time 1/2 Mobile offline time Mobile signal average Mobile signal min

Mobile signal max

|
Module Conel GPS SNMP [3]| Location altitude Location latitude Location longitude GPS satellites|

Latitude Longitude

We recommend you create a template specific to your router (e.g. “ICR-3211”) and then include (or not) the individual template modules depending on the router functions and your monitoring needs. For example, you should include the “Conel GPS SNMP” only if the GPS position is available.

Advantech custom templates, denoted by [3], are not included in the default installation; they need to be downloaded and installed manually. The name “Conel” is used for consistency with the SNMP OID [3].

The strength thresholds A and B are auto-calculated items that depend on the used mobile technology. They are used by the signal strength triggers. From the Mobile-2 OIDs [3] only the Mobile Yesterday table is represented in the Template Module Conel Mobile Data SNMP. The Mobile Today table contains incomplete interim values only and the other table such as Mobile This Week are not needed because Zabbix maintains its own statistics of past data.

The templates listed above define the following triggers

Uptime < 10m

Module ICMP Ping| Unavailable by ICMP ping High ICMP ping loss

High ICMP ping response time

|

20 < ICMP loss < 100

ICMP response time > 0.15

Module Conel Mobile SNMP [3]| Fair Mobile Signal Weak Mobile Signal| B < signal strength ≤ A signal strength ≤ B

Zabbix Agent Router App

Connectivity Configuration

To monitor an Advantech cellular router via the Zabbix agent:

• Install the Zabbix Agent Router App to the router. For more information on how to upload a router app see the Configuration Manual [2], chapter Customization –> Router Apps.
• In the Agent Configuration, configure connectivity to the Zabbix sever.
• In the Zabbix Host Configuration, add an Agent Interface, define Encryption settings to be aligned with the Agent configuration, and link the Host to one or more Agent Templates. Configuration of the Agent connectivity is in the upper part of the Configuration screen.

The bottom part is used for custom key configuration (see Section 3.3).

lowed. When disabled, the „system.run“ checks will be re- jected.
Listen Port| | Agent (passive mode) will listen on this port for connections from the server. Default is 10050.
Accept Server| | Incoming (passive mode) connections will be accepted only from the hosts listed here. Enter an IP address of your Zab- bix server. When empty, passive mode is disabled.
Accept unencrypted| | Accept (passive) connections without encryption. Not rec- ommended! The following „Accept xxx“ checks shall match the „Connections to host“ field in the Zabbix Encryption con- fig, see Figure X.
Accept Pre-Shared Key (PSK)| | Accept (passive) connections with TLS and a pre-shared key (PSK). When enabled, the PSK and its identity must be configured.
Accept certificate| | Accept (passive) connections with TLS and a certificate. When enabled, the CA and Local Certificate and Local Pri- vate Key must be configured.
Connect Servers| | IP:port (or hostname:port) of Zabbix server for active checks. Multiple comma-delimited addresses can be pro- vided to use several independent Zabbix servers in parallel. When empty, active checks will be disabled.
Encrypt Connection| | How the agent should connect to Zabbix server. Shall match the „Connections from host“ field in the Zabbix En- cryption config, Figure X.
Hostname| | Unique hostname. Shall match the „Host name“ field in the Zabbix Host config, Figure Y.
Refresh Checks Each| | How often does the Agent retrieve the list of active checks from the Server, in seconds. Default is 10 s.
Send Buffer Each| | How many check results (items) shall the Agent buffer be- fore establishing a connection and syncing values from this buffer to Zabbix server. Default is 5 s.
Max Buffer Size| | Defines maximum size of the buffer. When this buffer size is reached, the Agent will sync buffered values immediately. Default is 100 B.
PSK Identity| | Pre-shared key identity string. Shall match the „PSK iden- tity“ field in the Zabbix Encryption config, Figure X. The same PSK is used for both passive and active checks.
---|---|---
Pre-Shared Key (PSK)| | Pre-shared key to be used. Shall match the „PSK“ field in the Zabbix Encryption config, Figure X.
CA Certificate| | CA certificate chain for the authority that issued the Zabbix server certificates.
Local Certificate| | Certificate of the router, corresponding to the private key. The purpose must include „client authentication “. When generated by OpenSSL, the „extended key usage = client auth “ must be set. The CA certificate of the authority that issued this certificate must be included in the TLSCAFile in the server configuration.
Local Private Key| | Private key of the router. The same private key and certifi- cates are used for both passive and active checks.
Accept Cert Issuer| | Allowed server certificate issuer.    When specified, shall match the server certificate.
Accept Cert Subject| | Allowed server certificate subject. When specified, shall match the server certificate.

Each Router needs a corresponding entry in the Zabbix Host configuration

• The „Host name“ in the server config shall match the „Hostname“ in the Agent configuration.
• The monitoring interfaces (protocols) need to be explicitly listed and the router IP address or DNS name shall be specified.

The Encryption tab shall match the Agent configuration described above

•  The „Connections to host“ in the server config shall match the Accept unencrypted, Accept Pre-Shared Key (PSK) and Accept certificate fields.
• The „Connection from host“ in the server config shall match the Encrypt Connection in the Agent config.
• The PSK and its identity (if used) shall also match.

To use the TLS certificates, the Zabbix server needs its own certificates (TLSCAFile, TLSCert- File and TLSKeyFile) as described in the Zabbix Manual. See https://www.zabbix.com/documentation/current/manual/encryption/using_certificates

The purpose of the certificate must include „server authentication “. When generated by OpenSSL, the „extended key usage = server auth “ must be set.

Zabbix Agent Templates

Depending on the Zabbix server configuration, the agent can perform a large number of checks (measurements). Data are gathered in „items“. In Section 3.4 you can see a complete list of items supported.

• Please don’t create unnecessary load on the router and avoid using too many metrics.

The following (passive) Agent templates can be used with Advantech cellular routers (indentation shows nested templates)

Context switches per second CPU guest time (and similar)

|
Module Conel Resources by Agent [3]| Storage / free Storage / used Storage /opt free Storage /opt used Storage /var/data free

Storage /var/data used System memory available System memory used

|
Module Conel Integrity by Agent [3]| Checksum /etc/passwd Checksum /etc/settings.*|

Custom Items Configuration

In addition to the standard items you can define custom items to be monitored by your agent, active or passive. Configuration of the custom items is in the bottom part of the Configuration screen.

command on a single line. The command will be executed and a first line of the textual output (stdout) will be used as a value.
Timeout| Limits computation time of one check. Default 3 s.

The Command field supports only a limited set of characters: double-quotes (“) are not allowed and dollar signs “$” have to be prefixed with a backslash “\$”. If you need to build a more complex check, please create a shell script and use the Command field to trigger it.

Items Supported by Zabbix Agent

Standard Zabbix items (checks) are described in details https://www.zabbix.com/documentation/current/manual/config/items/itemtypes/zabbix_agent
Zabbix documentation also indicates which of the items are supported on various platforms: https://www.zabbix.com/documentation/current/manual/appendix/items/supported_by_platform

The following table complements that information and explains which of the standard agent items are supported on Advantech cellular routers.

log[file,,,,,

,]  e.g.: log[/var/log/messages,”authentication failure”„,skip„]| Active only
log.count[file,,,,,]| Active only
logrt[file_regexp,,,,,

,