1. Encryption introduction
Zabbix version 3.0, began to support communication encryption between Zabbix server, Zabbix proxy, Zabbix agent, zabbix_sender and zabbix_get, encryption methods include pre-shared key (PSK) and certificate encryption, encryption configuration is optional, Some proxies and agents can use certificate authentication to encrypt communication, others can use PSK encrypted communication, and the rest can communicate without encryption. It should be noted that if you want to use encrypted communication, you must add the --with-openssl parameter when compiling. This article will introduce these two encryption methods separately.
1. Encrypted section
Encrypted transfers can be configured from multiple data collection segments, as shown in the following figure. This article uses encryption from proxy to agent as a demonstration, and others can use this as a reference. Also, the proxy proxy is configured in passive mode.
2. Simulation environment
IP Remarks
Server 192.168.3.104 No need to configure
Proxy 192.168.3.117 Configure Encryption
Agent 192.168.3.110 Configure Encryption
2. Preliminary preparation
To support the encryption function, we must compile the encryption library into Zabbix when compiling and installing, and add it when compiling –with-openssl, the following figure is for reference:
3. Encryption method
(1) background configuration file
- Generate psk using OpenSSL tools
- Configure the agent side of zabbix
Create a file /usr/local/zabbix/zabbix_agentd.conf.d/zabbix_agentd.psk and store it in the psk just generated. Then edit /usr/local/zabbix/zabbix_agentd.conf, add the following content, and restart the agent client after configuration.
- Use zabbix_get to test.
After the test is ok, start configuring on the Web page
2) Web side configuration - Proxy proxy web configuration:
proxy configuration à add proxy à agent agent program name (fill in the Hostname in the proxy configuration file), mode selection passive à ip fill in the proxy address à others keep the default.
- Agent client web configuration:
Select the proxy agent on the monitoring host, select PSK as the encryption method, and write the corresponding key, and the configuration encryption is completed.
2. certificate encryption
(1) Background configuration file
-
Proxy side:
modify the file /usr/local/zabbix/etc/zabbix_proxy.conf
2) Agent side
modify the file zabbix_agent.conf
(2) Web side configuration -
Proxy proxy web configuration:
proxy configuration à add proxy à agent agent program name (fill in the Hostname in the proxy configuration file), mode selection passive à ip fill in the proxy address à others keep the default
-
Agent client web configuration:
The above is the technical knowledge sharing of Zabbix in this issue. Hello everyone, I am Lele. I focus on the research and sharing of operation and maintenance technology. Follow me to learn Zabbix and other skills. For more operation and maintenance questions, you can leave a message in the Lewei community to ask questions~