2021/03/24 17:26 1/6 Windows-specific item keys

Windows-specific item keys

Item keys

The table provides details on the item keys that you can use with Zabbix Windows agent only.

See also: Minimum permission level for Windows agent items

Key
Description Return value Parameters Comments
eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxlines>,<mode>]
name - name of event log
regexp - regular
expression describing the
The item must be configured as an active
required pattern
check.
severity - regular
expression describing
Examples:
severity
⇒ eventlog[Application]
This parameter accepts the
⇒ eventlog[Security,,"Failure
following values:
Audit",,^(529|680)$]
“Information”, “Warning”,
⇒ eventlog[System,,"Warning|Error"]
“Error”, “Critical”,
⇒ eventlog[System,,,,^1$]
“Verbose” (since Zabbix
⇒ eventlog[System,,,,@TWOSHORT] -
2.2.0 running on Windows
here a custom regular expression named
Vista or newer)
TWOSHORT is referenced (defined as a
source - regular expression
Result is TRUE type, the expression itself
describing source identifier
being ^1$|^70$).
(regular expression is
Event log
Log supported since Zabbix
monitoring. Note that the agent is unable to send in
2.2.0)
events from the "Forwarded events" log.
eventid - regular
expression describing the
The mode parameter is supported since
event identifier(s)
Zabbix 2.0.0.
maxlines - maximum
“Windows Eventing 6.0” is supported
number of new lines per
since Zabbix 2.2.0.
second the agent will send
to Zabbix server or proxy.
Note that selecting a non-Log type of
This parameter overrides
information for this item will lead to the
the value of
loss of local timestamp, as well as log
'MaxLinesPerSecond' in
severity and source information.
zabbix_agentd.win.conf
mode - possible values:
See also additional information on log
all (default), skip - skip
monitoring.
processing of older data
(affects only newly created
items).
net.if.list

Zabbix Documentation 3.0 - https://www.zabbix.com/documentation/3.0/

Last
update:
manual:config:items:itemtypes:zabbix_agent:win_keys https://www.zabbix.com/documentation/3.0/manual/config/items/itemtypes/zabbix_agent/win_keys
2019/03/05
07:54

Key
Description Return value Parameters Comments
Supported since Zabbix agent version
1.8.1. Multi-byte interface names
supported since Zabbix agent version
Network 1.8.6. Disabled interfaces are not listed.
interface list
(includes Note that enabling/disabling some
interface type, Text components may change their ordering in
status, IPv4 the Windows interface name.
address,
description). Some Windows versions (for example,
Server 2008) might require the latest
updates installed to support non-ASCII
characters in interface names.
perf_counter[counter,<interval>]
Performance Monitor can be used to
obtain list of available counters. Until
counter - path to the version 1.6 this parameter will return
counter correct value only for counters that
interval - last N seconds require just one sample (like
Value of any Integer, float,
for storing the average \System\Threads). It will not work as
Windows string or text
value. expected for counters that require more
performance (depending on
The interval must be that one sample - like CPU utilisation.
counter. the request)
between 1 and 900 seconds Since 1.6, interval is used, so the
(included) and the default check returns an average value for last
value is 1. “interval” seconds every time.

See also: Windows performance counters.

proc_info[process,<attribute>,<type>]

https://www.zabbix.com/documentation/3.0/ Printed on 2021/03/24 17:26

2021/03/24 17:26 3/6 Windows-specific item keys

Key
Description Return value Parameters Comments
The following attributes are
supported:
vmsize (default) - size of process virtual
memory in Kbytes
wkset - size of process working set
(amount of physical memory used by
process) in Kbytes
pf - number of page faults
ktime - process kernel time in
milliseconds
utime - process user time in milliseconds
io_read_b - number of bytes read by
process during I/O operations
io_read_op - number of read operation
performed by process
io_write_b - number of bytes written by
process during I/O operations
io_write_op - number of write operation
performed by process
io_other_b - number of bytes transferred
by process during operations other than
read and write operations
io_other_op - number of I/O operations
performed by process, other than read
and write operations
process - process name
gdiobj - number of GDI objects used by
attribute - requested
Various process
process attribute
information userobj - number of USER objects used by
Float type - representation type
about specific process
(meaningful when more
process(es).
than one process with the
Valid types are:
same name exists)
avg (default) - average value for all
processes named <process>
min - minimum value among all
processes named <process>
max - maximum value among all
processes named <process>
sum - sum of values for all processes
named <process>

Examples:
⇒ proc_info[iexplore.exe,wkset,sum] - to
get the amount of physical memory taken
by all Internet Explorer processes
⇒ proc_info[iexplore.exe,pf,avg] - to get
the average number of page faults for
Internet Explorer processes

Note that on a 64-bit system, a 64-bit

Zabbix agent is required for this item to
work correctly.

Note: io_*, gdiobj and userobj attributes

are available only on Windows 2000 and
later versions of Windows, not on
Windows NT 4.0.
Zabbix Documentation 3.0 - https://www.zabbix.com/documentation/3.0/
Last
update:
manual:config:items:itemtypes:zabbix_agent:win_keys https://www.zabbix.com/documentation/3.0/manual/config/items/itemtypes/zabbix_agent/win_keys
2019/03/05
07:54

Key
Description Return value Parameters Comments
service.discovery
List of
Windows
Supported since Zabbix agent version
services. Used JSON object
3.0.
for low-level
discovery.
service.info[service,<param>]
Integer - with
param as
state, startup

String - with
param as
displayname,
path, user

Text - with Examples:

param as ⇒ service.info[SNMPTRAP] - state of the
description SNMPTRAP service
⇒ service.info[SNMP Trap] - state of the
Specifically for same service, but with display name
state: specified
0 - running, ⇒ service.info[EventLog,startup] - startup
service - a real service
1 - paused, type of the EventLog service
name or its display name
2 - start
Information as seen in MMC Services
pending, Items service.info[service,state] and
about a snap-in
3 - pause service.info[service] will return the same
service. param - state (default),
pending, information.
displayname, path, user,
4 - continue
startup or description
pending, Note that only with param as state this
5 - stop item returns a value for non-existing
pending, services (255).
6 - stopped,
7 - unknown, This item is supported since Zabbix 3.0.0.
255 - no such It should be used instead of the
service deprecated service_state[service] item.

Specifically for
startup:
0 - automatic,
1 - automatic
delayed,
2 - manual,
3 - disabled,
4 - unknown
services[<type>,<state>,<exclude>]

https://www.zabbix.com/documentation/3.0/ Printed on 2021/03/24 17:26

2021/03/24 17:26 5/6 Windows-specific item keys

Key
Description Return value Parameters Comments
type - all (default),
automatic, manual or Examples:
disabled ⇒ services[,started] - list of started
state - all (default), services
stopped, started, ⇒ services[automatic, stopped] - list of
0 - if empty
start_pending, stopped services, that should be run
stop_pending, running, ⇒ services[automatic, stopped,
Listing of Text - list of
continue_pending, "service1,service2,service3"] - list of
services. services
pause_pending or paused stopped services, that should be run,
separated by a
exclude - services to excluding services with names service1,
newline
exclude from the result. service2 and service3
Excluded services should
be listed in double quotes, The exclude parameter is supported
separated by comma, since Zabbix 1.8.1.
without spaces.
wmi.get[<namespace>,<query>]
Example:
Execute WMI ⇒ wmi.get[root\cimv2,select status from
Integer, float, namespace - WMI
query and Win32_DiskDrive where Name like
string or text namespace
return the first '%PHYSICALDRIVE0%'] - returns the
(depending on query - WMI query
selected status of the first physical disk.
the request) returning a single object
object.
This key is supported since Zabbix 2.2.0.
vm.vmemory.size[<type>]
Example:
⇒ vm.vmemory.size[pavailable] →
available virtual memory, in percentage
type - possible values:
available (available virtual Monitoring of virtual memory statistics is
Virtual Integer - for memory), pavailable based on:
memory size in bytes (available virtual memory, * Total virtual memory on Windows (total
bytes or in in percent), pused (used physical + page file size);
percentage Float - for virtual memory, in percent), * The maximum amount of memory
from total. percentage total (total virtual memory, Zabbix agent can commit;
default), used (used virtual * The current committed memory limit for
memory) the system or Zabbix agent, whichever is
smaller.

This key is supported since Zabbix 3.0.7.

Monitoring Windows services

This tutorial provides step-by-step instructions for setting up the monitoring of Windows services. It is
assumed that Zabbix server and agent are configured and operational.

Step 1

Get the service name.

You can get that name by going to MMC Services snap-in and bringing up the properties of the

Zabbix Documentation 3.0 - https://www.zabbix.com/documentation/3.0/

Last
update:
manual:config:items:itemtypes:zabbix_agent:win_keys https://www.zabbix.com/documentation/3.0/manual/config/items/itemtypes/zabbix_agent/win_keys
2019/03/05
07:54

service. In the General tab you should see a field called 'Service name'. The value that follows is the
name you will use when setting up an item for monitoring.

For example, if you wanted to monitor the “workstation” service then your service might be:
lanmanworkstation.

Step 2

Configure an item for monitoring the service.

The item service.info[service,<param>] retrieves the information about a particular service.

Depending on the information you need, specify the param option which accepts the following values:
displayname, state, path, user, startup or description. The default value is state if param is not
specified (service.info[service]).

The type of return value depends on chosen param: integer for state and startup; character string for
displayname, path and user; text for description.

Example:

Key: service.info[lanmanworkstation]
Type of information: Numeric (unsigned)
Show value: select the Windows service state value mapping

Two value maps are available Windows service state and Windows service startup type to map a
numerical value to a text representation in the Frontend.

Discovery of Windows services

Low-level discovery provides a way to automatically create items, triggers, and graphs for different
entities on a computer. Zabbix can automatically start monitoring Windows services on your machine,
without the need to know the exact name of a service or create items for each service manually. A
filter can be used to generate real items, triggers, and graphs only for services of interest.

From:
https://www.zabbix.com/documentation/3.0/ - Zabbix Documentation 3.0

Permanent link:
https://www.zabbix.com/documentation/3.0/manual/config/items/itemtypes/zabbix_agent/win_keys

Last update: 2019/03/05 07:54

https://www.zabbix.com/documentation/3.0/ Printed on 2021/03/24 17:26