OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • zabbix agent not working
« previous next »
  • Print
Pages: [1]

Author Topic: zabbix agent not working  (Read 1376 times)

xofer

  • Newbie
  • *
  • Posts: 42
  • Karma: 2
    • View Profile
zabbix agent not working
« on: March 03, 2022, 04:45:46 pm »
I feel stupid, but I cannot get zabbix agent to function on a particular opnsense machine. It works fine on several of them, but not at all in one.

Opnsense 22.1.2_1
os-zabbix-agent 1.11

I have also tried to install other zabbix version (os-zabbix54-agent), same behaviour
Zabbix agent conf is pretty basic:


Zabbix agent starts up with no errors, seems to listen to port 10050:
Code: [Select]
# sockstat | grep 10050
zabbix   zabbix_age 39652 4  tcp4   127.0.0.1:10050       *:*
zabbix   zabbix_age 39642 4  tcp4   127.0.0.1:10050       *:*
zabbix   zabbix_age 39623 4  tcp4   127.0.0.1:10050       *:*
zabbix   zabbix_age 39546 4  tcp4   127.0.0.1:10050       *:*
zabbix   zabbix_age 39464 4  tcp4   127.0.0.1:10050       *:*
However, when i run (it should immediately return zabbix agent version), it just lags until a timeout:
Code: [Select]
root@mono:~ # zabbix_get -s 127.0.0.1 -p 10050 -k agent.version
zabbix_get [93235]: Timeout while executing operation

it just hangs. Tcpdump on lo0 shows only packets going to port 10050, nothing returns:
Code: [Select]
17:08:08.858071 IP 127.0.0.1.27937 > 127.0.0.1.10050: Flags [S], seq 2348730218, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 1000361919 ecr 0], length 0
17:08:09.868097 IP 127.0.0.1.27937 > 127.0.0.1.10050: Flags [S], seq 2348730218, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 1000362929 ecr 0], length 0
17:08:12.095885 IP 127.0.0.1.27937 > 127.0.0.1.10050: Flags [S], seq 2348730218, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 1000365157 ecr 0], length 0
Zabbix agent log with extended debugging seems normal, seems to loop on its own stuff, nothing "extra" gets added when i run zabbix_get:
Code: [Select]
99440:20220303:172553.024 In update_cpustats()
 99440:20220303:172553.024 End of update_cpustats()
 99440:20220303:172553.024 zbx_setproctitle() title:'collector [idle 1 sec]'
 99440:20220303:172554.074 zbx_setproctitle() title:'collector [processing data]'
 99440:20220303:172554.074 In update_cpustats()
 99440:20220303:172554.074 End of update_cpustats()
 99440:20220303:172554.074 zbx_setproctitle() title:'collector [idle 1 sec]'
 99440:20220303:172555.085 zbx_setproctitle() title:'collector [processing data]'
 99440:20220303:172555.085 In update_cpustats()
 99440:20220303:172555.085 End of update_cpustats()
 99440:20220303:172555.085 zbx_setproctitle() title:'collector [idle 1 sec]'
 99440:20220303:172556.149 zbx_setproctitle() title:'collector [processing data]'
 99440:20220303:172556.149 In update_cpustats()
 99440:20220303:172556.149 End of update_cpustats()
 99440:20220303:172556.150 zbx_setproctitle() title:'collector [idle 1 sec]'
 99440:20220303:172557.159 zbx_setproctitle() title:'collector [processing data]'
 99440:20220303:172557.159 In update_cpustats()
 99440:20220303:172557.159 End of update_cpustats()
 99440:20220303:172557.159 zbx_setproctitle() title:'collector [idle 1 sec]'

I am totally at a loss what to try next.

On another host, same settings, same software versions, all works well:
Code: [Select]
# zabbix_get -s 127.0.0.1 -p 10050 -k agent.version
5.0.19
« Last Edit: March 03, 2022, 05:09:27 pm by xofer »
Logged

xofer

  • Newbie
  • *
  • Posts: 42
  • Karma: 2
    • View Profile
Re: zabbix agent not working
« Reply #1 on: March 03, 2022, 05:45:55 pm »
Ok, it seems i found the reason for zabbix agent not responding, but not the underlying cause yet.

It seems to be blocked by firewall:
Code: [Select]
<134>1 2022-03-03T18:15:09+02:00 ##### filterlog 88758 - [meta sequenceId="14242"] 10,,,02f4bab031b57d1e30553ce08e0ec131,lo0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,60,127.0.0.1,127.0.0.1,65087,10050,0,S,2442566319,,65228,,mss;nop;wscale;sackOK;TS
This machine does not have Firewall > Rules > Loopback in the GUI which i have on other hosts where it contains automatically generated rules to allow anything from lo0.

I do not think that i have done any allow rules on lo0 (127.0.0.1) on any opnsense machines, but on this one, the section is missing, automatically generated rules are missing and i cannot choose Loopback interface when creating a "Floating" rule.

Also, verified with pfctl that on this host lo0 pass rules are missing.

I managed to create a floating rule to allow traffic from 127.0.0.1 to 127.0.0.1 ip on any interface and this seems to alleviate the original problem. Zabbix agent now responds.

However, the updated issue is now different - how come the Loopback section is missing and how do i get it back?
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • zabbix agent not working
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2