Mastering Agentless Monitoring with Zabbix on Cloudpanel 🔍

06/01/2025 06/01/2025 devops 8 mins read
Table Of Contents

Understanding Agentless Monitoring Architecture

Modern infrastructure monitoring requires flexible, scalable solutions that can adapt to diverse environments. Zabbix’s agentless monitoring represents a sophisticated approach to system observation, eliminating the need for agent deployment while maintaining robust monitoring capabilities.

Core Components and Protocols

Agentless monitoring leverages several key protocols for data collection:

  • SSH for secure command execution
  • SNMP for network device monitoring
  • IPMI for hardware health metrics
  • HTTP/HTTPS for web service monitoring

Implementation Guide

Configuring SSH Access

First, let’s establish secure SSH access for Zabbix:

ssh-setup.sh
#!/bin/bash


# Configuration variables
ZABBIX_SERVER_KEY="/etc/zabbix/ssh_keys/id_rsa.pub"
TARGET_USER="zabbix-monitor"
TARGET_GROUP="zabbix-monitor"


# Create monitoring user with restricted privileges
sudo useradd -r -s /bin/bash -m -d /home/${TARGET_USER} ${TARGET_USER}
sudo mkdir -p /home/${TARGET_USER}/.ssh
sudo chmod 700 /home/${TARGET_USER}/.ssh


# Set up authorized keys with restricted commands
cat <<EOF > /home/${TARGET_USER}/.ssh/authorized_keys
command="uptime,free,mpstat" $(cat ${ZABBIX_SERVER_KEY})
EOF


sudo chmod 600 /home/${TARGET_USER}/.ssh/authorized_keys
sudo chown -R ${TARGET_USER}:${TARGET_GROUP} /home/${TARGET_USER}/.ssh

Basic Monitoring Template

Here’s our enhanced monitoring script that includes CloudPanel-specific metrics:

enhanced-monitoring.sh
#!/bin/bash


# System metrics collection
collect_system_metrics() {
    echo "=== System Metrics ==="
    uptime
    free -m
    mpstat


    # CloudPanel specific metrics
    if [ -d "/home/clp" ]; then
        echo "=== CloudPanel Metrics ==="
        # Nginx status
        systemctl status nginx | grep "Active:"
        # MySQL connections
        mysql -N -e "SHOW STATUS LIKE 'Threads_connected';"
        # PHP-FPM pools
        find /etc/php-fpm.d/ -name "*.conf" -exec basename {} \;
    fi
}


# Main execution
collect_system_metrics

Advanced Zabbix Templates

Let’s create a sophisticated monitoring template that incorporates both standard system metrics and CloudPanel-specific monitoring:

cloudpanel-template.js
// Template definition for Zabbix API
const cloudPanelTemplate = {
    template: "Template CloudPanel Advanced Monitoring",
    groups: {
        name: "CloudPanel Servers"
    },
    items: [
        {
            name: "Nginx Status",
            key_: "custom.nginx.status",
            type: 0,
            value_type: 3,
            delay: "1m"
        },
        {
            name: "MySQL Active Connections",
            key_: "custom.mysql.connections",
            type: 0,
            value_type: 3,
            delay: "2m"
        },
        {
            name: "PHP-FPM Pool Count",
            key_: "custom.phpfpm.pools",
            type: 0,
            value_type: 3,
            delay: "5m"
        }
    ],
    triggers: [
        {
            name: "Nginx Service Down",
            expression: "{Template CloudPanel Advanced Monitoring:custom.nginx.status.last()}=0",
            priority: 4
        },
        {
            name: "High MySQL Connections",
            expression: "{Template CloudPanel Advanced Monitoring:custom.mysql.connections.last()}>100",
            priority: 3
        }
    ]
};

CloudPanel Log Analysis and Traffic Monitoring

Before diving into advanced monitoring scenarios, let’s explore CloudPanel’s unique log structure and implement sophisticated traffic analysis. CloudPanel organizes logs by user, with each user having their own nginx access logs. This structure requires special consideration in our monitoring approach.

Implementing Traffic Analysis

The following script demonstrates how to monitor nginx traffic patterns and detect potential issues across all CloudPanel users:

cloudpanel-traffic-monitor.sh
#!/bin/bash


# Constants for configuration
ALERT_THRESHOLD_REQUESTS=500    # Threshold for high traffic from single IP
ERROR_THRESHOLD=100             # Threshold for error rate monitoring
SAMPLE_SIZE=1000               # Number of recent log entries to analyze
LOG_BASE_PATH="/home"          # Base path for user directories


analyze_nginx_traffic() {
    echo "Starting nginx traffic analysis..."


    # Iterate through each user's directory
    for user_dir in ${LOG_BASE_PATH}/*/; do
        username=$(basename "$user_dir")


        # Skip CloudPanel system user
        if [ "$username" != "clp" ] && [ -d "${user_dir}logs/nginx" ]; then
            # Process each access log file
            for access_log in "${user_dir}logs/nginx"/*access.log; do
                if [ -f "$access_log" ]; then
                    # Analyze high traffic patterns
                    local high_traffic_ips=$(tail -n ${SAMPLE_SIZE} "$access_log" |
                        awk '{print $1}' |
                        sort |
                        uniq -c |
                        sort -nr |
                        head -n 5)


                    # Get the highest traffic count
                    local top_ip_count=$(echo "$high_traffic_ips" |
                        head -n 1 |
                        awk '{print $1}')


                    # Alert on high traffic
                    if [ "${top_ip_count:-0}" -gt ${ALERT_THRESHOLD_REQUESTS} ]; then
                        echo "High traffic detected for user: ${username}"
                        echo "Top IPs and request counts:"
                        echo "${high_traffic_ips}"
                    fi


                    # Monitor for error rates
                    local error_count=$(tail -n ${SAMPLE_SIZE} "$access_log" |
                        awk '$9 ~ /^[45]/ {print $9}' |
                        wc -l)


                    # Alert on high error rates
                    if [ "${error_count:-0}" -gt ${ERROR_THRESHOLD} ]; then
                        local error_details=$(tail -n ${SAMPLE_SIZE} "$access_log" |
                            awk '$9 ~ /^[45]/ {print $1,$9,$7}' |
                            tail -n 10)
                        echo "High error rate for user: ${username}"
                        echo "Recent errors:"
                        echo "${error_details}"
                    fi
                fi
            done
        fi
    done
}


# Execute the analysis
analyze_nginx_traffic

This script performs several important monitoring tasks:

  1. Traverses user-specific log directories in CloudPanel’s structure
  2. Analyzes recent traffic patterns for potential DDoS or abuse
  3. Monitors error rates to detect application issues
  4. Generates detailed reports for investigation

Integrating with Zabbix

To incorporate this CloudPanel-specific monitoring into Zabbix, we can create custom items that process these logs:

zabbix-cloudpanel-items.sh
#!/bin/bash


# Function to format data for Zabbix
format_zabbix_data() {
    local hostname="$1"
    local key="$2"
    local value="$3"
    echo "${hostname} ${key} ${value}"
}


# Process log data for Zabbix
process_logs_for_zabbix() {
    local hostname=$(hostname)


    for user_dir in /home/*/; do
        username=$(basename "$user_dir")
        if [ "$username" != "clp" ] && [ -d "${user_dir}logs/nginx" ]; then
            # Calculate metrics
            local total_requests=$(find "${user_dir}logs/nginx" -name "*access.log" -exec wc -l {} \; | awk '{sum+=$1} END {print sum}')
            local error_rate=$(find "${user_dir}logs/nginx" -name "*access.log" -exec awk '$9 ~ /^[45]/' {} \; | wc -l)


            # Format for Zabbix
            format_zabbix_data "$hostname" "cloudpanel.user[$username,requests]" "$total_requests"
            format_zabbix_data "$hostname" "cloudpanel.user[$username,errors]" "$error_rate"
        fi
    done
}


# Execute and send to Zabbix
process_logs_for_zabbix | zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -i -

Creating Custom Triggers

Let’s implement sophisticated triggers that account for CloudPanel’s multi-user environment:

cloudpanel-triggers.js
// Define triggers for CloudPanel user monitoring
const cloudPanelTriggers = {
    highTraffic: {
        name: "High Traffic Rate for {HOST.NAME} - User: {#USERNAME}",
        expression: "{CloudPanel:cloudpanel.user[{#USERNAME},requests].rate(5m)} > 1000",
        severity: "WARNING",
        description: "Detected high traffic rate for user {#USERNAME}"
    },
    errorSpike: {
        name: "Error Rate Spike for {HOST.NAME} - User: {#USERNAME}",
        expression: "{CloudPanel:cloudpanel.user[{#USERNAME},errors].min(5m)} > 100",
        severity: "HIGH",
        description: "High error rate detected for user {#USERNAME}"
    },
    sustainedLoad: {
        name: "Sustained High Load for {HOST.NAME} - User: {#USERNAME}",
        expression: "{CloudPanel:cloudpanel.user[{#USERNAME},requests].avg(15m)} > 500",
        severity: "AVERAGE",
        description: "Sustained high load detected for user {#USERNAME}"
    }
};

Advanced Monitoring Scenarios

CloudPanel Integration

When monitoring CloudPanel installations, we need to consider several unique aspects:

cloudpanel-monitor.sh
#!/bin/bash


# CloudPanel specific monitoring
NGINX_VHOST_DIR="/etc/nginx/sites-enabled"
PHP_FPM_DIR="/etc/php-fpm.d"
MYSQL_SOCK="/var/lib/mysql/mysql.sock"


# Monitor vhost configurations
monitor_vhosts() {
    local vhost_count=$(ls -1 ${NGINX_VHOST_DIR} | wc -l)
    local active_vhosts=$(nginx -T 2>/dev/null | grep "server_name" | wc -l)


    echo "Virtual Hosts: ${vhost_count}"
    echo "Active Configurations: ${active_vhosts}"
}


# Monitor PHP-FPM pools
monitor_php_pools() {
    for pool in ${PHP_FPM_DIR}/*.conf; do
        local pool_name=$(basename ${pool} .conf)
        local pool_status=$(systemctl is-active php-fpm@${pool_name})
        echo "Pool ${pool_name}: ${pool_status}"
    done
}


# Execute monitoring
monitor_vhosts
monitor_php_pools

Performance Optimization

For CloudPanel environments, we should monitor specific performance metrics:

cloudpanel-triggers.txt
# High load triggers for CloudPanel
{Template CloudPanel:system.cpu.util[,user].avg(5m)}>80 = High CPU Usage
{Template CloudPanel:vm.memory.util.avg(5m)}>90 = Critical Memory Usage
{Template CloudPanel:vfs.fs.size[/,pfree].last()}<10 = Low Disk Space Warning


# Service-specific triggers
{Template CloudPanel:net.tcp.service[http,,80].last()}=0 = Web Server Down
{Template CloudPanel:net.tcp.service[mysql].last()}=0 = Database Server Down

Best Practices and Considerations

Security Hardening

When implementing agentless monitoring, especially in CloudPanel environments, consider these security measures:

  1. Use dedicated monitoring users with restricted permissions
  2. Implement SSH key rotation
  3. Set up IP-based access controls
  4. Enable detailed audit logging

Scaling Considerations

For large-scale deployments:

  1. Implement proxy servers for distributed monitoring
  2. Use efficient polling intervals
  3. Optimize trigger expressions
  4. Configure appropriate history retention

Conclusion

Agentless monitoring with Zabbix provides a powerful solution for modern infrastructure monitoring. By incorporating CloudPanel-specific metrics and following best practices, you can build a robust monitoring system that scales with your needs while maintaining security and performance.

Remember to regularly review and update your monitoring templates as your infrastructure evolves, and always test new monitoring configurations in a staging environment before deploying to production.