Quickly Understand The Difference Between Active And Passive Checks In Zabbix

The active and passive check concept can be a little confusing to understand, especially if you’re new to Zabbix. Here is how to quickly make sense of it and if you’re familiar with SNMP traps, we can use that as a reference point as well.

The distinction between active and passive monitoring in both SNMP and Zabbix revolves around where the data is generated from and how the communication flows between the monitoring system and the monitored devices. When the devices proactively send data, it aligns with active monitoring, and when the monitoring system actively queries the devices, it aligns with passive monitoring.

Think of SNMP Traps (if you’re already familiar that is)

SNMP Traps (Active) In SNMP traps, the SNMP agents (devices) generate and send unsolicited messages to the SNMP manager (monitoring system) when specific events occur. This is similar to Zabbix’s active monitoring, where the Zabbix agents (endpoints) actively send data to the Zabbix server (monitoring system) at regular intervals.

Regular SNMP (Passive): In regular SNMP, the SNMP manager (monitoring system) polls the SNMP agents (devices) for specific information by sending “GET” requests, and the agents respond with the requested data. This is more similar to Zabbix’s passive monitoring, where the Zabbix server (monitoring system) polls the Zabbix agents (endpoints) to retrieve data.

But Should I Use Active Or Passive Checks In Zabbix?
Of course there is no avoiding this question but like with most answers in IT, we land on the good ol, all to common answer ‘it depends’. FYI – Zabbix uses passive checks by default but here is a breakdown to help you make your decision. I personally believe the default passive checks work fine for most uses cases. However, the decision to use active or passive checks in Zabbix depends on your specific monitoring requirements and network environment. Each method has its advantages and considerations, so it’s essential to understand the differences to make an informed choice:

1. Passive Checks:

  • Pros:
    • Simplicity: Passive checks are easier to set up as they require the Zabbix server to have access to the Zabbix agents, and the agents only need to be running and reachable.
    • Network-Friendly: If you have firewalls or network restrictions, passive checks are often more feasible, as the Zabbix server initiates the communication.
    • Less Load on Agents: Passive checks put less load on the monitored hosts, as they only respond when queried by the server.
  • Cons:
    • Slightly Delayed Data: Passive checks rely on the Zabbix server to initiate data collection, so there might be a slight delay in data retrieval compared to active checks.

2. Active Checks:

  • Pros:
    • Real-Time Data: Active checks provide real-time data as the Zabbix agents proactively push data to the server at defined intervals.
    • Lower Server Load: Active checks can reduce the Zabbix server’s load as agents are responsible for pushing data, and the server doesn’t need to poll multiple agents.
  • Cons:
    • Complexity: Configuring active checks requires additional setup on both the Zabbix server and agent sides.
    • Network Configuration: Active checks may require network adjustments, and the Zabbix server needs to be able to reach the agents directly.

Considerations:

  • If you have a simple network setup and no network restrictions, passive checks might be the easier choice to implement.
  • If you need real-time data and have a more complex network or specific security considerations, active checks could be the preferred option.

Many Zabbix users opt for passive checks by default due to its simplicity and ease of configuration. However, some may switch to active checks for specific use cases that require real-time data or to reduce the server load.

Ultimately, the choice between active and passive checks should be based on your specific monitoring requirements, network architecture, and any potential security or performance concerns. It’s also worth considering testing both methods in a controlled environment to see which one fits your needs best before implementing them in production.

Official Zabbix documentation.

#understanding the difference between active and passive checks in Zabbix
#what is active and passive checks in Zabbix?
#should I use active or passive checks in Zabbix?
#zabbix active checks vs passive checks
#is zabbix active checks better then passive checks?

Setting Up SNMP Traps In Zabbix v6.4

In this example, we use a Cisco switch (SF300-24P) to send SNMP traps to our Zabbix server. We’ll install a zabbix_trap_receiver.pl (perl script) on Zabbix server in order to process the SNMP traps.

Enable SNMP Traps On Cisco Switch


enable
conf t
snmp-server enable traps
snmp-server host <zabbix server ip> version 2c <your community string>
exit
copy run start

You can verify your SNMP config with:

show snmp

Enable SNMP On Cisco Switch

enable
conf t

Use the below command if you wish to add a Read-Only community string:


snmp-server community public RO

(where “public” is the Read-only community string)

Use the below command if you wish to add a Read-Write community string:

snmp-server community private RW

(where “private” is the Read-write community string)

Exit the configuration mode and save the settings with ->


exit
write memory

Bonus SNMP Commands

Disable SNMP:

 no snmp server

Check SNMP status:

show snmp server

Re-enable SNMP:

snmp server

Set Up Your Zabbix Server To Receive And Process SNMP Traps


Step 1 – Ensure Port 162 Is Open On Your Zabbix Server

If the Linux distro you’re running Zabbix on has port 162 blocked, you will need to open it as SNMP traps are typically sent on port 162.

For Ubuntu, Rspbian, Debian distros you can try this cmd to open port 162


iptables -A INPUT -p udp --dport 162 -J ACCEPT
sudo service iptables restart

For Centos, you can try these cmd’s:


firewall-cmd --add-port=162/udp --permanent
firewall-cmd --reload

If you can’t get the ports opened with those commands, ask ChatGPT

Step 2 – Enable And Configure SNMP Traps On Your Device
(using a Cisco switch in my case as outlined in the beginning of this blog)

Step 3 – Edit Zabbix Server Config


sudo vim /etc/zabbix/zabbix_server.conf

Comment out log file path like so: #SNMPTrapperFile=/var/log/snmptrap.log
Since we will be using the tmp path, you need to uncomment (remove the hashtag) ‘SNMPTrapperFile=/tmp/zabbix_traps.tmp’

Turn on SNMP Trapper by removing the hastag and changing 0 to 1 like so:
StartSNMPTrapper=1

Step 4 – Install zabbix_trap_receiver.pl File To /usr/bin


sudo wget https://git.zabbix.com/projects/ZBX/repos/zabbix/raw/misc/snmptrap/zabbix_trap_receiver.pl -O /usr/bin/zabbix_trap_receiver.pl

If you’re having trouble using the wget command to get the perl script, you can download the zabbix_trap_receiver.pl (perl script) directly from us here and we can get it on the server another way.

Recommend you stick the file on your desktop so you can conveniently copy it up to your Zabbix server in the next coming steps.

From windows cmd line and copy the file up to your Zabbix server with SCP:


scp "C:\Users\reasonableit\Desktop\zabbix_trap_receiver.pl" reasonableit@172.16.10.4:~

(you will need to replace the bolded text of that command with your own unique information, such as username and your zabbix server IP)

Now we need to move the file to the correct directory.
ssh to your Linux/Zabbix server and run this cmd


sudo mv ~/zabbix_trap_receiver.pl /usr/bin/zabbix_trap_receiver.pl

Step 5 – Set Permissions For The Perl Script
Run this cmd from your Linux/Zabbix server

sudo chmod a+x /usr/bin/zabbix_trap_receiver.pl

Step 6 –  Install snmptrapd On Your Zabbix Server

sudo apt install snmp snmp-mibs-downloader snmptrapd

Step 7 – Edit snmptrapd.conf File

sudo vim /etc/snmp/snmptrapd.conf

Add these two lines to bottom of config file with your correct community string (change ‘public’ to your community string):

authCommunity execute <your community string>
perl do “/usr/bin/zabbix_trap_receiver.pl”;

Step 8 – Install libssnmp-perl 
Perl is often missing in modern Linux distributions so we will need to install it with this command:

sudo apt-get install libsnmp-perl

Step 9 – Restart Zabbix Server & snmptrapd Services

sudo service zabbix-server restart
sudo service snmptrapd restart
sudo zabbix_server -R config_cache_reload

Step 10 – Add the host to Zabbix Frontend
Refer to video for details but basically, just add your switch with an SNMP template, generate an snmp trap (WR command on Cisco switch should generate one) and check the SNMP Trap (fallback) item of your device in Zabbix.

Note – You will add your device just like any normal SNMP monitored device with an SNMP template, you do not need to change the port to 162 (what the switch sends snmp traps out on) as the perl script and the Zabbix snmp Trap (fallback) item will handle the snmp trap processing for you. You just need to make sure port 162 is open on your Zabbix server.

Bonus

Zabbix SNMP Trap Documentation

You should also be able to send test traps from your Zabbix server to itself with the following cmd

snmptrap -v2c -cpublic 172.16.10.4 '' .1.3.6.1.6.3.1.1.5.3 .1.3.6.1.6.3.1.1.5.3 s "test trap v2c"

#how to setup SNMP traps in Zabbix 6.4
#how to enable snmp traps on Cisco Switch and monitor with Zabbix 6.4

Buy Us A Coffee

As we delve more into content creation for our youtube channel, we’ve decided to open a donation option for those who may not necessarily be a client but would still like to show some love ❤️

So if one of our videos or blogs has really helped you out and you’d like to show support, welp, now you have an option to Buy Me A Coffee ☕️😁

Of course all donations, big or small, are greatly appreciated and help us to keep pumping out great content for you.

Cheers.