Thursday, December 16, 2010

Getting statistical values from Exim4 in Zabbix

I made a quick few modifications to our Zabbix installation to monitor mail coming in and spam counts/day and such...
This could still use a lot of improvements, but for now at least I am happy :)
Do notice the Exim queue count is the only data that's always on spot. The other values like spam and such are dependant on how log rotation is setup for exim4. With us that was daily, so I gave all the items a description like 'today's rejected spam' which basically sums up exactly what it is :)
Also, I place my values in /tmp which probably has some security issues, but tbh, it seems safe enough to me.. and as the values are so small, I wont have any space issues (besides... I monitor /tmp afaik ;)

put the following in a crontab: (make sure user has enough rights, and do crontab -e)

*/2 * * * * /usr/sbin/exim -bpc > /tmp/eximcount.txt
*/5 * * * * grep -c "Message rejected as spam" /var/log/exim4/rejectlog > /tmp/exim_spamcount.txt
*/5 * * * * grep -c "Unrouteable address" /var/log/exim4/rejectlog > /tmp/exim_unrouteable.txt
*/5 * * * * grep -c "This message contains malware" /var/log/exim4/rejectlog > /tmp/exim_malware.txt
*/5 * * * * grep -c "relay not permitted" /var/log/exim4/rejectlog > /tmp/exim_relay.txt
*/5 * * * * grep "<=" /var/log/exim4/mainlog | grep | wc -l > /tmp/exim_incoming_internal.txt
*/5 * * * * grep "<=" /var/log/exim4/mainlog | grep | grep | wc -l > /tmp/exim_incoming_exchange.txt
*/5 * * * * grep "<=" /var/log/exim4/mainlog | grep | grep -v | wc -l > /tmp/exim_incoming_nonexchange.txt
*/5 * * * * grep "<=" /var/log/exim4/mainlog | grep -v | wc -l > /tmp/exim_incoming_external.txt
*/5 * * * * grep -c Completed /var/log/exim4/mainlog > /tmp/exim_completed.txt
(note: some of these values, especially where i grep our company name are kinda specific to my situation)

Part of the above text falls off the article, no worries, you can still copy/paste all the info :)
then add the following to your zabbix_agentd.conf (located at /etc/zabbix-agent), and afterwards restart zabbix-agent (/etc/init.d/zabbix-agent restart):

UserParameter=exim4.mailq,cat /tmp/eximcount.txt
UserParameter=exim4.spamq,cat /tmp/exim_spamcount.txt
UserParameter=exim4.unrouteq,cat /tmp/exim_unrouteable.txt
UserParameter=exim4.malwareq,cat /tmp/exim_malware.txt
UserParameter=exim4.relayq,cat /tmp/exim_relay.txt
UserParameter=exim4.incintq,cat /tmp/exim_incoming_internal.txt
UserParameter=exim4.incexchangeq,cat /tmp/exim_incoming_exchange.txt
UserParameter=exim4.incnonexchangeq,cat /tmp/exim_incoming_nonexchange.txt
UserParameter=exim4.incexternalq,cat /tmp/exim_incoming_external.txt
UserParameter=exim4.completedq,cat /tmp/exim_completed.txt

Then go to Zabbix, create a template exim4:
  • Go to Configuration
  • Go to Hosts (left above)
  • Change Hosts into Templates (right above, the pulldown box)
  • Create template:
    • Name: exim4
    • save
onward to create your first item (I do only one, the rest should be child's play to add in the same way!)
  • Now on the topright corner, set Group to templates (host should default to All)
  • Locate Template_Exim4 and click Items on the rightside.
  • Now topright you have the option Create Item, click it.
    • Host: Template_Exim4 (automatically filled in, i check this to make sure i'm actually editing the template, not directly a host)
    • Description: Exim4: Today's messages rejected as spam
    • Type: Zabbix agent
    • key: exim4.spamq
    • Type of information: Numeric (unsigned)
    • Data type: Decimal
    • Update interval (in sec): 300
  • Leave other values as they are...or whatever you want... and Save
If you have done all this correctly, and added your template to a host; Within +-5 to 10 minutes you should have data slowly going to zabbix, check by going to Monitoring/Latest Data, and select a server to which you applied the exim4 template.

Have fun! (i plan to do more Zabbix related articles at a later point :)

ps. this worked on our in production Ubuntu 10.04 server, running exim4 4.71-31ubuntu1 & zabbix-agent and zabbix-server-mysql 1:1.8.1-1ubuntu1

screenshot of this all at work: (to show I'm not completely talking out my ass :)


  1. woops, user parameters for the last few values were incorrect...
    corrected just after the update mail went out... sorry! :)

  2. later noticed that my previous edit had converted any greater or smaller then signs to the usual > type html conversions... apparently a blogspot thing.
    Converted all those back to what they should be, and removed some useless "wc -l" commands by just added -c on the grep command line.

  3. Not enough of this item:
    Exim: Today's completed messages

    1. No idea, haven't used exim in a while (at least not in a work environment),
      they could have changed the logging a bit since 2010 ;)