Unable to run the prepare.py - cannot connect to Zabbix API

[bettafishopb]

Hi can anyone pls help me? when i tried running "python3.6 /opt/monitoring/zabbix-threat-control/prepare.py -uvtda" to create the objects in Zabbix, i encountered an error saying that I'm unable to connect to Zabbix API as I'm logged in as 'guest'. (have attached the text file containing the error message).
However, I've specified the 'Admin' (zabbix administrator) log-in in the ztc.conf file.

I am running Zabbix server version 4.0 on CentOS Linux release 7.6.1810 (Core), while the zabbix agents are 2.2.x and 4.0. The version of python I'm using is 3.6.

Running "pip3.6 list" shows: jpath (1.6) pyzabbix (0.7.5) requests (2.21.0) six (1.12.0) vulners (1.4.5)

pls help, would really like to get ztc to work with my zabbix server. Thanks!

ZTC error.txt

[samosvat]

You need to specify in ztc.conf username and password of the user with "Zabbix Super Admin" user type. What credentials do you have specified in ztc.conf now?

[bettafishopb]

Hi currently, in the ztc.conf, i've specified the "ZabbixApiUser = Admin", which is the Zabbix Super Admin by default.

As for the other credentials, "ZabbixFrontUrl", "ZabbixServerFQDN" and "ZabbixServerPort", i did not specify any since they are optional.

Thanks!

[samosvat]

If you do not specify a ZabbixFrontUrl - ztc uses fallback URL: http://localhost/zabbix. Try specifying the URL.

[bettafishopb]

Hi I specified the ZabbixFrontUrl but I'm still getting the same error.

[samosvat]

here is the code where the problem occurs

try:
    zapi = ZabbixAPI(zbx_url, timeout=5)
    zapi.session.verify = zbx_verify_ssl
    zapi.login(zbx_user, zbx_pass)
    zapi_ver = zapi.api_version()
    print('Connected to Zabbix API v.{}\n'.format(zapi.api_version()))
    zapi_ver_float = float(zapi_ver.split('.')[0] + '.' + zapi_ver.split('.')[1])
    if zapi_ver_float < required_zapi_ver:
        print('Required Zabbix version {} or higher\nExit.'.format(required_zapi_ver))
        exit(0)
except Exception as e:
    print('Error: Can\'t connect to Zabbix API. Exception: {}'.format(e))
    exit(1)

it doesn't occur to me that there might be a problem. Can I see the whole ztc.conf ?

[bettafishopb]

sorry for the late reply. Was end of week. This is the ztc.conf currently in the system. I've masked out the IP in the ZabbixFrontURL. If you need that too, let me know.

Thanks!

ztc.conf.txt

[samosvat]

check the connection type: http/https index.php - need to remove

As an example: my prod env: ZabbixFrontUrl = https://zabbix.qiwi.com my dev env: ZabbixFrontUrl = http://127.0.0.1/zabbix

[bettafishopb]

Hello, My connection type is http. I removed the index.php and the 'can't connect to api' error is solved. Subsequently there was another error related to "zabbix_get" not able to run remote commands which i managed to fix. However, i get another "zabbix_sender" error below which i can't resolve. Does it matter if my zabbix agents are running in active mode (active agents)?

Connected to Zabbix API v.4.0.5

Checking the connection to the zabbix-agent... Сompleted successfully. For connecting with zabbix-agent used address "127.0.0.1"

Checking the connection to the zabbix-server via zabbix_sender... Error: Can't send data with zabbix-sender: Command: zabbix_sender -z my.companydomain.com

ZabbixServerPort = 10051 -p 10051 -s zabbix_sender_ztc_test -k zabbix_sender_ztc_test -o 1 -vv zabbix_sender [8778]: too few or mutually exclusive options used usage: ....... /bin/sh: line 3: ZabbixServerPort: command not found

Please fix this for continue!

Thank you.

[samosvat]

uncomment # ZabbixServerPort = 10051

[bettafishopb]

yes, i've uncommented it.

[yorchaac]

Hello I tried to integrate vulners with zabbix last version but I have the next issue when I execute "python3.6 /opt/monitoring/zabbix-threat-control/prepare.py -uvtda" I got:

Checking the connection to the zabbix-agent... Error: Can't execute remote command on zabbix-agent: Command: zabbix_get -s localhost -k system.run["echo CheckRemoteCommand"] zabbix_get [3767]: Check access restrictions in Zabbix agent configuration

If I execute the same command with other item all seems works fine zabbix_get -s 127.0.0.1 -k agent.hostname I got : Zabbix server

[samosvat]

Differences: zabbix_get -s localhost -k system.run["echo CheckRemoteCommand"] zabbix_get -s 127.0.0.1 -k agent.hostname

To enable this functionality (system.run), agent configuration file must contain EnableRemoteCommands=1 option.

[yorchaac]

I’m already change that value on /etc/zabbix/zabbix_agentd.conf and also LogRemoteCommands=1, after do that I restart Zabbix-agent and then I execute : python3.6 /opt/monitoring/zabbix-threat-control/prepare.py -uvtda

On Mar 22, 2019, at 3:15 AM, Nikolay Samosvat notifications@github.com wrote:

Differences: zabbix_get -s localhost -k system.run["echo CheckRemoteCommand"] zabbix_get -s 127.0.0.1 -k agent.hostname

To enable this functionality (system.run), agent configuration file must contain EnableRemoteCommands=1 option.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.