How To Exclude Services From Windows Discovery in Zabbix 5.x
How To Exclude Services From Windows Discovery in Zabbix 5.x
When adding hosts with Windows and using the default Template Module Windows services by Zabbix agent template, we get a lot of notifications from services that we do not need. Below I will show you how to modify the Macro that will bypass the detection of these services and our Zabbix will not inform us unnecessarily about problems with these services.
Step By Step
For Windows Services by Zabbix agent
To apply a filter, edit the template by going to Configuration > Templates > Windows services by Zabbix agent > Macros. Make changes to Value for {$SERVICE.NAME.NOT_MATCHES}
^(BITS|TrustedInstaller|DPS|uhssvc|MMCSS|RemoteRegistry|edgeupdate|clr_optimization_*|WbioSrvc|CDPSvc_*|tiledatamodelsvc|VeeamVssSupport|wuauserv|ShellHWDetection|sppsvc|MapsBroker|WpnUserService_*\w+|OneSyncSvc_\w+)$
Click Update when completed.
If we want to add further exclusions of services, we add to Regular expression. Entries are separated by |. There is a limit of 255 characters in the RegX
If already added hosts report to us notifications from excluded services, you should delete these services in the host configuration or remove and add the monitored host again.
For Windows Services by Zabbix agent active
To apply a filter, edit the template by going to Configuration > Templates > Windows services by Zabbix agent active > Macros. Make changes to Value for {$SERVICE.NAME.NOT_MATCHES}
^(BITS|TrustedInstaller|DPS|uhssvc|MMCSS|RemoteRegistry|edgeupdate|clr_optimization_*|WbioSrvc|CDPSvc_*|tiledatamodelsvc|VeeamVssSupport|wuauserv|ShellHWDetection|sppsvc|MapsBroker|WpnUserService_*\w+|OneSyncSvc_\w+)$
If we want to add further exclusions of services, we add to Regular expression. Entries are separated by |. There is a limit of 255 characters in the RegX
Click Update.
Note: Zabbix scans devices that are using the template reguarly. When it scans and finds an already discovered service but see’s it is no longer needed it will flagged the service and tell you it will be delated at a specific date.
Leave a Reply