Zabbix Integration - EasyAlert
Zabbix
Receive alerts from Zabbix monitoring system
Overview
Zabbix is an open-source enterprise monitoring solution. Easyalert receives alerts from Zabbix via webhook media type, automatically creating incidents from trigger events.
ℹ️ Info: This integration works with Zabbix 5.0+ which supports native webhook media types.
Requirements
- Zabbix 5.0 or higher (for Webhook media type support)
- Easyalert account and active tenant
- Admin privileges in Zabbix
Setup Instructions
Step 1: Create Integration in Easyalert
- Go to Integrations page from left menu
- Click Add Integration button
- Select Zabbix as Source Type
- Enter a name (e.g.,
Zabbix Production) - Click Create to save
- Copy the generated Webhook URL
Example:
https://api.easyalert.io/api/v1/webhooks/ingest/wh_abc123...
Step 2: Create Media Type in Zabbix
Go to Administration → Media types → Create media type
| Field | Value |
|---|---|
| Name | Easyalert |
| Type | Webhook |
Step 3: Add Parameters
Click Add link to add each parameter one by one:
| Name | Value |
|---|---|
URL | {ALERT.SENDTO} |
event_id | {EVENT.ID} |
trigger_id | {TRIGGER.ID} |
trigger_name | {TRIGGER.NAME} |
trigger_description | {TRIGGER.DESCRIPTION} |
trigger_severity | {TRIGGER.SEVERITY} |
trigger_status | {TRIGGER.STATUS} |
host_name | {HOST.NAME} |
host_ip | {HOST.IP} |
event_date | {EVENT.DATE} |
event_time | {EVENT.TIME} |
event_recovery_date | {EVENT.RECOVERY.DATE} |
event_recovery_time | {EVENT.RECOVERY.TIME} |
item_name | {ITEM.NAME} |
item_value | {ITEM.VALUE} |
event_tags | {EVENT.TAGS} |
host_tags | {HOST.TAGS} |
trigger_tags | {TRIGGER.TAGS} |
Step 4: Add Webhook Script
Copy this script into the Script section:
var params = JSON.parse(value),
req = new HttpRequest(),
payload = {};
payload.event_id = params.event_id;
payload.trigger_id = params.trigger_id;
payload.trigger_name = params.trigger_name;
payload.trigger_description = params.trigger_description;
payload.trigger_severity = params.trigger_severity;
payload.trigger_status = params.trigger_status;
payload.host_name = params.host_name;
payload.host_ip = params.host_ip;
payload.event_date = params.event_date;
payload.event_time = params.event_time;
payload.event_recovery_date = params.event_recovery_date;
payload.event_recovery_time = params.event_recovery_time;
payload.item_name = params.item_name;
payload.item_value = params.item_value;
payload.tags = {};
function parseTags(tagString) {
if (!tagString || tagString.length === 0) return;
var pairs = tagString.split(',');
for (var i = 0; i < pairs.length; i++) {
var pair = pairs[i].trim();
var c = pair.indexOf(':');
if (c > 0) {
payload.tags[pair.substring(0,c).trim()] = pair.substring(c+1).trim();
}
}
}
parseTags(params.host_tags);
parseTags(params.trigger_tags);
parseTags(params.event_tags);
req.addHeader('Content-Type: application/json');
var resp = req.post(params.URL, JSON.stringify(payload));
if (req.getStatus() !== 200 && req.getStatus() !== 202) {
throw 'Response code: ' + req.getStatus() + ' Response: ' + resp;
}
return resp;
Step 5: Add Message Templates (Required)
Switch to Message templates tab and add these two templates:
Problem:
| Field | Value |
|---|---|
| Message type | Problem |
| Subject | {TRIGGER.NAME} |
| Message | {EVENT.ID} |
Problem Recovery:
| Field | Value |
|---|---|
| Message type | Problem recovery |
| Subject | {TRIGGER.NAME} |
| Message | {EVENT.ID} |
Step 6: Configure Other Settings
| Field | Value |
|---|---|
| Timeout | 30s |
| Process tags | Checked |
| Enabled | Checked |
Step 7: Create Webhook User
Go to Administration → Users → Create user
| Field | Value |
|---|---|
| Alias | Easyalert-webhook |
| Groups | No access to the frontend |
| Password | Any password |
Switch to Media tab and click Add:
| Field | Value |
|---|---|
| Type | Easyalert |
| Send to | Your copied Webhook URL |
| When active | 1-7,00:00-24:00 |
| Use if severity | Check all |
Step 8: Create Action
Go to Configuration → Actions → Trigger actions → Create action
Action Tab:
| Field | Value |
|---|---|
| Name | Send to Easyalert |
| Enabled | Checked |
Operations Tab - Click Add:
| Field | Value |
|---|---|
| Send to users | Easyalert-webhook |
| Send only to | Easyalert |
Recovery Operations: Add same settings for resolved alerts.
Field Mapping
Easyalert automatically maps Zabbix fields:
| Zabbix Field | Easyalert Field |
|---|---|
event_id | Event ID |
trigger_name | Title |
trigger_description | Description |
trigger_status | Status (PROBLEM → problem, OK → ok) |
trigger_severity | Severity |
host_name | Host |
host_ip | Host IP |
item_name | Service |
event_tags | Tags |
Severity Mapping
| Zabbix Severity | Zabbix Code | Easyalert Severity |
|---|---|---|
| Disaster | 5 | critical |
| High | 4 | high |
| Average | 3 | warning |
| Warning | 2 | warning |
| Information | 1 | info |
| Not classified | 0 | info |
Status Handling
| Zabbix Status | Easyalert Status | Action |
|---|---|---|
| PROBLEM | Problem | Creates/updates incident |
| OK | OK | Resolves incident |
Recovery events (OK status) automatically resolve the corresponding incident.
Using Tags
Zabbix tags are used for routing in Easyalert.
Where to Define Tags
| Location | Menu |
|---|---|
| Host | Configuration → Hosts → [Host] → Tags |
| Trigger | Configuration → Hosts → [Host] → Triggers → [Trigger] → Tags |
| Template | Configuration → Templates → [Template] → Tags |
Example Tags
| Tag | Value | Usage |
|---|---|---|
customer | AcmeCorp | Customer-based routing |
environment | production | Environment-based routing |
team | backend | Team-based routing |
Usage in Easyalert
In Escalation Routing:
tags.customer equals AcmeCorp → Acme Policy
tags.environment equals production → Production Policy
Test
After completing Zabbix setup, you can test manually:
curl -X POST "YOUR_WEBHOOK_URL" \
-H "Content-Type: application/json" \
-d '{
"event_id": "12345",
"trigger_id": "100",
"trigger_name": "High CPU Usage",
"trigger_description": "CPU usage exceeded 90%",
"trigger_severity": "4",
"trigger_status": "PROBLEM",
"host_name": "web-server-01",
"host_ip": "192.168.1.10",
"event_date": "2024.12.03",
"event_time": "10:30:00",
"item_name": "CPU utilization",
"item_value": "95%",
"tags": {
"customer": "AcmeCorp",
"environment": "production"
}
}'
Troubleshooting
Alerts not being received
- Check if Media Type is active
- Verify media is added to user
- Check if Action is enabled
- Review Zabbix action logs for errors
Tags not coming through
- Verify
event_tags,host_tags,trigger_tagsare in Parameters - Check if the script is complete
- Ensure "Process tags" is checked in media type settings
Wrong severity mapping
- Check if Zabbix sends numeric (0-5) or text severity
- Configure appropriate severity mapping
- View webhook samples to see actual values
Recovery events not resolving incidents
- Verify recovery operations are enabled in Zabbix action
- Check the
trigger_statusfield is included in payload - Ensure event_id matches between PROBLEM and OK events
Connection refused
- Check firewall/network settings
- Verify Zabbix server can reach Easyalert API
- Test connectivity with curl from Zabbix server
401 Unauthorized
- Verify Webhook URL is correct
- Check if integration is active in Easyalert
- Regenerate webhook token if needed
Best Practices
Use Event Tags: Add tags in Zabbix for better routing and filtering in Easyalert. Tags like environment, team, and service help with escalation routing.
Include Trigger URL: Add {TRIGGER.URL} parameter to help responders quickly navigate to Zabbix for more details.
Configure Recovery: Enable recovery operations to automatically resolve incidents when the problem clears.
Test with Low Severity: Use Information or Warning severity triggers for initial testing to avoid unnecessary escalations.
Organize with Host Groups: Use Zabbix host groups to organize hosts and include group info in tags for routing.