Login

u/CyberBloodhound

r/zabbix
▲ 5 r/zabbix

Zabbix 7 template for Kerio Connect mail server (JSON-RPC, no agent required)

Sharing a template I built and recently open-sourced.

The official zabbix.com/integrations page has templates for Kerio Control (the firewall) but nothing for Kerio Connect (the mail server). The zabbix/community-templates repo is also empty for it. The forum threads I found suggest parsing the Kerio DAT graph file with regex. That works, but you lose the API metrics.

I run a Kerio Connect 10.x deployment and got tired of monitoring it blind, so I wrote a Zabbix 7 template against the JSON-RPC Admin API.

Architecture

One HTTP Agent master item per poll, 1-minute interval:

Session.login
  → Statistics.get
  → Services.get
  → ProductRegistration.getFullStatus
  → Server.getVersion
Session.logout

24 dependent items extract values from the resulting JSON blob (~8 KB) via JSONPath. One LLD rule discovers running services and creates a per-service status item from a prototype.

Two template flavors

Kerio Connect by Script: the Zabbix server or proxy talks to https://<kerio>:4040/ directly. No agent on the mail host.

Kerio Connect by Zabbix agent: for segments where the proxy cannot reach :4040. kerio_collector.py runs under a UserParameter. Credentials live in /etc/zabbix/kerio_connect.conf (chmod 0600), not in zabbix_agent2.conf, because Zabbix host macros are not expanded inside that file. Timeout=30 is mandatory in zabbix_agent2.conf; four HTTPS calls including login do not fit in the default three seconds.

Gotchas worth knowing before you import

  1. The Auditor role cannot call SystemHealth.get or Domains.get. CPU, RAM, swap, and per-domain metrics are deliberately not in the template. Pair with the standard Linux or Windows OS template for those.
  2. Kerio counters reset to zero on service restart. CHANGE_PER_SECOND then yields a large negative delta on the next poll. Every rate-converted counter has IN_RANGE [0, 1e9] DISCARD_VALUE to mask that.
  3. Nine triggers (four disk severity tiers, queue depth, SMTP auth-failure rate, license expiry, AV infection, per-service stopped). All non-master triggers depend on the master nodata trigger, so an API outage produces one root alert instead of a cascade.

Verified against

Kerio Connect 10.0.8.9228 on Windows, Zabbix 7.0, collection via Zabbix proxy. 60 unit tests in pytest tests/.

Repo: https://github.com/IT-for-Prof/zabbix-kerio-connect

Disclosure: I am the author. Released under MIT, no commercial component, PRs and issues welcome.

reddit.com
u/CyberBloodhound — 23 days ago