Áú»¢¶Ä²©

8 Known issues

Proxy startup with MySQL 8.0.0-8.0.17

zabbix_proxy on MySQL versions 8.0.0-8.0.17 fails with the following "access denied" error:

[Z3001] connection to database 'zabbix' failed: [1227] Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation

That is due to MySQL 8.0.0 starting to enforce special permissions for setting session variables. However, in 8.0.18 this behavior was removed:

The workaround is based on granting additional privileges to the zabbix user:

For MySQL versions 8.0.14 - 8.0.17:

grant SESSION_VARIABLES_ADMIN on *.* to 'zabbix'@'localhost';

For MySQL versions 8.0.0 - 8.0.13:

grant SYSTEM_VARIABLES_ADMIN on *.* to 'zabbix'@'localhost';

. #### Installation from packages

It has been observed that it is impossible to install a specific frontend version by running, e.g.:

yum install -v zabbix-web-mysql-scl-5.0.0

As a workaround to this issue, if you wish to install a specific frontend version, specify version for all components, e.g.:

yum install zabbix-web-mysql-scl-5.0.0 zabbix-apache-conf-scl-5.0.0 zabbix-web-5.0.0 zabbix-web-deps-scl-5.0.0

Database connection encryption

Database connection encryption is not supported on RHEL/CentOS 7, because these systems ship with packages that are too old:

Name        : mariadb-libs
       Version     : 5.5.65
       
       Name        : postgresql-libs
       Version     : 9.2.24

Timescale DB

PostgreSQL versions 9.6-12 use too much memory when updating tables with a large number of partitions (). This issue manifests itself when Áú»¢¶Ä²© updates trends on systems with TimescaleDB if trends are split into relatively small (e.g. 1 day) chunks. This leads to hundreds of chunks present in the trends tables with default housekeeping settings - the condition where PostgreSQL is likely to run out of memory.

The issue has been resolved since Áú»¢¶Ä²© 5.0.1 for new installations with TimescaleDB, but if TimescaleDB was set up with Áú»¢¶Ä²© before that, please see for the migration notes.

Upgrade with MySQL below 5.7.0 or MariaDB below 10.2.2

Upgrading Áú»¢¶Ä²© may fail if database tables were created with older DB versions (MySQL versions prior to 5.7 or MariaDB versions prior to 10.2.2), because in those versions the default row format is compact.

This can be fixed by changing the row format to dynamic. See also (MariaDB) and (MySQL).

Database TLS connection with MariaDB

Database TLS connection is not supported with the 'verify_ca' option for the DBTLSConnect parameter if MariaDB is used.

Possible deadlocks with MySQL/MariaDB

When running under high load, and with more than one LLD worker involved, it is possible to run into a deadlock caused by an InnoDB error related to the row-locking strategy (see ). The error has been fixed in MySQL since 8.0.29, but not in MariaDB. For more details, see .

Global event correlation

Events may not get correlated correctly if the time interval between the first and second event is very small, i.e. half a second and less.

Numeric (float) data type range with PostgreSQL 11 and earlier

PostgreSQL 11 and earlier versions only support floating point value range of approximately -1.34E-154 to 1.34E+154.

NetBSD 8.0 and newer

Various Áú»¢¶Ä²© processes may randomly crash on startup on the NetBSD versions 8.X and 9.X. That is due to the too small default stack size (4MB), which must be increased by running:

ulimit -s 10240

For more information, please see the related problem report: .

IPMI checks

IPMI checks will not work with the standard OpenIPMI library package on Debian prior to 9 (stretch) and Ubuntu prior to 16.04 (xenial). To fix that, recompile OpenIPMI library with OpenSSL enabled as discussed in .

SSH checks

Some Linux distributions like Debian, Ubuntu do not support encrypted private keys (with passphrase) if the libssh2 library is installed from packages. Please see for more details.

When using libssh 0.9.x on CentOS 8 with OpenSSH 8 SSH checks may occasionally report "Cannot read data from SSH server". This is caused by a libssh (). The error is expected to have been fixed by a stable libssh 0.9.5 release. See also for details.

ODBC checks

• MySQL unixODBC driver should not be used with Áú»¢¶Ä²© server or Áú»¢¶Ä²© proxy compiled against MariaDB connector library and vice versa, if possible it is also better to avoid using the same connector as the driver due to an . Suggested setup:

PostgreSQL, SQLite or Oracle connector ¡ú MariaDB or MySQL unixODBC driver
       MariaDB connector ¡ú MariaDB unixODBC driver
       MySQL connector ¡ú MySQL unixODBC driver

Please see for more information and available workarounds.

• XML data queried from Microsoft SQL Server may get truncated in various ways on Linux and UNIX systems.

• It has been observed that using ODBC checks on CentOS 8 for monitoring Oracle databases using Oracle Instant Client for Linux 11.2.0.4.0 causes the Áú»¢¶Ä²© server to crash. The issue can be solved by upgrading Oracle Instant Client to 12.1.0.2.0, 12.2.0.1.0, 18.5.0.0.0 or 19. See also .

Incorrect request method parameter in items

The request method parameter, used only in HTTP checks, may be incorrectly set to '1', a non-default value for all items as a result of upgrade from a pre-4.0 Áú»¢¶Ä²© version. For details on how to fix this situation, see .

Web monitoring and HTTP agent

Áú»¢¶Ä²© server leaks memory on CentOS 6, CentOS 7 and possibly other related Linux distributions due to an when "SSL verify peer" is enabled in web scenarios or HTTP agent. Please see for more information and available workarounds.

Simple checks

There is a bug in fping versions earlier than v3.10 that mishandles duplicate echo replay packets. This may cause unexpected results for icmpping, icmppingloss, icmppingsec items. It is recommended to use the latest version of fping. Please see for more details.

Errors with fping execution in rootless containers

When containers are running in rootless mode or in a specific-restrictions environment, you may face errors related to fping execution when performing ICMP checks, such as fping: Operation not permitted or all packets to all resources lost.

To fix this problem add --cap-add=net_raw to "docker run" or "podman run" commands.

Additionally fping execution in non-root environments may require sysctl modification, i.e.:

sudo sysctl -w "net.ipv4.ping_group_range=0 1995"

where "1995" is the zabbix GID. For more details, see .

SNMP checks

If the OpenBSD operating system is used, a use-after-free bug in the Net-SNMP library up to the 5.7.3 version can cause a crash of Áú»¢¶Ä²© server if the SourceIP parameter is set in the Áú»¢¶Ä²© server configuration file. As a workaround, please do not set the SourceIP parameter. The same problem applies also for Linux, but it does not cause Áú»¢¶Ä²© server to stop working. A local patch for the net-snmp package on OpenBSD was applied and will be released with OpenBSD 6.3.

SNMP data spikes

Spikes in SNMP data have been observed that may be related to certain physical factors like voltage spikes in the mains. See more details.

SNMP traps

The "net-snmp-perl" package, needed for SNMP traps, has been removed in RHEL/CentOS 8.0-8.2; re-added in RHEL 8.3.

So if you are using RHEL 8.0-8.2, the best solution is to upgrade to RHEL 8.3; if you are using CentOS 8.0-8.2, you may wait for CentOS 8.3 or use a package from EPEL.

Please also see for more information.

Alerter process crash in Centos/RHEL 7

Instances of a Áú»¢¶Ä²© server alerter process crash have been encountered in Centos/RHEL 7. Please see for details.

Flipping frontend locales

It has been observed that frontend locales may flip without apparent logic, i. e. some pages (or parts of pages) are displayed in one language while other pages (or parts of pages) in a different language. Typically the problem may appear when there are several users, some of whom use one locale, while others use another.

A known workaround to this is to disable multithreading in PHP and Apache.

The problem is related to how setting the locale works : locale information is maintained per process, not per thread. So in a multi-thread environment, when there are several projects run by same Apache process, it is possible that the locale gets changed in another thread and that changes how data can be processed in the Áú»¢¶Ä²© thread.

For more information, please see related problem reports:

• (Problem with flipping frontend locales)
• (Problem with number processing in graphs using the bcdiv function of BC Math functions)

PHP 7.3 opcache configuration

If "opcache" is enabled in the PHP 7.3 configuration, Áú»¢¶Ä²© frontend may show a blank screen when loaded for the first time. This is a registered . To work around this, please set the "opcache.optimization_level" parameter to 0x7FFFBFDF in the PHP configuration (php.ini file).

Graphs

Changes to Daylight Saving Time (DST) result in irregularities when displaying X axis labels (date duplication, date missing, etc).

Log file monitoring

log[] and logrt[] items repeatedly reread log file from the beginning if file system is 100% full and the log file is being appended (see for more information).

Slow MySQL queries

Áú»¢¶Ä²© server generates slow select queries in case of non-existing values for items. This is caused by a known in MySQL 5.6/5.7 versions. A workaround to this is disabling the index_condition_pushdown optimizer in MySQL. For an extended discussion, see .

Permission checks for dashboards with graphs

If SVG graphs are used in Áú»¢¶Ä²© dashboards, Áú»¢¶Ä²© frontend may generate non-optimized API queries when checking user permissions to hosts and items. This is happening because such searches support wildcards and case-insensitive name matching.

To improve performance of SQL statements, manually apply the patch index_host_and_item_name_upper_field.sql provided in Áú»¢¶Ä²© 5.0.31 and newer.

For MySQL, run:

shell> mysql -uzabbix -p<password> zabbix < index_host_and_item_name_upper_field.sql

For PostgreSQL, run:

shell> cat index_host_and_item_name_upper_field.sql | sudo -u zabbix psql zabbix

For Oracle, run:

sqlplus> @index_host_and_item_name_upper_field.sql

Creation of deterministic triggers should be enabled for the time of patch application. On MySQL and MariaDB, this requires GLOBAL log_bin_trust_function_creators = 1 to be set if binary logging is enabled and there is no superuser privileges and log_bin_trust_function_creators = 1 is not set in MySQL configuration file. To set the variable using MySQL console, run:

mysql> SET GLOBAL log_bin_trust_function_creators = 1;

Once the patch has been successfully applied, log_bin_trust_function_creators can be disabled:

mysql> SET GLOBAL log_bin_trust_function_creators = 0;

Triggers are also created for PostgreSQL and Oracle database.

Non-existing item value retrieval with MySQL 5.6/5.7

Áú»¢¶Ä²© server generates slow select queries in case of non-existing values for items. This is caused by a known in MySQL 5.6/5.7 versions. A workaround to this is disabling the index_condition_pushdown optimizer in MySQL. For an extended discussion, see .

Slow event info retrieval with older MySQL databases

Áú»¢¶Ä²© 5.0 installations with MySQL 5.X and 8.0.19 might run a slow query when retrieving problem/event information from the database. In particular, this affects the Problems by severity widget, event.get and problem.get API methods. To improve performance of SQL statements, apply the patch provided in (available for Áú»¢¶Ä²© 5.0.4 and newer).

API login

A large number of open user sessions can be created when using custom scripts with the user.login method without a following user.logout.

IPv6 address issue in SNMPv3 traps

Due to a net-snmp bug, IPv6 address may not be correctly displayed when using SNMPv3 in SNMP traps. For more details and a possible workaround, see .

Trimmed long IPv6 IP address in failed login information

Failed login attempt message will display only the first 39 characters of a stored IP address as that's the character limit in the database field. That means that IPv6 IP addresses longer than 39 characters will be shown incompletely.

Áú»¢¶Ä²© agent checks on Windows

Non-existing DNS entries in a Server parameter of Áú»¢¶Ä²© agent configuration file (zabbix_agentd.conf) may increase Áú»¢¶Ä²© agent response time on Windows. This happens because Windows DNS caching daemon doesn't cache negative responses for IPv4 addresses. However, for IPv6 addresses negative responses are cached, so a possible workaround to this is disabling IPv4 on the host.

Setup wizard on SUSE with NGINX and php-fpm

Frontend setup wizard cannot save configuration file on SUSE with NGINX + php-fpm. This is caused by a setting in /usr/lib/systemd/system/php-fpm.service unit, which prevents Áú»¢¶Ä²© from writing to /etc. (introduced in ).

There are two workaround options available:

• Set the option to 'true' instead of 'full' in the php-fpm systemd unit.
• Manually save /etc/zabbix/web/zabbix.conf.php file.

MySQL custom error codes

If Áú»¢¶Ä²© is used with MySQL installation on Azure, an unclear error message [9002] Some errors occurred may appear in Áú»¢¶Ä²© logs. This generic error text is sent to Áú»¢¶Ä²© server or proxy by the database. To get more information about the cause of the error, check Azure logs.