��Ĳ�

Table of Contents

8 Known issues

8 Known issues

Incorrect permissions in packages

Some repository files in the zabbix-release package have incorrect permissions (755 instead of 644) in the 6.2 release in these locations:

/etc/apt/sources.list.d/zabbix.list
/etc/apt/sources.list.d/zabbix-agent2-plugins.list
/etc/apt/trusted.gpg.d/zabbix-official-repo.gpg

This has been fixed in zabbix-release-6.2-4 packages. Despite that, running apt update && apt upgrade will not fix the permission issue, but fresh installations will have correct permissions.

The user may manually change permissions (chmod) for these files from 755 to 644. This should not have any impact on overall operation.

Proxy startup with MySQL 8.0.0-8.0.17

zabbix_proxy on MySQL versions 8.0.0-8.0.17 fails with the following "access denied" error:

[Z3001] connection to database 'zabbix' failed: [1227] Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation

That is due to MySQL 8.0.0 starting to enforce special permissions for setting session variables. However, in 8.0.18 this behavior was removed:

The workaround is based on granting additional privileges to the zabbix user:

For MySQL versions 8.0.14 - 8.0.17:

grant SESSION_VARIABLES_ADMIN on *.* to 'zabbix'@'localhost';

For MySQL versions 8.0.0 - 8.0.13:

grant SYSTEM_VARIABLES_ADMIN on *.* to 'zabbix'@'localhost';

Timescale DB: high memory usage with large number of partitions

PostgreSQL versions 9.6-12 use too much memory when updating tables with a large number of partitions (). This issue manifests itself when ��Ĳ� updates trends on systems with TimescaleDB if trends are split into relatively small (e.g. 1 day) chunks. This leads to hundreds of chunks present in the trends tables with default housekeeping settings - the condition where PostgreSQL is likely to run out of memory.

The issue has been resolved since ��Ĳ� 5.0.1 for new installations with TimescaleDB, but if TimescaleDB was set up with ��Ĳ� before that, please see for the migration notes.

Timescale DB 2.5.0: compression policy can fail on tables that contain integers

This issue manifests when TimescaleDB 2.5.0/2.5.1 is used. It has been resolved since TimescaleDB 2.5.2.

For more information, please see .

Upgrade with MariaDB 10.2.1 and before

Upgrading ��Ĳ� may fail if database tables were created with MariaDB 10.2.1 and before, because in those versions the default row format is compact. This can be fixed by changing the row format to dynamic (see also ).

Database TLS connection with MariaDB

Database TLS connection is not supported with the 'verify_ca' option for the DBTLSConnect parameter if MariaDB is used.

Possible deadlocks with MySQL/MariaDB

When running under high load, and with more than one LLD worker involved, it is possible to run into a deadlock caused by an InnoDB error related to the row-locking strategy (see ). The error has been fixed in MySQL since 8.0.29, but not in MariaDB. For more details, see .

Global event correlation

Events may not get correlated correctly if the time interval between the first and second event is very small, i.e. half a second and less.

Numeric (float) data type range with PostgreSQL 11 and earlier

PostgreSQL 11 and earlier versions only support floating point value range of approximately -1.34E-154 to 1.34E+154.

NetBSD 8.0 and newer

Various ��Ĳ� processes may randomly crash on startup on the NetBSD versions 8.X and 9.X. That is due to the too small default stack size (4MB), which must be increased by running:

ulimit -s 10240

For more information, please see the related problem report: .

IPMI checks

IPMI checks will not work with the standard OpenIPMI library package on Debian prior to 9 (stretch) and Ubuntu prior to 16.04 (xenial). To fix that, recompile OpenIPMI library with OpenSSL enabled as discussed in .

SSH checks

Some Linux distributions like Debian, Ubuntu do not support encrypted private keys (with passphrase) if the libssh2 library is installed from packages. Please see for more details.
When using libssh 0.9.x on CentOS 8 with OpenSSH 8 SSH checks may occasionally report "Cannot read data from SSH server". This is caused by a libssh (). The error is expected to have been fixed by a stable libssh 0.9.5 release. See also for details.
Using the pipe "|" in the SSH script may lead to a "Cannot read data from SSH server" error. In this case it is recommended to upgrade the libssh library version. See also for details.

ODBC checks

MySQL unixODBC driver should not be used with ��Ĳ� server or ��Ĳ� proxy compiled against MariaDB connector library and vice versa, if possible it is also better to avoid using the same connector as the driver due to an . Suggested setup:

PostgreSQL, SQLite or Oracle connector → MariaDB or MySQL unixODBC driver MariaDB connector → MariaDB unixODBC driver MySQL connector → MySQL unixODBC driver

See for more information and available workarounds.

XML data queried from Microsoft SQL Server may get truncated in various ways on Linux and UNIX systems.
It has been observed that using ODBC checks for monitoring Oracle databases using various versions of Oracle Instant Client for Linux causes ��Ĳ� server to crash. See also: , .
If using FreeTDS UnixODBC driver, you need to prepend a 'SET NOCOUNT ON' statement to an SQL query (for example, SET NOCOUNT ON DECLARE @strsql NVARCHAR(max) SET @strsql = ....). Otherwise, database monitor item in ��Ĳ� will fail to retrieve the information with an error "SQL query returned empty result".
See for more information.

Incorrect request method parameter in items

The request method parameter, used only in HTTP checks, may be incorrectly set to '1', a non-default value for all items as a result of upgrade from a pre-4.0 ��Ĳ� version. For details on how to fix this situation, see .

Web monitoring and HTTP agent

��Ĳ� server leaks memory on CentOS 6, CentOS 7 and possibly other related Linux distributions due to an when "SSL verify peer" is enabled in web scenarios or HTTP agent. Please see for more information and available workarounds.

Simple checks

There is a bug in fping versions earlier than v3.10 that mishandles duplicate echo replay packets. This may cause unexpected results for icmpping, icmppingloss, icmppingsec items. It is recommended to use the latest version of fping. Please see for more details.

SNMP checks

If the OpenBSD operating system is used, a use-after-free bug in the Net-SNMP library up to the 5.7.3 version can cause a crash of ��Ĳ� server if the SourceIP parameter is set in the ��Ĳ� server configuration file. As a workaround, please do not set the SourceIP parameter. The same problem applies also for Linux, but it does not cause ��Ĳ� server to stop working. A local patch for the net-snmp package on OpenBSD was applied and will be released with OpenBSD 6.3.

SNMP data spikes

Spikes in SNMP data have been observed that may be related to certain physical factors like voltage spikes in the mains. See more details.

SNMP traps

The "net-snmp-perl" package, needed for SNMP traps, has been removed in RHEL/CentOS 8.0-8.2; re-added in RHEL 8.3.

So if you are using RHEL 8.0-8.2, the best solution is to upgrade to RHEL 8.3; if you are using CentOS 8.0-8.2, you may wait for CentOS 8.3 or use a package from EPEL.

Please also see for more information.

Alerter process crash in Centos/RHEL 7

Instances of a ��Ĳ� server alerter process crash have been encountered in Centos/RHEL 7. Please see for details.

Compiling ��Ĳ� agent on HP-UX

If you install the PCRE library from a popular HP-UX package site , for example from file pcre-8.42-ia64_64-11.31.depot, you get only the 64-bit version of the library installed in the /usr/local/lib/hpux64 directory.

In this case, for successful agent compilation customized options need to be used for the "configure" script, e.g.:

CFLAGS="+DD64" ./configure --enable-agent --with-libpcre-include=/usr/local/include --with-libpcre-lib=/usr/local/lib/hpux64

Flipping frontend locales

It has been observed that frontend locales may flip without apparent logic, i. e. some pages (or parts of pages) are displayed in one language while other pages (or parts of pages) in a different language. Typically the problem may appear when there are several users, some of whom use one locale, while others use another.

A known workaround to this is to disable multithreading in PHP and Apache.

The problem is related to how setting the locale works : locale information is maintained per process, not per thread. So in a multi-thread environment, when there are several projects run by same Apache process, it is possible that the locale gets changed in another thread and that changes how data can be processed in the ��Ĳ� thread.

For more information, please see related problem reports:

(Problem with flipping frontend locales)
(Problem with number processing in graphs using the bcdiv function of BC Math functions)

PHP 7.3 opcache configuration

If "opcache" is enabled in the PHP 7.3 configuration, ��Ĳ� frontend may show a blank screen when loaded for the first time. This is a registered . To work around this, please set the "opcache.optimization_level" parameter to 0x7FFFBFDF in the PHP configuration (php.ini file).

Graphs

Daylight Saving Time

Changes to Daylight Saving Time (DST) result in irregularities when displaying X axis labels (date duplication, date missing, etc).

Sum aggregation

When using sum aggregation in a graph for period that is less than one hour, graphs display incorrect (multiplied) values when data come from trends.

Log file monitoring

log[] and logrt[] items repeatedly reread log file from the beginning if file system is 100% full and the log file is being appended (see for more information).

Slow MySQL queries

��Ĳ� server generates slow select queries in case of non-existing values for items. This is caused by a known in MySQL 5.6/5.7 versions. A workaround to this is disabling the index_condition_pushdown optimizer in MySQL. For an extended discussion, see .

A large number of open user sessions can be created when using custom scripts with the user.login method without a following user.logout.

IPv6 address issue in SNMPv3 traps

Due to a net-snmp bug, IPv6 address may not be correctly displayed when using SNMPv3 in SNMP traps. For more details and a possible workaround, see .

A failed login attempt message will display only the first 39 characters of a stored IP address as that's the character limit in the database field. That means that IPv6 IP addresses longer than 39 characters will be shown incompletely.

��Ĳ� agent checks on Windows

Non-existing DNS entries in a Server parameter of ��Ĳ� agent configuration file (zabbix_agentd.conf) may increase ��Ĳ� agent response time on Windows. This happens because Windows DNS caching daemon doesn't cache negative responses for IPv4 addresses. However, for IPv6 addresses negative responses are cached, so a possible workaround to this is disabling IPv4 on the host.

YAML export/import

There are some known issues with YAML export/import:

Error messages are not translatable;
Valid JSON with a .yaml file extension sometimes cannot be imported;
Unquoted human-readable dates are automatically converted to Unix timestamps.

Setup wizard on SUSE with NGINX and php-fpm

Frontend setup wizard cannot save configuration file on SUSE with NGINX + php-fpm. This is caused by a setting in /usr/lib/systemd/system/php-fpm.service unit, which prevents ��Ĳ� from writing to /etc. (introduced in ).

There are two workaround options available:

Set the option to 'true' instead of 'full' in the php-fpm systemd unit.
Manually save /etc/zabbix/web/zabbix.conf.php file.

Chromium for ��Ĳ� web service on Ubuntu 20

Though in most cases, ��Ĳ� web service can run with Chromium, on Ubuntu 20.04 using Chromium causes the following error:

Cannot fetch data: chrome failed to start:cmd_run.go:994:
       WARNING: cannot create user data directory: cannot create 
       "/var/lib/zabbix/snap/chromium/1564": mkdir /var/lib/zabbix: permission denied
       Sorry, home directories outside of /home are not currently supported. See https://forum.snapcraft.io/t/11209 for details.

This error occurs because /var/lib/zabbix is used as a home directory of user 'zabbix'.

MySQL custom error codes

If ��Ĳ� is used with MySQL installation on Azure, an unclear error message [9002] Some errors occurred may appear in ��Ĳ� logs. This generic error text is sent to ��Ĳ� server or proxy by the database. To get more information about the cause of the error, check Azure logs.

Invalid regular expressions after switching to PCRE2

In ��Ĳ� 6.0 support for PCRE2 has been added. Even though PCRE is still supported, ��Ĳ� installation packages for RHEL/CentOS 7 and newer, SLES (all versions), Debian 9 and newer, Ubuntu 16.04 and newer have been updated to use PCRE2. While providing many benefits, switching to PCRE2 may cause certain existing PCRE regexp patterns becoming invalid or behaving differently. In particular, this affects the pattern ^[\w-\.]. In order to make this regexp valid again without affecting semantics, change the expression to ^[-\w\.] . This happens due to the fact that PCRE2 treats the dash sign as a delimiter, creating a range inside a character class.

The maps in the Geomap widget may not load correctly, if you have upgraded from an older ��Ĳ� version with NGINX and didn't switch to the new NGINX configuration file during the upgrade.

To fix the issue, you can discard the old configuration file, use the configuration file from the current version package and reconfigure it as described in the download instructions in section e. Configure PHP for ��Ĳ� frontend.

Alternatively, you can manually edit an existing NGINX configuration file (typically, /etc/zabbix/nginx.conf). To do so, open the file and locate the following block:

location ~ /(api\/|conf[^\.]|include|locale|vendor) {
               deny            all;
               return          404;
       }

Then, replace this block with:

location ~ /(api\/|conf[^\.]|include|locale) {
               deny            all;
               return          404;
       }
       
       location /vendor {
               deny            all;
               return          404;
       }

Issues in ��Ĳ� 6.2.5

Server-proxy compatibility

This version has the following server-proxy compatibility issues:

��Ĳ� server 6.2.5 will not work with a ��Ĳ� proxy below/above 6.2.5;
��Ĳ� proxy 6.2.5 will not work with a ��Ĳ� server below/above 6.2.5.

JSONPath parsing errors

JSONPath parsing errors occur in case of leading whitespace and empty array/object. Fixed in ��Ĳ� 6.2.6.

�����Ĳ�

Documentation