Configuring Zabbix Internet Monitoring Using Parent–Child Trigger Dependency

Zabbix Internet Monitoring Using Parent–Child Trigger Dependency (ICMP)

This document describes the standard procedure to monitor Internet availability using Zabbix and to suppress server alerts during Internet outages by using trigger dependency.

This approach helps prevent false alerts and ensures meaningful monitoring.

1. Overview

In many environments, servers become unreachable when the Internet connection fails. Without proper dependency configuration, Zabbix may generate multiple server alerts even though the root cause is Internet failure.

To avoid this situation: - Internet connectivity is monitored separately - Internet failure is treated as the root (parent) problem - Server availability alerts are suppressed when the Internet is down

2. Parent Host – Internet Monitoring

Host Name: ISP-Internet-Link

Host Purpose: This host is dedicated to monitoring Internet reachability. It does not represent a physical or virtual server.

Monitoring Method: ICMP (Ping)

Agent or SNMP: Not required

Internet Check Method

Internet availability is verified by pinging reliable public IP addresses.

Public IPs configured: - 8.8.8.8 (Google DNS) - 4.2.2.2

Logic: - If the public IPs respond to ping → Internet is UP

- If all public IPs fail to respond → Internet is DOWN

Items Configuration

Standard ICMP items are used:

- icmpping Indicates reachability (1 = reachable, 0 = unreachable)

- icmppingloss Displays packet loss percentage

- icmppingsec Displays response time (latency)

Triggers Configuration (Internet Host)

Trigger 1 – Parent Trigger:

Name: ICMP: Unavailable by ICMP ping

Severity: High

Description: This trigger is activated when all Internet ping checks fail, indicating a complete Internet outage.

Role: Acts as the parent trigger for dependency configuration.

Trigger 2:

Name: ICMP: High ICMP ping loss

Severity: Warning

Description: Indicates significant packet loss while Internet is still available.

Dependency: Dependent on "ICMP: Unavailable by ICMP ping"

Trigger 3:

Name: ICMP: High ICMP response time

Severity: Warning

Description: Indicates high latency on the Internet connection.

Dependency: Dependent on "ICMP: Unavailable by ICMP ping"

3. Child Host – Server Monitoring

Host Name: RND-01

Host Purpose: This host represents a production/test server.

Monitoring Method: ICMP (Ping)

Items Configuration:

Standard ICMP items are configured:

- icmpping

- icmppingloss

- icmppingsec

These items monitor server reachability.

Trigger Configuration (Server Host)

Trigger Name: ICMP: Unavailable by ICMP ping

Severity: High

Description:

This trigger is activated when the server does not respond to ICMP ping, indicating the server is unreachable.

Trigger Dependency Configuration

Dependency Mapping:

Child Trigger: ICMP: Unavailable by ICMP ping (RND-01)

Parent Trigger: ICMP: Unavailable by ICMP ping (ISP-Internet-Link)

Behavior: - When the Internet trigger is active, server alerts are suppressed.

- When the Internet trigger is inactive and the server is unreachable,a server alert is generated.

4. Testing and Validation

Test Case 1: Normal Operating State

Internet Status: Reachable

Server Status: Reachable

Observed Values: - icmpping = 1

- icmppingloss = 0%

Result: No alerts generated.

Test Case 2: Internet Failure Simulation

Action: Internet target IP was changed to an invalid address.

Observed - icmpping = 0

- icmppingloss = 100%

Result: - Internet connectivity alert (High severity) was generated.

- Parent trigger functioned as expected.

Test Case 3: Server Failure During Internet Outage

Action: Server unreachability was simulated while Internet alert was active.

Observed - Internet alert remained active.

- No server alert was generated.

Result: Trigger dependency operated correctly, preventing false alerts.