When monitoring Windows servers and services it would be really handy to have a check to see if all the services that are registered with the system to automatically start up during boot, are also started.

You can use the item services[automatic] and compare its results with the output of the item services[automatic,started] using a trigger. However, this is not a very nice approach to this problem because it will tell you that there is a difference between these two but it will not tell you exactly which service has gone down.


Low Level Discovery (LLD) could solve this problem, but unfortunately the Zabbix agent currently doesn’t handle service discovery. (Please see ZBXNEXT-1368 for a feature request to implement this in the agent and vote on it if you need a solution for this!)

So, how to solve the problem in the meanwhile?

Fortunately, LLD just uses the concept of item keys and values as its basis. When requesting an LLD discovery item (like vfs.fs.discovery or net.if.discovery), the agent prepares a JSON response that contains all the needed information for the server and sends it back as a item value.

This means that we can use a UserParameter to feed LLD JSON output to the Zabbix server so it can set up the items and triggers for us!

To set this up, we need a script of some sorts to generate the output and a template to provide the discovery rules and prototypes needed.

You can find both of these on github.

Agent Configuration

Save the ‘servdisc.ps1’ on the harddrive of the machine you would like to perform the discovery on and add it as a UserParameter in the zabbix_agentd.conf file:

UserParameter=service.discovery,powershell -File c:\servdisc.ps1

When testing this UserParameter, I found that the Powershell script was taking longer to execute then the default timeout value for the Zabbix agent (3 seconds). To work around this, increase the Timeout parameter in the agent configuration:


Lastly, the script is not signed. This means that a default Windows install will not allow the script to run. To be able to run the script it should either be signed or the verification of scripts should be disabled. For this test I disabled the verification. Please verify with your internal security team if it is ok to do so in your environment as well.

Open a Powershell by going to ‘Start -> Run’ and typing in ‘powershell’ and hit enter. Then type this command to prevent verification of scripts:

set-executionpolicy Unrestricted

You can verify if the change was a success by running:


You can then exit the Powershell.

Configuring a Host for Discovery

Import the ‘Template_Windows_Service_Discovery.xml’ template into your Zabbix frontend and link it to the host that you’ve installed the script on.

After a while, the discovery should find all the services in the system and Zabbix will create the appropriate triggers and items for them:

And, after a while, you can find the current service states under ‘Latest Data’ as well:


Even though Windows Services discovery is currently not implemented in the Zabbix agent, Zabbix does provide us with the tools to create our own solution to this problem.

Using scripts such as these show us the potential that Low Level Discovery has to make our lives easier when it comes to monitoring. If you have any ideas on how Low Level Discovery can be improved to solve your specific monitoring needs, please create a feature request for it in the support system.

In the meanwhile, you can build your own discovery checks when needed with the techniques outlined above.