Set up comprehensive alerting in Zabbix 7 with email notifications, SMS gateway integration, and automated escalation chains. Configure media types, user groups, and action filters for effective incident response workflows.
Prerequisites
- Zabbix 7 server installation
- SMTP server access or SMS gateway
- Web browser for Zabbix interface access
- Administrative access to Zabbix configuration
What this solves
Zabbix monitoring without proper alerting means you'll discover problems too late. This tutorial configures email and SMS notifications with escalation rules that automatically notify different teams based on severity and response time, ensuring critical issues get immediate attention while preventing alert fatigue.
Step-by-step configuration
Configure SMTP email media type
Set up the email delivery system that will send notifications to your teams.
Navigate to Administration → Media types in the Zabbix web interface and click Create media type.
Name: Email Notifications
Type: Email
SMTP server: smtp.gmail.com
SMTP server port: 587
SMTP helo: zabbix.example.com
SMTP email: alerts@example.com
Connection security: STARTTLS
SSL verify peer: Yes
SSL verify host: Yes
Authentication: Username and password
Username: alerts@example.com
Password: your-app-passwordConfigure the message templates for different notification types:
Subject: {TRIGGER.STATUS}: {TRIGGER.NAME}
Message:
Problem started at {EVENT.TIME} on {EVENT.DATE}
Problem name: {TRIGGER.NAME}
Host: {HOST.NAME}
Severity: {TRIGGER.SEVERITY}
Operational data: {TRIGGER.OPDATA}
Original problem ID: {EVENT.ID}
{TRIGGER.URL}Set up SMS gateway integration
Configure SMS notifications for critical alerts that require immediate attention.
Create a new media type for SMS delivery. Click Create media type and select SMS type.
Name: SMS Alerts
Type: SMS
GSM modem: /dev/ttyUSB0For webhook-based SMS providers like Twilio, use the Webhook type instead:
Name: Twilio SMS
Type: Webhook
Parameters:
- Name: AccountSID
Value: your-twilio-account-sid
- Name: AuthToken
Value: your-twilio-auth-token
- Name: From
Value: +1234567890
- Name: To
Value: {ALERT.SENDTO}
- Name: Body
Value: {ALERT.SUBJECT}: {ALERT.MESSAGE}
Script:
return JSON.stringify({
"To": params.To,
"From": params.From,
"Body": params.Body.substring(0, 160)
});Create user groups with notification levels
Organize users into groups that correspond to your escalation hierarchy.
Navigate to Administration → User groups and create the following groups:
Group Name: L1-Support
Permissions: Read-write access to Infrastructure hosts
Description: First level support team
Group Name: L2-Engineering
Permissions: Read-write access to all host groups
Description: Engineering escalation team
Group Name: L3-Management
Permissions: Read access to all host groups
Description: Management notificationsConfigure users with media assignments
Set up users with appropriate notification methods and schedules.
Go to Administration → Users and create or edit users. In the Media tab, add notification channels:
User: john.doe
Media Type: Email Notifications
Send to: john.doe@example.com
When active: 1-7,00:00-24:00
Severity: All severities enabled
Media Type: SMS Alerts
Send to: +1234567890
When active: 1-7,18:00-08:00
Severity: High, Disaster onlyCreate escalation action rules
Set up automated actions that trigger notifications based on problem conditions.
Navigate to Configuration → Actions → Trigger actions and click Create action.
Configure the first-level support action:
Name: L1 Immediate Notification
Conditions:
- Trigger severity >= Warning
- Host group = Production Servers
- Trigger value = PROBLEM
Operations:
Step 1 (0-0): Send message to user group L1-Support via Email
Step 2 (300-0): Send message to user group L1-Support via SMS
Step 3 (900-0): Send message to user group L2-Engineering via Email and SMSConfigure advanced escalation chains
Set up multi-step escalations that automatically notify higher-level teams if problems aren't acknowledged.
Create a critical system escalation action:
Name: Critical System Escalation
Conditions:
- Trigger severity >= High
- Host group = Database Servers OR Web Servers
- Trigger value = PROBLEM
- Application = Critical Services
Operations:
Step 1 (0-60): Send to L1-Support via Email and SMS
Delay: 0-60 seconds
Subject: CRITICAL: {TRIGGER.NAME} on {HOST.NAME}
Step 2 (300-600): Send to L2-Engineering via Email and SMS
Delay: 5-10 minutes
Custom message: Escalated from L1 - No acknowledgment received
Step 3 (900-1800): Send to L3-Management via Email
Delay: 15-30 minutes
Subject: ESCALATED CRITICAL: {TRIGGER.NAME}
Recovery operations:
Send recovery notification to all notified usersImplement automated alert filtering
Create intelligent filters to prevent notification spam and focus on actionable alerts.
Set up a maintenance-aware action that suppresses notifications during planned maintenance:
Name: Filtered Production Alerts
Conditions:
- Trigger severity >= Warning
- Host group = Production Servers
- Trigger value = PROBLEM
- Maintenance status = Not in maintenance
- Time period = Business Hours (09:00-17:00)
Operations:
Step 1: Send to L1-Support via Email
Custom message includes:
- Problem duration: {EVENT.AGE}
- Last known value: {ITEM.LASTVALUE}
- Trigger expression: {TRIGGER.EXPRESSION}Configure notification templates
Customize message content to include relevant troubleshooting information.
Edit the media types to use enhanced message templates:
Subject: [{TRIGGER.SEVERITY}] {TRIGGER.NAME} on {HOST.NAME}
Message:
Alert Time: {EVENT.DATE} {EVENT.TIME}
Host: {HOST.NAME} ({HOST.IP})
Trigger: {TRIGGER.NAME}
Severity: {TRIGGER.SEVERITY}
Status: {TRIGGER.STATUS}
Duration: {EVENT.AGE}
Current Value: {ITEM.LASTVALUE}
Trigger Expression: {TRIGGER.EXPRESSION}
Operational Data: {TRIGGER.OPDATA}
Troubleshooting:
- Check host connectivity: ping {HOST.IP}
- Review recent changes in CMDB
- Verify service status on host
Zabbix Event ID: {EVENT.ID}
Direct Link: {TRIGGER.URL}Set up notification scheduling
Configure time-based rules for different notification urgency levels.
Create a business hours action for non-critical alerts:
Name: Business Hours Notifications
Conditions:
- Trigger severity = Warning OR Information
- Time period = Monday-Friday 09:00-17:00
- Host group = Production Servers
Operations:
Step 1: Send to L1-Support via Email only
Delay: 0-300 seconds (5 minutes)
Step 2: Send reminder if not acknowledged
Delay: 1800 seconds (30 minutes)Test notification delivery
Verify your alerting configuration works correctly before relying on it.
Create a test trigger to validate the notification flow:
zabbix_get -s 127.0.0.1 -k system.cpu.load[all,avg1]
echo "Test alert triggered at $(date)" | logger -t zabbix-testMonitor the Zabbix logs to confirm message delivery:
sudo tail -f /var/log/zabbix/zabbix_server.log | grep -E "sending|alert"
sudo tail -f /var/log/zabbix/zabbix_server.log | grep -E "media type|message sent"Verify your setup
Test your notification system to ensure alerts reach the right people at the right time.
# Check media type configuration
sudo systemctl status zabbix-server
sudo grep -i "email\|sms" /var/log/zabbix/zabbix_server.log | tail -10
Test SMTP connectivity
telnet smtp.gmail.com 587
Verify user media assignments in Zabbix web interface
Go to Administration → Users → [username] → Media tab
Check recent alert activity
Navigate to Monitoring → Problems to see active triggers
Check Reports → Action log to verify notification delivery
Configure advanced notification features
Set up acknowledgment automation
Configure automatic actions when problems are acknowledged by team members.
Name: Acknowledgment Notification
Event source: Triggers
Conditions:
- Event acknowledged = Yes
- Trigger severity >= Warning
Operations:
Send message to all previously notified users:
Subject: ACKNOWLEDGED: {TRIGGER.NAME}
Message: Problem acknowledged by {USER.FULLNAME} at {ACK.DATE} {ACK.TIME}
Comment: {ACK.MESSAGE}Configure problem suppression rules
Prevent alert storms by implementing intelligent suppression during mass outages.
Name: Network Outage Suppression
Conditions:
- Trigger = Network connectivity issues
- Number of hosts affected >= 5
- Time period = Last 5 minutes
Operations:
Step 1: Send summary alert to L2-Engineering
Message: Mass network outage detected - {EVENT.NSEVERITY} hosts affected
Suppress individual host notifications for 30 minutesLink to monitoring infrastructure
For comprehensive monitoring setups, consider integrating with distributed monitoring architectures. You can extend this notification system with Zabbix proxy configurations for multi-site environments or implement additional observability with Grafana dashboard integration for enhanced visualization of your alerting metrics.
Common issues
| Symptom | Cause | Fix |
|---|---|---|
| Emails not being sent | SMTP authentication failure | Check credentials and enable app passwords for Gmail. Verify sudo grep smtp /var/log/zabbix/zabbix_server.log |
| SMS messages failing | GSM modem not responding | Check device permissions ls -la /dev/ttyUSB0 and add zabbix user to dialout group |
| Escalations not triggering | Action conditions too restrictive | Review action conditions in Configuration → Actions and test with broader criteria |
| Too many notifications | Overlapping action rules | Review action evaluation order and add more specific conditions to prevent duplicates |
| Messages missing information | Template macros not resolving | Test macros in Administration → General → Macros and verify trigger context |
| Webhooks timing out | API endpoint unreachable | Test webhook URL directly and check network connectivity from Zabbix server |
Next steps
- Automate Zabbix configuration with Python API scripts
- Integrate Zabbix with network automation and orchestration platforms
- Configure Zabbix webhook integration with Slack and Microsoft Teams
- Set up Zabbix alerting integration with PagerDuty for advanced incident management
- Configure custom notification scripts for specialized alerting workflows