Zabbix allows to create complex web monitoring scenario and gather metrics about it. In this blog post, we will see how to assess that we are able to login to M-Files web application and, to not consume too many licenses, to logout.


In my “M-Files by Zabbix agent active” template, I create a new scenario named “Login/Logout” where I define two variables:

On the left side, it is the name of the variable which be used in any parameters of the web request (Headers, Steps). On the right, it is a template MACRO which can then be set at host level.

Next, I go in Steps tab and add the Login step:

You might wonder “Where did he get the URL and the raw post data?” I took it from my previous recordings made with JMeter (see this blog post).

Inside that raw data, which is in JSON format, I map the variables we declared in scenario (ie. {username} and {password}):

            "credentials": {
                "username": "${username}",
                "password": "${password}",
                "domain": "",
                "type": "CREDENTIALS_TYPE_AUTOMATIC"

Note that the above code is only a partial extract of Raw post content.

To determine if request is successful or not, it used the two bottom fields:

  • Required string
  • Required status codes

I know from experience that we expect the standard HTTP status 200 when all goes well. Nothing prevents you to add a required string like, for example, “session_data“. This string is supposed to be in the response when all goes well:

	"authentication_data": {
		"data": {
			"credentials": {}
		"authentication_attempt_identifier": {
			"legacy_data": 0,
			"data": "AAAAnxKxXNAAAAAAAAAAAAdID0sK/1blLGtwrfs="
	"session_data": {
		"session_id": "AAAAH7UQxz5P7BAAAAAAAAAmYTO+ctY+64otfz",
		"account_name": "ols1",
		"access_rights": {


The next step will be a Logout. The tricky part of this step is that it requires a specific header for the application to correlate the logout with the right user. This session id is in the body result of the login step. To extract it, we need to use a special tag in the value part (ie. regex:). This will look like:

Variables in Login step

After the Login step, {SID} variable will be populated with what the regex returns and can be reused in Headers section of Logout step:

Note that I also set {} as raw data and 200 as required status code.

When the two steps are defined, the Steps tab of the scenario shows an overview:

Resulting Data

Once the scenario is setup, it automatically creates a few items, along with a set of nice graphs. Items will be about:

  • Download speed (per step)
  • Number of failed steps
  • Last error message
  • Response code (per step)
  • Response time (per step)

Based on these, we can create triggers to raise an alarm. For example, based on “Failed step of scenario “Login/Logout”.” item, we can imagine raising an alert as soon as there is a failed step with this expression:

last(/M-Files by Zabbix agent active/[Login/Logout])>0

Additionally, graphics on download speed and response time with steps distinctions: