zabbix 如何監控tcp的SYN,establised?
Monitoring network connection states with Zabbix (+ iptables + iptstate)This is a little howto about displaying some small n’ nice graphs regarding to network connections of your machine. In the way of “Nothing is silly if it involves getting graphs”, the goal of this article is to get a realtime graph showing numbers of current server connections according to protocols,本文內容英文原文由以下博客作者提供!我做中文說明. 呵呵http://blog.portwd.com/sysadmin/monitoring-iptables-with-zabbix/1. iptables, iptstate, zabbix server/agent2. iptables Zabbix template3. monitoring scriptsWe need to get the template from point 2. and import it to Zabbix sever. Then we will rename it’s application from “Network” to e.g. Network_iptables, due to namespace conflict with default Linux template. Now when we have a possibility to display TCP states and type of connections, let’s fill it with data./etc/zabbix_agentd.conf:UserParameter=iptstate.tcp,/etc/zabbix/scripts/net-tcp
UserParameter=iptstate.tcp.syn,/etc/zabbix/scripts/net-syn
UserParameter=iptstate.tcp.timewait,/etc/zabbix/scripts/net-time-wait
UserParameter=iptstate.tcp.established,/etc/zabbix/scripts/net-established
UserParameter=iptstate.tcp.close,/etc/zabbix/scripts/net-close
UserParameter=iptstate.udp,/etc/zabbix/scripts/net-udp
UserParameter=iptstate.icmp,/etc/zabbix/scripts/net-icmpBold font are the names of keys in our newly imported iptables/iptstate zabbix template. Then you need to authorize zabbix user to run iptstate command (potentially without password) and you do it in /etc/sudoers file. Since zabbix agent doesn’t allow to callsudo command directly from it’s config ( you will end up with error log “you must have a tty to run sudo” ), it is also required to turn off “Defaults requiretty” by commenting it out. The scripts which are called in the example above are located in point 3.#!/bin/bash
est=`sudo iptstate -s | grep ESTABLISHED | wc -l`
echo $estOutput of this simple script is a number of connections which are in ESTABLISHED TCP state. These checks are periodical, so after restarting zabbix-agentd, you’ll get graphs like from beggining of this article. Good part is that you don’t need to be stuck with defaults, you can define some more like this:iptstate -s -t | head -2 |tail -1 | sed 's/^.*OTHER: //'
上一張我的圖吧,還是熱呼呼的,呵呵!http://rritw.com/uploads/allimg/2012-06-14/113840581.gif第一步,導入zabbix的關於tcp的模版和腳本文件.見附件!
第二步編輯/etc/zabbix_agentd.conf:UserParameter=iptstate.tcp,/etc/zabbix/scripts/net-tcp
UserParameter=iptstate.tcp.syn,/etc/zabbix/scripts/net-syn
UserParameter=iptstate.tcp.timewait,/etc/zabbix/scripts/net-time-wait
UserParameter=iptstate.tcp.established,/etc/zabbix/scripts/net-established
UserParameter=iptstate.tcp.close,/etc/zabbix/scripts/net-close
UserParameter=iptstate.udp,/etc/zabbix/scripts/net-udp
UserParameter=iptstate.icmp,/etc/zabbix/scripts/net-icmp建立腳本文件到/etc/zabbix/scripts這個目錄裏。請到這兒下載http://data.portwd.com/code/zabbix-iptables/第三步:替換掉/etc/sudoers裏的選項
sed -i -e 's/^Defaults.*requiretty/# &/' /etc/sudoers
第三步不做的後果是:a、zabbix-agentd.log會在你查看關於tcp的圖形時,狂報以下信息:sudo: sorry, you must have a tty to run sudo
第四步重启zabbix-agent備注1: 在測試中有發現部分機器使用iptstate 沒有任何的輸出。此時,我們需要加載一個模塊。
# modprobe ip_conntrack
關於tcp的腳本,建議先在客戶端執行,確認有數字輸出,如果本地都沒有輸出,在zabbix server端也不會有輸出。
備注2:在客戶端使用zabbix用戶執行net-tcp時,出現iptstate找不到命令。請使用完全路徑,我也是在某台vps發現這個問題,我的附件裏沒有修改。太懶了,原作者的也沒有修改。關於iptstate,請使用絕對路徑
# cat net-icmp#!/bin/bashest=`sudo /usr/sbin/iptstate -s | grep icmp | wc -l`echo $est
使用zabbix 不超過3天,收獲真是不少!官方詳盡的文檔,不少網站和博客上大量的模版,讓我收益良多!
地址:银河系中的太阳系中的第三个行星的大公鸡的鸡胗处、 只有你明白,我有多珍贵,好得值得你为我改变。 未知旳路上,明白了什么是坚强什么是逞强- 你假得如此逼真,我怎能不配合你演完这出无聊的戏码 给好友都买根萝卜啃,TM有事没事都放个屁 有竞争才有进步嘛
页:
[1]