zabbix 监控TCP状态连接数-linux安全运维_跨零代码

跨零代码为大家提供高品质的运维解决方案,请大家多多来访,跨零不胜感激,在此谢过。

1、zabbix客户端,监控TCP状态脚本,并保存到的定路径。(/usr/local/zabbix-agent/shells)

 # cat zabbix_linux_plugin.sh #!/bin/bash ############################################################ # $Name:         zabbix_linux_plugins.sh # $Version:      v1.0 # $Function:     zabbix plugins # $Create Date:  2014-08-10 # $Description:  Monitor Linux Service Status ############################################################ tcp_status_fun(){     TCP_STAT=$1     ss -ant | awk 'NR>1 {++s[$1]} END {for(k in s) print k,s[k]}' > /tmp/netstat.tmp     TCP_STAT_VALUE=$(grep "$TCP_STAT" /tmp/netstat.tmp | cut -d ' ' -f2)     if [ -z $TCP_STAT_VALUE ];then         TCP_STAT_VALUE=0     fi     echo $TCP_STAT_VALUE }   main(){     case $1 in         tcp_status)             tcp_status_fun $2;         ;;         *)             echo $"Usage: $0 {tcp_status key}"     esac }   main $1 $2 $3 

2、在客户端中修改zabbix_agentd.conf配置文件(/usr/local/zabbix-agent/etc/zabbix_agentd.conf)

 ### Option: Include #       You may include individual files or all files in a directory in the configuration file. #       Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. # # Mandatory: no # Default: # Include=  # Include=/usr/local/etc/zabbix_agentd.userparams.conf # Include=/usr/local/etc/zabbix_agentd.conf.d/ Include=/usr/local/zabbix-agent/etc/zabbix_agentd.conf.d/*.conf            # 启用Include,在zabbix_agentd.conf.d目录下的所有.conf文件被引用 用来引用自定义key的配置文件。 

3、在客户端中配置自定义KEY配置文件(/usr/local/zabbix-agent/etc/zabbix_agentd.conf.d/zabbix-linux-plugin.conf)

 # cat zabbix-linux-plugin.conf  UserParameter=linux_status[*],/usr/local/zabbix-agent/shells/zabbix_linux_plugin.sh "$1" "$2" "$3" 

4、以上配置完成,重启zabbix agent服务

 # /etc/init.d/zabbix_agentd restart 

5、tcp连接状态模板,这是配置好的模板,包括了TCP连接的11种状态,如果模板就需要一个一个的创建了。

 # cat TCP_export_templates.3.0.xml  <?xml version="1.0" encoding="UTF-8"?> <zabbix_export>     <version>3.0</version>     <date>2016-06-18T06:34:48Z</date>     <groups>         <group>             <name>Templates</name>         </group>     </groups>     <templates>         <template>             <template>Template Linux TCP Status</template>             <name>Template Linux TCP Status</name>             <description/>             <groups>                 <group>                     <name>Templates</name>                 </group>             </groups>             <applications>                 <application>                     <name>TCP Stauts</name>                 </application>             </applications>             <items>                 <item>                     <name>TCP Status CLOSE_WAIT</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,CLOSE-WAIT]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                     <name>TCP Status CLOSED</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,CLOSED]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                     <name>TCP Status CLOSING</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,CLOSING]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                           # ESTABLISHED状态模板,我们通过zabbix_get命令获取这个KEY,看是否可以正常获取                                         <name>TCP Status ESTABLISHED</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,ESTAB]</key>     # 这就是Key哦                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                     <name>TCP Status FIN_WAIT1</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,FIN-WAIT-1]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                     <name>TCP Status FIN_WAIT2</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,FIN-WAIT-2]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                     <name>TCP Status LAST_ACK</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,LAST-ACK]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                     <name>TCP Status LISTEN</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,LISTEN]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                     <name>TCP Status SYN_RCVD</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,SYN-RECV]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                     <name>TCP Status SYN_SENT</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,SYN-SENT]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>                 <item>                     <name>TCP Status TIME_WAIT</name>                     <type>0</type>                     <snmp_community/>                     <multiplier>0</multiplier>                     <snmp_oid/>                     <key>linux_status[tcp_status,TIME-WAIT]</key>                     <delay>300</delay>                     <history>30</history>                     <trends>90</trends>                     <status>0</status>                     <value_type>3</value_type>                     <allowed_hosts/>                     <units/>                     <delta>0</delta>                     <snmpv3_contextname/>                     <snmpv3_securityname/>                     <snmpv3_securitylevel>0</snmpv3_securitylevel>                     <snmpv3_authprotocol>0</snmpv3_authprotocol>                     <snmpv3_authpassphrase/>                     <snmpv3_privprotocol>0</snmpv3_privprotocol>                     <snmpv3_privpassphrase/>                     <formula>1</formula>                     <delay_flex/>                     <params/>                     <ipmi_sensor/>                     <data_type>0</data_type>                     <authtype>0</authtype>                     <username/>                     <password/>                     <publickey/>                     <privatekey/>                     <port/>                     <description/>                     <inventory_link>0</inventory_link>                     <applications>                         <application>                             <name>TCP Stauts</name>                         </application>                     </applications>                     <valuemap/>                     <logtimefmt/>                 </item>             </items>             <discovery_rules/>             <macros/>             <templates/>             <screens/>         </template>     </templates>     <graphs>         <graph>             <name>TCP Status Statistics</name>             <width>900</width>             <height>200</height>             <yaxismin>0.0000</yaxismin>             <yaxismax>100.0000</yaxismax>             <show_work_period>1</show_work_period>             <show_triggers>1</show_triggers>             <type>0</type>             <show_legend>1</show_legend>             <show_3d>0</show_3d>             <percent_left>0.0000</percent_left>             <percent_right>0.0000</percent_right>             <ymin_type_1>0</ymin_type_1>             <ymax_type_1>0</ymax_type_1>             <ymin_item_1>0</ymin_item_1>             <ymax_item_1>0</ymax_item_1>             <graph_items>                 <graph_item>                     <sortorder>0</sortorder>                     <drawtype>0</drawtype>                     <color>C80000</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,CLOSED]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>1</sortorder>                     <drawtype>0</drawtype>                     <color>00C800</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,CLOSE-WAIT]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>2</sortorder>                     <drawtype>0</drawtype>                     <color>0000C8</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,CLOSING]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>3</sortorder>                     <drawtype>0</drawtype>                     <color>C800C8</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,ESTAB]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>4</sortorder>                     <drawtype>0</drawtype>                     <color>00C8C8</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,FIN-WAIT-1]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>5</sortorder>                     <drawtype>0</drawtype>                     <color>C8C800</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,FIN-WAIT-2]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>6</sortorder>                     <drawtype>0</drawtype>                     <color>C8C8C8</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,LAST-ACK]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>7</sortorder>                     <drawtype>0</drawtype>                     <color>960000</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,LISTEN]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>8</sortorder>                     <drawtype>0</drawtype>                     <color>009600</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,SYN-RECV]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>9</sortorder>                     <drawtype>0</drawtype>                     <color>000096</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,SYN-SENT]</key>                     </item>                 </graph_item>                 <graph_item>                     <sortorder>10</sortorder>                     <drawtype>0</drawtype>                     <color>960096</color>                     <yaxisside>0</yaxisside>                     <calc_fnc>2</calc_fnc>                     <type>0</type>                     <item>                         <host>Template Linux TCP Status</host>                         <key>linux_status[tcp_status,TIME-WAIT]</key>                     </item>                 </graph_item>             </graph_items>         </graph>     </graphs> </zabbix_export> 

6、zabbix server 端通过zabbix_get命令进行测试,验证是否可以正常获取TCP状态值

 [root@linux-node1 ~]# zabbix_get -s 172.16.10.152 -k linux_status[tcp_status,ESTAB]    2 [root@linux-node1 ~]# zabbix_get -s 172.16.10.152 -k linux_status[tcp_status,LISTEN] 6 通过测试,我们可以看到,已经可以正确获取到值了,那么我们接下来,就可以在web页面将模板进行导入了。 

7、zabbix web 监控页面导入tcp连接状态模板

zabbix 监控TCP状态连接数

zabbix 监控TCP状态连接数

模板(TCP_export_templates.3.0.xml)导入成功后,将模板链接到一台就机就可以了。

zabbix 监控TCP状态连接数

zabbix 监控TCP状态连接数

最后我们来看下TCP状态有没有监控上吧。

zabbix 监控TCP状态连接数

好了,数据也有了,图形展示也有了,监控TCP状态就介绍到这里了。

 

 

 

 

 

 

 


//下面这个css和插件后台设置的主题有关系,如果需要换样式,则需要修改以下CSS名称

从零到一,创造未来!跨零代码综合IT问题解决服务站,欢迎你的到来。运维教程 只为你绽放。

本文固定链接: http://kua0.com/2019/02/02/zabbix-监控tcp状态连接数-linux安全运维_跨零代码/

为您推荐

发表评论

电子邮件地址不会被公开。 必填项已用*标注