5 监控TCP的11种状态、

 1、如何监控12种状态

 假如：有人给服务器发ddos攻击，tcp什么状态会特别多

 

这个值比较大的时候监控 

所以需要监控tcp状态

1、 12种状态查看

[root@linux-node1 ~]# netstat -ant

 

状态查看 12种状态

[root@linux-node1 ~]# man netstat

   State
       The state of the socket. Since there are no states in raw mode and usually no states used in UDP and
       UDPLite, this column may be left blank. Normally this can be one of several values:

       ESTABLISHED
              The socket has an established connection.

       SYN_SENT
              The socket is actively attempting to establish a connection.

       SYN_RECV
              A connection request has been received from the network.

       FIN_WAIT1
              The socket is closed, and the connection is shutting down.

       FIN_WAIT2
              Connection is closed, and the socket is waiting for a shutdown from the remote end.

       TIME_WAIT
              The socket is waiting after close to handle packets still in the network.

       CLOSE  The socket is not being used.

       CLOSE_WAIT
              The remote end has shut down, waiting for the socket to close.

       LAST_ACK
              The remote end has shut down, and the socket is closed. Waiting for acknowledgement.

       LISTEN The socket is listening for incoming connections.  Such sockets are not included in the  out‐
              put unless you specify the --listening (-l) or --all (-a) option.

       CLOSING
              Both sockets are shut down but we still don't have all our data sent.

       UNKNOWN
              The state of the socket is unknown.

 查看tcp状态的次数

[root@linux-node1 ~]# netstat -ant |grep -c UNKNOWN
0
[root@linux-node1 ~]# netstat -ant |grep -c LISTEN
12

2、命令行，配置

参考mysql的配置

[root@linux-node2 ~]# cd /etc/zabbix/zabbix_agentd.d/
[root@linux-node2 /etc/zabbix/zabbix_agentd.d]# tail -1 userparameter_mysql.conf 
UserParameter=mysql.version,mysql -V

Conf文件

[root@linux-node2 /etc/zabbix/zabbix_agentd.d]# vim TCP_Status.conf
[root@linux-node2 /etc/zabbix/zabbix_agentd.d]# cat TCP_Status.conf
UserParameter=TCP_Status[*],netstat -ant |grep -c $1

重启agent

[root@linux-node2 /etc/zabbix/zabbix_agentd.d]# systemctl restart zabbix-agent

zabbixServer上Test

[root@linux-node1 /etc/zabbix/zabbix_agentd.d]# zabbix_get -s 192.168.194.132 -k TCP_Status[TIME_WAIT]
4
[root@linux-node1 /etc/zabbix/zabbix_agentd.d]# zabbix_get -s 192.168.194.132 -k TCP_Status[LISTEN]
7
# 不存在为0
[root@linux-node1 /etc/zabbix/zabbix_agentd.d]# zabbix_get -s 192.168.194.132 -k TCP_Status[fdafas]
0

有时候zabbix执行，没有权限

方法1 Sudo 方法2 suid

2、zabbix界面添加

1、自定义模板

 

 

 2、创建item

 

 

 其他的直接clone这个

4个状态 

 

3、创建主机

 

 

 

4、最新数据

刷新下

[root@linux-node1 /etc/zabbix/zabbix_agentd.d]# zabbix_server -R config_cache_reload
zabbix_server [71979]: command sent successfully