zoukankan      html  css  js  c++  java
  • 007-zabbix Server 4.0 监控TCP的12种状态

    大家对TCP三次握手比较熟悉了,都知道当发生DOSS攻击时,客户端发送SYN给服务端后,服务端响应SYN+ACK,此时客户端就不回应服务端ACK啦(如果正常建立三次握手客户端会回应ACK,表示三次握手建立成功,服务端状态变为ESTABLISED状态,不了解的小伙伴可以自行百度。),这会导致服务端的SYN-RCVD状态偏多。因此监控TCP的连接数还是很有必要的,当某个SYN-RCVD偏多时,我们就可能猜测服务有异常了,需要人工介入处理。接下来我们就看看zabbix是如何监控TCP的11中状态的。

    一.TCP状态扫盲

    1>.三次握手

       参考链接:https://baike.baidu.com/item/%E4%B8%89%E6%AC%A1%E6%8F%A1%E6%89%8B/5111559?fr=aladdin

    2>.使用netstat命令工具查看TCP的状态

     

    按 Ctrl+C 复制代码
    按 Ctrl+C 复制代码

     3>.命令行中查看服务器TCP的某种状态

    [root@node102.yinzhengjie.org.cn ~]# netstat -ant | grep -c LISTEN
    4
    [root@node102.yinzhengjie.org.cn ~]# 

    二.zabbix监控TCP状态案例并自定义模板

    1>.在zabbix agent端自定义key并重启服务

    [root@node102.yinzhengjie.org.cn ~]# cat /etc/zabbix/zabbix_agentd.d/TCP_STATUS.conf 
    UserParameter=TCP_STATUS[*],netstat -ant | grep -c $1
    [root@node102.yinzhengjie.org.cn ~]# 
    复制代码
    [root@node102.yinzhengjie.org.cn ~]# systemctl restart zabbix-agent
    [root@node102.yinzhengjie.org.cn ~]# 
    [root@node102.yinzhengjie.org.cn ~]# systemctl status zabbix-agent
    ● zabbix-agent.service - Zabbix Agent
       Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; enabled; vendor preset: disabled)
       Active: active (running) since Tue 2019-05-07 07:53:16 PDT; 4s ago
      Process: 9416 ExecStop=/bin/kill -SIGTERM $MAINPID (code=exited, status=0/SUCCESS)
      Process: 9419 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS)
     Main PID: 9422 (zabbix_agentd)
       CGroup: /system.slice/zabbix-agent.service
               ├─9422 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
               ├─9423 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
               ├─9424 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
               ├─9425 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
               ├─9426 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
               └─9427 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
    
    May 07 07:53:16 node102.yinzhengjie.org.cn systemd[1]: Starting Zabbix Agent...
    May 07 07:53:16 node102.yinzhengjie.org.cn systemd[1]: PID file /run/zabbix/zabbix_agentd.pid not readable (yet?) after start.
    May 07 07:53:16 node102.yinzhengjie.org.cn systemd[1]: Started Zabbix Agent.
    [root@node102.yinzhengjie.org.cn ~]# 
    复制代码

    2>.服务端验证zabbix agent自定义的key是否生效

    复制代码
    [root@node101.yinzhengjie.org.cn ~]# yum -y install zabbix-get
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    epel/x86_64/metalink                                                                                                                                                                                       | 6.0 kB  00:00:00     
     * base: mirrors.aliyun.com
     * epel: mirrors.tuna.tsinghua.edu.cn
     * extras: mirrors.aliyun.com
     * updates: mirrors.aliyun.com
    base                                                                                                                                                                                                       | 3.6 kB  00:00:00     
    epel                                                                                                                                                                                                       | 4.7 kB  00:00:00     
    extras                                                                                                                                                                                                     | 3.4 kB  00:00:00     
    mysql-connectors-community                                                                                                                                                                                 | 2.5 kB  00:00:00     
    mysql-tools-community                                                                                                                                                                                      | 2.5 kB  00:00:00     
    mysql56-community                                                                                                                                                                                          | 2.5 kB  00:00:00     
    updates                                                                                                                                                                                                    | 3.4 kB  00:00:00     
    zabbix                                                                                                                                                                                                     | 2.9 kB  00:00:00     
    zabbix-non-supported                                                                                                                                                                                       |  951 B  00:00:00     
    (1/5): extras/7/x86_64/primary_db                                                                                                                                                                          | 201 kB  00:00:00     
    epel/x86_64/primary_db         FAILED                                          
    https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/repodata/b46e7947260ac0114fc1b48c782d12377659fe2b8f565a55bcab0cf98b124aa1-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found         ]  0.0 B/s |    0 B  --:--:-- ETA 
    Trying other mirror.
    To address this issue please refer to the below wiki article 
    
    https://wiki.centos.org/yum-errors
    
    If above article doesn't help to resolve this issue please use https://bugs.centos.org/.
    
    (2/5): mysql-tools-community/x86_64/primary_db                                                                                                                                                             |  58 kB  00:00:00     
    (3/5): epel/x86_64/updateinfo                                                                                                                                                                              | 994 kB  00:00:01     
    (4/5): updates/7/x86_64/primary_db                                                                                                                                                                         | 4.2 MB  00:00:01     
    (5/5): epel/x86_64/primary_db                                                                                                                                                                              | 6.7 MB  00:00:04     
    Resolving Dependencies
    --> Running transaction check
    ---> Package zabbix-get.x86_64 0:4.0.7-1.el7 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ==================================================================================================================================================================================================================================
     Package                                                 Arch                                                Version                                                    Repository                                           Size
    ==================================================================================================================================================================================================================================
    Installing:
     zabbix-get                                              x86_64                                              4.0.7-1.el7                                                zabbix                                              282 k
    
    Transaction Summary
    ==================================================================================================================================================================================================================================
    Install  1 Package
    
    Total download size: 282 k
    Installed size: 1.1 M
    Downloading packages:
    zabbix-get-4.0.7-1.el7.x86_64.rpm                                                                                                                                                                          | 282 kB  00:00:00     
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : zabbix-get-4.0.7-1.el7.x86_64                                                                                                                                                                                  1/1 
      Verifying  : zabbix-get-4.0.7-1.el7.x86_64                                                                                                                                                                                  1/1 
    
    Installed:
      zabbix-get.x86_64 0:4.0.7-1.el7                                                                                                                                                                                                 
    
    Complete!
    [root@node101.yinzhengjie.org.cn ~]# 
    复制代码
    [root@node101.yinzhengjie.org.cn ~]# zabbix_get -s node102.yinzhengjie.org.cn -k TCP_STATUS[LISTEN]          #需要注意的是:这样取值其实在客户端是以zabbix用户进行取值操作,有些命令需要root用户权限才能执行,因此我们要考虑命令权限的问题哟!
    4
    [root@node101.yinzhengjie.org.cn ~]# 

    3>.在zabbix web页面中创建模板

    4>.填写相应参数并添加模板

    5>.模板添加成功

    6>.为模板添加监控项(item 

    7>.监控ESTABLISHED状态

    8>.克隆上述操作,将其他11中状态监控起来

    9>.TCP的12中状态照单全收

    三.使用自定义模板

    1>.配置主机的监控信息

    2>.链接我们自定义的模板

     

    3>.自定义zabbix监控项

    4>.刷新配置并查看最新数据

    [root@node101.yinzhengjie.org.cn ~]# zabbix_server -R config_cache_reload                #在zabbix server端刷新一下配置
    zabbix_server [10628]: command sent successfully
    [root@node101.yinzhengjie.org.cn ~]# 

  • 相关阅读:
    安装rqalpha的日志
    从github上下载一个csv文件
    PyQt4 里的表格部件的使用方法: QTableWidget
    markdown里的多层次列表项
    打包python脚本为exe的坎坷经历, by pyinstaller方法
    Spyder docstrings文档字符串的标准
    Plot Candlestick Charts in Research of quantopian
    另类之将ipython notebook嵌入blog方法
    Jupyter Notebook Tutorial: Introduction, Setup, and Walkthrough
    爬虫视频讲座
  • 原文地址:https://www.cnblogs.com/xuefy/p/11354094.html
Copyright © 2011-2022 走看看