nagios.html
Nagios监控服务
nagios监控的主要内容:
- 本地资源:负载uptime,CPU(top,sar),磁盘(df),内存(free),io,raid级别,温度,passwd文件的变化,本地所有文件指纹识别
- 网络服务:端口,URL,丢包,进程数,网络流量
- 其他设备:交换机端口流量,路由器,打印机,windows等
- 业务数据:用户登陆失败次数,用户登陆网站次数,输入验证码失败次数,某个API接口流量并发,网站订单,支付交易数量
- 监控软件本身仅仅是一个平台,我们想监控的内容,理论上只要在服务器命令行可以获取到就可以被监控软件监控
nagios主要功能
- 网络服务监控(SMTP、POP3、HTTP、NNTP、ICMP、SNMP、FTP、SSH)
- 主机资源监控(CPU load、disk usage、system logs),也包括Windows主机(使用NSClient++ plugin)
- 可以指定自己编写的Plugin通过网络收集数据来监控任何情况(温度、警告……)
- 可以通过配置Nagios远程执行插件远程执行脚本
- 远程监控支持SSH或SSL加通道方式进行监控
- 简单的plugin设计允许用户很容易的开发自己需要的检查服务,支持很多开发语言(shell scripts、C++、Perl、ruby、Python、PHP、C#等)
- 包含很多图形化数据Plugins(Nagiosgraph、Nagiosgrapher、PNP4Nagios等)
- 可并行服务检查
- 能够定义网络主机的层次,允许逐级检查,就是从父主机开始向下检查
- 当服务或主机出现问题时发出通告,可通过email, pager, sms 或任意用户自定义的plugin进行通知
- 能够自定义事件处理机制重新激活出问题的服务或主机
- 自动日志循环
- 支持冗余监控
- 包括Web界面可以查看当前网络状态,通知,问题历史,日志文件等
nagios主要组成部分
主程序Nagios+插件Nagios-plugins和一些可选的附加程序(NRPE、NSClient++、NSCA)等
- 服务器端必须安装nagios主程序和nagios-plugins
- 客户端必须安装nagios-plugins
- NRPE半被动模式:工作于被监控端,用于在被监控的远程linux主机上执行脚本插件获取数据回传给监控端,以实现对这些主机资源的监控,守护进程开启端口5666
NRPE运行原理
Nagios 通过NRPE 来远端管理服务
-
Nagios 执行安装在它里面的check_nrpe 插件,并告诉check_nrpe 去检测哪些服务。
-
通过SSL,check_nrpe 连接远端机子上的NRPE daemon
-
NRPE 运行本地的各种插件去检测本地的服务和状态(check_disk,..etc)
-
最后,NRPE 把检测的结果传给主机端的check_nrpe,check_nrpe 再把结果送到Nagios状态队列中。
-
Nagios 依次读取队列中的信息,再把结果显示出来。
nagios服务端安装
安装部署LAMP环境
[root@localhost ~]# yum install gcc php httpd php-gd gd gd-devel mysql* -y
ntpdate统一系统时间
[root@localhost ~]# ntpdate cn.pool.ntp.org
2 Aug 21:34:56 ntpdate[1533]: step time server 110.75.186.249 offset 2631012.350036 sec
安装nagios的相关依赖库文件
[root@localhost ~]# yum install -y gcc glibc glibc-common gd gd-devel xinetd openssl-devel unzip
创建安装目录和用户组并且授权
(因为nagios配置文件中默认安装目录是/usr/local/nagios为了避免不必要的修改)
[root@localhost ~]# mkdir /usr/local/nagios
[root@localhost ~]# useradd nagios -s /sbin/nologin -M
[root@localhost ~]# chown nagios:nagios /usr/local/nagios/
[root@localhost ~]# ll -d /usr/local/nagios/
drwxr-xr-x 2 nagios nagios 4096 Jul 3 10:41 /usr/local/nagios/
编译安装nagios
[root@localhost ~]# tar zxvf nagios-4.2.0.tar.gz
[root@localhost nagios-4.2.0]# ./configure --prefix=/usr/local/nagios/
*** Configuration summary for nagios 4.2.0 08-01-2016 ***:
General Options:
-------------------------
Nagios executable: nagios
Nagios user/group: nagios,nagios
Command user/group: nagios,nagios
Event Broker: yes
Install ${prefix}: /usr/local/nagios
Install ${includedir}: /usr/local/nagios/include/nagios
Lock file: ${prefix}/var/nagios.lock
Check result directory: ${prefix}/var/spool/checkresults
Init directory: /etc/rc.d/init.d
Apache conf.d directory: /etc/httpd/conf.d
Mail program: /bin/mail
Host OS: linux-gnu
IOBroker Method: epoll
Web Interface Options:
------------------------
HTML URL: http://localhost/nagios/
CGI URL: http://localhost/nagios/cgi-bin/
Traceroute (used by WAP):
Review the options above for accuracy. If they look okay,
type 'make all' to compile the main program and CGIs.
[root@localhost nagios-4.2.0]# make all #此过程中报错记得安装unzip
*** Compile finished ***
If the main program and CGIs compiled without any errors, you
can continue with installing Nagios as follows (type 'make'
without any arguments for a list of all possible options):
make install
- This installs the main program, CGIs, and HTML files
make install-init
- This installs the init script in /etc/rc.d/init.d
make install-commandmode
- This installs and configures permissions on the
directory for holding the external command file
make install-config
- This installs *SAMPLE* config files in /usr/local/nagios/etc
You'll have to modify these sample files before you can
use Nagios. Read the HTML documentation for more info
on doing this. Pay particular attention to the docs on
object configuration files, as they determine what/how
things get monitored!
make install-webconf
- This installs the Apache config file for the Nagios
web interface
make install-exfoliation
- This installs the Exfoliation theme for the Nagios
web interface
make install-classicui
- This installs the classic theme for the Nagios
web interface
###### 整个安装过程如下:
./configure --prefix=/usr/local/nagios/
make all
make all
make install
make install-init
make install-commandmode
make install-config
make install-webconf
检查是否生成了对应httpd的web配置文件
[root@localhost ~]# ls -al /etc/httpd/conf.d/
total 24
drwxr-xr-x 2 root root 4096 Aug 2 21:41 .
drwxr-xr-x 4 root root 4096 Jul 3 10:37 ..
-rw-r--r-- 1 root root 1679 Aug 2 21:41 nagios.conf
-rw-r--r-- 1 root root 674 May 10 17:42 php.conf
-rw-r--r-- 1 root root 392 May 11 15:29 README
-rw-r--r-- 1 root root 299 Feb 4 02:40 welcome.conf
查看nagios.conf文件确认需要创建网站登陆用户和密码文件
登陆名最好设置为nagios默认的nagiosadmin,文件为htpasswd.users
[root@localhost ~]# vim /etc/httpd/conf.d/nagios.conf
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file. Customize the paths, etc. as
# needed to fit your system.
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
# Require host 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
[root@localhost ~]# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin
安装nagios-plugin
tar zxvf nagios-plugins-2.1.2.tar.gz
cd nagios--p
cd nagios-plugins-2.1.2
./configure --prefix=/usr/local/nagios/
make && make install
启动nagios服务和httpd服务
[root@localhost ~]# /etc/init.d/httpd start
[root@localhost ~]# /etc/init.d/nagios start
[root@localhost ~]# chkconfig httpd on
[root@localhost ~]# chkconfig nagios on
登陆网页localhost/nagios输入用户名和密码进入网站
NRPE服务安装
编译安装
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd
修改守护进程
在only from处添加监控主机的IP地址
[root@localhost nrpe-2.13]# vim /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1,192.168.10.7
}
在/etc/services中添加nrpe和端口号
确认已经监听5666端口,服务端安装nrpe不需要添加主机ip,客户机需要添加主机ip
[root@localhost nrpe-2.13]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@localhost nrpe-2.13]# netstat -lntup | grep 5666
tcp 0 0 :::5666 :::* LISTEN 26483/xinetd
nagios客户端安装配置
安装依赖文件
[root@server2 ~]# yum install gcc openssl openssl-devel xinetd unzip -y
服务器时间同步
[root@server2 ~]# ntpdate cn.pool.ntp.org
2 Aug 22:18:37 ntpdate[1466]: step time server 120.25.108.11 offset 146310.412101 sec
创建安装路径和用户
[root@server2 ~]# mkdir /usr/local/nagios
[root@server2 ~]# useradd nagios -s /sbin/nologin -M
[root@server2 ~]# chown nagios:nagios /usr/local/nagios/
[root@server2 ~]# ll -d /usr/local/nagios/
drwxr-xr-x 2 nagios nagios 4096 Aug 2 22:19 /usr/local/nagios/
安装nagios-plugins
[root@server2 nagios-plugins-2.1.2]# tar zxvf nagios-plugins-2.1.2.tar.gz
[root@server2 nagios-plugins-2.1.2]# cd nagios-plugins-2.1.2
[root@server2 nagios-plugins-2.1.2]# ./configure --prefix=/usr/local/nagios/
[root@server2 nagios-plugins-2.1.2]# make && make install
编译安装NRPE
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd
修改守护进程
在only from处添加监控主机的IP地址
[root@localhost nrpe-2.13]# vim /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 192.168.10.7
}
在/etc/services中添加nrpe和端口号
确认已经监听5666端口,服务端安装nrpe不需要添加主机ip,客户机需要添加主机ip
[root@localhost nrpe-2.13]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@localhost nrpe-2.13]# netstat -lntup | grep 5666
tcp 0 0 :::5666 :::* LISTEN 26483/xinetd
generated by haroopad