This is a little howto about displaying some small n’ nice graphs regarding to network connections of your machine. In the way of , the goal of this article is to get a realtime graph showing numbers of current server connections according to protocols,
本文内容英文原文由以下博客作者提供!我做中文说明. 呵呵
1. iptables, , zabbix server/agent
2.
3.
We need to get the template from point 2. and import it to Zabbix sever. Then we will rename it’s application from “Network” to e.g. Network_iptables, due to namespace conflict with default Linux template. Now when we have a possibility to display TCP states and type of connections, let’s fill it with data.
/etc/zabbix_agentd.conf:
UserParameter=iptstate.tcp,/etc/zabbix/scripts/net-tcp UserParameter=iptstate.tcp.syn,/etc/zabbix/scripts/net-syn UserParameter=iptstate.tcp.timewait,/etc/zabbix/scripts/net-time-wait UserParameter=iptstate.tcp.established,/etc/zabbix/scripts/net-established UserParameter=iptstate.tcp.close,/etc/zabbix/scripts/net-close UserParameter=iptstate.udp,/etc/zabbix/scripts/net-udp UserParameter=iptstate.icmp,/etc/zabbix/scripts/net-icmp
Bold font are the names of keys in our newly imported iptables/iptstate zabbix template. Then you need to authorize zabbix user to run iptstate command (potentially without password) and you do it in /etc/sudoers file. Since zabbix agent doesn’t allow to callsudo command directly from it’s config ( you will end up with error log “you must have a tty to run sudo” ), it is also required to turn off “Defaults requiretty” by commenting it out. The scripts which are called in the example above are located
#!/bin/bash est=`sudo iptstate -s | grep ESTABLISHED | wc -l` echo $est
Output of this simple script is a number of connections which are in ESTABLISHED TCP state. These checks are periodical, so after restarting zabbix-agentd, you’ll get graphs like from beggining of this article. Good part is that you don’t need to be stuck with defaults, you can define some more like this:
iptstate -s -t | head -2 |tail -1 | sed 's/^.*OTHER: //'
上一张我的图吧,还是热呼呼的,呵呵!
第一步,导入zabbix的关于tcp的模版和脚本文件.见附件!
第二步编辑/etc/zabbix_agentd.conf:
UserParameter=iptstate.tcp,/etc/zabbix/scripts/net-tcp UserParameter=iptstate.tcp.syn,/etc/zabbix/scripts/net-syn UserParameter=iptstate.tcp.timewait,/etc/zabbix/scripts/net-time-wait UserParameter=iptstate.tcp.established,/etc/zabbix/scripts/net-established UserParameter=iptstate.tcp.close,/etc/zabbix/scripts/net-close UserParameter=iptstate.udp,/etc/zabbix/scripts/net-udp UserParameter=iptstate.icmp,/etc/zabbix/scripts/net-icmp
建立脚本文件到/etc/zabbix/scripts这个目录里。
请到这儿下载
第三步:替换掉/etc/sudoers里的选项
sed -i -e 's/^Defaults.*requiretty/# &/' /etc/sudoers
以下命令在使用后,有效;但是不知道为什么在使用一段时间后,仍然会报错。
做如下修改!<如果执行以上命令后,仍会报错,你就做如下修改吧>
sed -i 's/# Defaults\ requiretty/Defaults\ !requiretty/' /etc/sudoers
第三步不做的后果是:
a、zabbix-agentd.log会在你查看关于tcp的图形时,狂报以下信息:
sudo: sorry, you must have a tty to run sudo
第四步重启zabbix-agent
备注1: 在测试中有发现部分机器使用iptstate 没有任何的输出。此时,我们需要加载一个模块。
备注2:在客户端使用zabbix用户执行net-tcp时,出现iptstate 找不到命令。请使用完全路径,我也是在某台vps发现这个问题,我的附件里没有修改。太懒了,原作者的也没有修改。关于iptstate,请使用绝对路径
[root@s10315190 scripts]# cat net-icmp
#!/bin/bash
est=`sudo /usr/sbin/iptstate -s | grep icmp | wc -l`
echo $est
使用zabbix 不超过3天,收获真是不少!官方详尽的文档,不少网站和博客上大量的模版,让我收益良多!
zabbix官方也提供了iptstate的模版地址!