Zabbix如何监控TCP的SYN,establised？

Monitoring network connection states with Zabbix (+ iptables + iptstate)

This is a little howto about displaying some small n’ nice graphs regarding to network connections of your machine. In the way of “Nothing is silly if it involves getting graphs”, the goal of this article is to get a realtime graph showing numbers of current server connections according to protocols,

本文内容英文原文由以下博客作者提供！我做中文说明. 呵呵

http://blog.portwd.com/sysadmin/monitoring-iptables-with-zabbix/

1. iptables, iptstate, zabbix server/agent

2. iptables Zabbix template

3. monitoring scripts

We need to get the template from point 2. and import it to Zabbix sever. Then we will rename it’s application from “Network” to e.g. Network_iptables, due to namespace conflict with default Linux template. Now when we have a possibility to display TCP states and type of connections, let’s fill it with data.

/etc/zabbix_agentd.conf:

UserParameter=iptstate.tcp,/etc/zabbix/scripts/net-tcp

UserParameter=iptstate.tcp.syn,/etc/zabbix/scripts/net-syn

UserParameter=iptstate.tcp.timewait,/etc/zabbix/scripts/net-time-wait

UserParameter=iptstate.tcp.established,/etc/zabbix/scripts/net-established

UserParameter=iptstate.tcp.close,/etc/zabbix/scripts/net-close

UserParameter=iptstate.udp,/etc/zabbix/scripts/net-udp

UserParameter=iptstate.icmp,/etc/zabbix/scripts/net-icmp

Bold font are the names of keys in our newly imported iptables/iptstate zabbix template. Then you need to authorize zabbix user to run iptstate command (potentially without password) and you do it in /etc/sudoers file. Since zabbix agent doesn’t allow to callsudo command directly from it’s config ( you will end up with error log “you must have a tty to run sudo” ), it is also required to turn off “Defaults requiretty” by commenting it out. The scripts which are called in the example above are located in point 3.

#!/bin/bash

est=`sudo iptstate -s | grep ESTABLISHED | wc -l`

echo $est

Output of this simple script is a number of connections which are in ESTABLISHED TCP state. These checks are periodical, so after restarting zabbix-agentd, you’ll get graphs like from beggining of this article. Good part is that you don’t need to be stuck with defaults, you can define some more like this:

iptstate -s -t | head -2 |tail -1 | sed 's/^.*OTHER: //'

上一张我的图吧，还是热呼呼的，呵呵！

第一步，导入zabbix的关于tcp的模版和脚本文件.见附件！

第二步编辑/etc/zabbix_agentd.conf:

UserParameter=iptstate.tcp,/etc/zabbix/scripts/net-tcp

UserParameter=iptstate.tcp.syn,/etc/zabbix/scripts/net-syn

UserParameter=iptstate.tcp.timewait,/etc/zabbix/scripts/net-time-wait

UserParameter=iptstate.tcp.established,/etc/zabbix/scripts/net-established

UserParameter=iptstate.tcp.close,/etc/zabbix/scripts/net-close

UserParameter=iptstate.udp,/etc/zabbix/scripts/net-udp

UserParameter=iptstate.icmp,/etc/zabbix/scripts/net-icmp

建立脚本文件到/etc/zabbix/scripts这个目录里。

请到这儿下载 http://data.portwd.com/code/zabbix-iptables/

第三步：替换掉/etc/sudoers里的选项

sed -i -e 's/^Defaults.*requiretty/# &/' /etc/sudoers

第三步不做的后果是:

a、zabbix-agentd.log会在你查看关于tcp的图形时，狂报以下信息:

sudo: sorry, you must have a tty to run sudo

第四步重启zabbix-agent

备注1： 在测试中有发现部分机器使用iptstate 没有任何的输出。此时，我们需要加载一个模块。

# modprobe ip_conntrack

关于tcp的脚本，建议先在客户端执行，确认有数字输出,如果本地都没有输出，在zabbix server端也不会有输出。

备注2：在客户端使用zabbix用户执行net-tcp时，出现iptstate  找不到命令。请使用完全路径，我也是在某台vps发现这个问题，我的附件里没有修改。太懒了，原作者的也没有修改。关于iptstate，请使用绝对路径

[root@s10315190 scripts]# cat net-icmp

#!/bin/bash

est=`sudo /usr/sbin/iptstate -s | grep icmp | wc -l`

echo $est

使用zabbix 不超过3天，收获真是不少！官方详尽的文档，不少网站和博客上大量的模版，让我收益良多！

免费下载地址在 http://linux.linuxidc.com/

用户名与密码都是www.linuxidc.com

具体下载目录在 /2012年资料/6月/14日/Zabbix 如何监控TCP的SYN,establised？/