1)统计80端口连接数
netstat -nat|grep -i "80"|wc -l
一、监控原理
1)netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}' (不好用,线上服务器执行时间过长)
[user@k8s4 ~]$ netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}' LISTEN 12 ESTABLISHED 12 FIN_WAIT2 9 TIME_WAIT 43
可以使用man netstat查看TCP的各种状态信息描述
ESTABLISHED socket已经建立连接
CLOSED socket没有被使用,无连接
CLOSING 服务器端和客户端都同时关闭连接
CLOSE_WAIT 等待关闭连接
TIME_WAIT 表示收到了对方的FIN报文,并发送出了ACK报文,等待2MSL后就可回到CLOSED状态
LAST_ACK 远端关闭,当前socket被动关闭后发送FIN报文,等待对方ACK报文
LISTEN 监听状态
SYN_RECV 接收到SYN报文
SYN_SENT 已经发送SYN报文
FIN_WAIT1 The socket is closed, and the connection is shutting down
FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end.
LISTEN - 侦听来自远方TCP端口的连接请求; SYN-SENT -在发送连接请求后等待匹配的连接请求; SYN-RECEIVED - 在收到和发送一个连接请求后等待对连接请求的确认; ESTABLISHED- 代表一个打开的连接,数据可以传送给用户; FIN-WAIT-1 - 等待远程TCP的连接中断请求,或先前的连接中断请求的确认; FIN-WAIT-2 - 从远程TCP等待连接中断请求; CLOSE-WAIT - 等待从本地用户发来的连接中断请求; CLOSING -等待远程TCP对连接中断的确认; LAST-ACK - 等待原来发向远程TCP的连接中断请求的确认; TIME-WAIT -等待足够的时间以确保远程TCP接收到连接中断请求的确认; CLOSED - 没有任何连接状态; TCP连接过程是状态的转换,促使发生状态转换的是用户调用:
2)在需要被监控的zabbix-agent端添加脚本编写
mkdir -p /usr/local/zabbix-agent/scripts/ # 添加脚本文件。执行结果返回的是 数字类型
mkdir -p /etc/zabbix/zabbix_agentd.d/ # 存放 zabbix的agent 的key
添加脚本文件
[user@k8s4 ~]$ vim /usr/local/zabbix-agent/scripts/tcp_conn_status.sh
[user@k8s4 ~]$ cat /usr/local/zabbix-agent/scripts/tcp_conn_status.sh #!/bin/bash #this script is used to get tcp and udp connetion status #tcp status metric=$1 tmp_file=/etc/zabbix/tcp_status.txt /bin/netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}' > $tmp_file case $metric in closed) output=$(awk '/CLOSED/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; listen) output=$(awk '/LISTEN/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; synrecv) output=$(awk '/SYN_RECV/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; synsent) output=$(awk '/SYN_SENT/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; established) output=$(awk '/ESTABLISHED/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; timewait) output=$(awk '/TIME_WAIT/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; closing) output=$(awk '/CLOSING/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; closewait) output=$(awk '/CLOSE_WAIT/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; lastack) output=$(awk '/LAST_ACK/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; finwait1) output=$(awk '/FIN_WAIT1/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; finwait2) output=$(awk '/FIN_WAIT2/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; *) echo -e "\e[033mUsage: sh $0 [closed|closing|closewait|synrecv|synsent|finwait1|finwait2|listen|established|lastack|timewait]\e[0m" esac
赋予脚本执行权限
chmod o+x /usr/local/zabbix-agent/scripts/tcp_conn_status.sh
3)添加监控的key值
agent的配置文件 /etc/zabbix/zabbix_agentd.conf
中定义了其他key的包含目录 Include=/etc/zabbix/zabbix_agentd.d/,
接着在 /etc/zabbix/zabbix_agentd.d/ 目录新建一个文件 tcp-status-params.conf, 内容如下
vim /etc/zabbix/zabbix_agentd.d/tcp-status-params.conf
[user@k8s4 ~]$ cat /etc/zabbix/zabbix_agentd.d/tcp-status-params.conf UserParameter=tcp.status[*],/usr/local/zabbix-agent/scripts/tcp_conn_status.sh $1
如果脚本文件中需要写入文件内容,需要给该脚本加入写入权限。
chmod o+w /etc/zabbix/tcp_status.txt # tcp_status.txt 该文件对所有用户均有写入的权限
4)先在zabbix_agent 进行本地脚本测试(任意普通用户执行)
[user@k8s4 ~]$ /bin/bash /usr/local/zabbix-agent/scripts/tcp_conn_status.sh listen 12
注意: /bin/bash /usr/local/zabbix-agent/scripts/tcp_conn_status.sh established 这是查看建立的socket连接
重启agent
service zabbix-agent restart
5)再在服务端进行zabbix_get进行测试连接
[root@zabbix ~]# /usr/local/zabbix/bin/zabbix_get -s 192.168.10.20 -p 10050 -k "tcp.status[listen]" 12
二、zabbix服务端在图形界面添加监控项
1)添加监控项
2)添加图形
三、另一高效的执行监控方法ss
ss监控原理:https://blog.csdn.net/yuwen_dai/article/details/78467686
1)写入监控脚本
vim /usr/local/zabbix-agent/scripts/tcp_socket.sh (其实该脚本并没有用)
#!/bin/bash function SYNRECV { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'SYN-RECV' | awk '{print $2}' } function ESTAB { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'ESTAB' | awk '{print $2}' } function FINWAIT1 { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'FIN-WAIT-1' | awk '{print $2}' } function FINWAIT2 { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'FIN-WAIT-2' | awk '{print $2}' } function TIMEWAIT { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'TIME-WAIT' | awk '{print $2}' } function LASTACK { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'LAST-ACK' | awk '{print $2}' } function LISTEN { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'LISTEN' | awk '{print $2}' } function CLOSED { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'CLOSED' | awk '{print $2}' } function SYN_SENT { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'SYN_SENT' | awk '{print $2}' } function CLOSE_WAIT { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'CLOSE_WAIT' | awk '{print $2}' } function CLOSING { /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'CLOSING' | awk '{print $2}' } case $1 in SYNRECV) SYNRECV ;; ESTAB) ESTAB ;; FINWAIT1) FINWAIT1 ;; FINWAIT2) FINWAIT2 ;; TIMEWAIT) TIMEWAIT ;; LASTACK) LASTACK ;; LISTEN) LISTEN ;; CLOSED) CLOSED ;; SYN_SENT) SYN_SENT ;; CLOSE_WAIT) CLOSE_WAIT ;; CLOSING) CLOSING ;; *) exit 1 ;; esac
执行检测
[root@nredis scripts]# /bin/bash /usr/local/zabbix-agent/scripts/tcp_socket.sh ESTAB 75024
2)添加监控的key
UserParameter=tcp.status[*], /usr/sbin/ss -ant | grep -c $1 # 真正有用的程序 # UserParameter=tcp.status[*], /data/app/zabbix/etc/zabbix_agentd.conf.d/tcpstatus.sh $1
可传入的参数为
[SYNRECV,ESTAB,FINWAIT1,FINWAIT2,TIME-WAIT,LASTACK,LISTEN,CLOSED,SYN_SENT,CLOSE_WAIT,CLOSING]
SYN_RECV表示正在等待处理的请求数;
ESTABLISHED表示正常数据传输状态;
TIME_WAIT表示处理完毕,等待超时结束的请求数。
