zabbix3.2自定义监控tcp连接数 
1)统计80端口连接数
netstat -nat|grep -i "80"|wc -l

一、监控原理

1)netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}'    (不好用,线上服务器执行时间过长)

[user@k8s4 ~]$ netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}'
LISTEN 12
ESTABLISHED 12
FIN_WAIT2 9
TIME_WAIT 43

可以使用man netstat查看TCP的各种状态信息描述  
ESTABLISHED       socket已经建立连接  
CLOSED            socket没有被使用,无连接  
CLOSING           服务器端和客户端都同时关闭连接  
CLOSE_WAIT        等待关闭连接  
TIME_WAIT         表示收到了对方的FIN报文,并发送出了ACK报文,等待2MSL后就可回到CLOSED状态  
LAST_ACK          远端关闭,当前socket被动关闭后发送FIN报文,等待对方ACK报文  
LISTEN            监听状态  
SYN_RECV          接收到SYN报文  
SYN_SENT          已经发送SYN报文  
FIN_WAIT1         The socket is closed, and the connection is shutting down  
FIN_WAIT2         Connection is closed, and the socket is waiting for a shutdown from the remote end.

LISTEN - 侦听来自远方TCP端口的连接请求; 

SYN-SENT -在发送连接请求后等待匹配的连接请求; 

SYN-RECEIVED - 在收到和发送一个连接请求后等待对连接请求的确认; 

ESTABLISHED- 代表一个打开的连接,数据可以传送给用户; 

FIN-WAIT-1 - 等待远程TCP的连接中断请求,或先前的连接中断请求的确认;

FIN-WAIT-2 - 从远程TCP等待连接中断请求; 

CLOSE-WAIT - 等待从本地用户发来的连接中断请求; 

CLOSING -等待远程TCP对连接中断的确认; 

LAST-ACK - 等待原来发向远程TCP的连接中断请求的确认; 

TIME-WAIT -等待足够的时间以确保远程TCP接收到连接中断请求的确认; 

CLOSED - 没有任何连接状态;

TCP连接过程是状态的转换,促使发生状态转换的是用户调用:
View Code

2)在需要被监控的zabbix-agent端添加脚本编写

 mkdir -p /usr/local/zabbix-agent/scripts/    # 添加脚本文件。执行结果返回的是  数字类型
 mkdir -p /etc/zabbix/zabbix_agentd.d/                 # 存放 zabbix的agent 的key

添加脚本文件

[user@k8s4 ~]$ vim /usr/local/zabbix-agent/scripts/tcp_conn_status.sh

[user@k8s4 ~]$ cat /usr/local/zabbix-agent/scripts/tcp_conn_status.sh
#!/bin/bash
#this script is used to get tcp and udp connetion status
#tcp status
metric=$1
tmp_file=/etc/zabbix/tcp_status.txt
/bin/netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}' > $tmp_file
case $metric in
    closed)
        output=$(awk '/CLOSED/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;
        
        
    listen)
        output=$(awk '/LISTEN/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;

    synrecv)
        output=$(awk '/SYN_RECV/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;

    synsent)
        output=$(awk '/SYN_SENT/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;        
        
    established)
        output=$(awk '/ESTABLISHED/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;            
        
        
    timewait)
        output=$(awk '/TIME_WAIT/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;        
        
    closing)
        output=$(awk '/CLOSING/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;    

    closewait)
        output=$(awk '/CLOSE_WAIT/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;    


        
    lastack)
        output=$(awk '/LAST_ACK/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;        
        

    finwait1)
        output=$(awk '/FIN_WAIT1/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;

        
    finwait2)
        output=$(awk '/FIN_WAIT2/{print $2}' $tmp_file)
        if [ "$output" == "" ];then
            echo 0
        else
            echo $output
        fi
        ;;


    *)
    echo -e "\e[033mUsage: sh $0 [closed|closing|closewait|synrecv|synsent|finwait1|finwait2|listen|established|lastack|timewait]\e[0m"
   
esac
tcp_conn_status.sh

赋予脚本执行权限
chmod o+x /usr/local/zabbix-agent/scripts/tcp_conn_status.sh 

3)添加监控的key值

agent的配置文件 /etc/zabbix/zabbix_agentd.conf
中定义了其他key的包含目录 Include=/etc/zabbix/zabbix_agentd.d/,
接着在 /etc/zabbix/zabbix_agentd.d/ 目录新建一个文件 tcp-status-params.conf, 内容如下

vim /etc/zabbix/zabbix_agentd.d/tcp-status-params.conf

[user@k8s4 ~]$ cat /etc/zabbix/zabbix_agentd.d/tcp-status-params.conf 
UserParameter=tcp.status[*],/usr/local/zabbix-agent/scripts/tcp_conn_status.sh $1
tcp-status-params.conf

如果脚本文件中需要写入文件内容,需要给该脚本加入写入权限。

chmod o+w /etc/zabbix/tcp_status.txt    #  tcp_status.txt 该文件对所有用户均有写入的权限

4)先在zabbix_agent 进行本地脚本测试(任意普通用户执行)

[user@k8s4 ~]$ /bin/bash /usr/local/zabbix-agent/scripts/tcp_conn_status.sh listen
12

注意: /bin/bash /usr/local/zabbix-agent/scripts/tcp_conn_status.sh established  这是查看建立的socket连接

重启agent
service zabbix-agent restart

5)再在服务端进行zabbix_get进行测试连接

[root@zabbix ~]# /usr/local/zabbix/bin/zabbix_get -s 192.168.10.20 -p 10050 -k "tcp.status[listen]"
12

二、zabbix服务端在图形界面添加监控项

1)添加监控项

2)添加图形

 三、另一高效的执行监控方法ss

ss监控原理:https://blog.csdn.net/yuwen_dai/article/details/78467686

1)写入监控脚本

vim /usr/local/zabbix-agent/scripts/tcp_socket.sh  (其实该脚本并没有用)

#!/bin/bash

function SYNRECV {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'SYN-RECV' | awk '{print $2}'
}
function ESTAB {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'ESTAB' | awk '{print $2}'
}
function FINWAIT1 {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'FIN-WAIT-1' | awk '{print $2}'
}
function FINWAIT2 {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'FIN-WAIT-2' | awk '{print $2}'
}
function TIMEWAIT {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'TIME-WAIT' | awk '{print $2}'
}
function LASTACK {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'LAST-ACK' | awk '{print $2}'
}
function LISTEN {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'LISTEN' | awk '{print $2}'
}
function CLOSED {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'CLOSED' | awk '{print $2}'
}
function SYN_SENT {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'SYN_SENT' | awk '{print $2}'
}
function CLOSE_WAIT {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'CLOSE_WAIT' | awk '{print $2}'
}
function CLOSING {
    /usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'CLOSING' | awk '{print $2}'
}
case $1 in
    SYNRECV)
        SYNRECV
        ;;
    ESTAB)
        ESTAB
        ;;
    FINWAIT1)
        FINWAIT1
        ;;
    FINWAIT2)
        FINWAIT2
        ;;
    TIMEWAIT)
        TIMEWAIT
        ;;
    LASTACK)
        LASTACK
        ;;
    LISTEN)
        LISTEN
        ;;
    CLOSED)
        CLOSED
        ;;
    SYN_SENT)
        SYN_SENT
        ;;
    CLOSE_WAIT)
        CLOSE_WAIT
        ;;
    CLOSING)
        CLOSING
        ;;
    *)
        exit 1
        ;;
esac
tcp_socket.sh

执行检测

[root@nredis scripts]# /bin/bash /usr/local/zabbix-agent/scripts/tcp_socket.sh ESTAB
75024

 2)添加监控的key

UserParameter=tcp.status[*], /usr/sbin/ss -ant | grep -c $1  # 真正有用的程序
# UserParameter=tcp.status[*], /data/app/zabbix/etc/zabbix_agentd.conf.d/tcpstatus.sh $1

可传入的参数为

[SYNRECV,ESTAB,FINWAIT1,FINWAIT2,TIME-WAIT,LASTACK,LISTEN,CLOSED,SYN_SENT,CLOSE_WAIT,CLOSING]

 

 SYN_RECV表示正在等待处理的请求数;
ESTABLISHED表示正常数据传输状态;
TIME_WAIT表示处理完毕,等待超时结束的请求数。

posted on 2018-12-24 10:54  可口_可乐  阅读(282)  评论(0编辑  收藏  举报
Copyright © 2024 可口_可乐
Powered by .NET 8.0 on Kubernetes Powered By: 博客园