zabbix 实现 iptables 监控
安装iptstate
# yum install iptstate
配置zabbix key
iptables.conf
# cat /etc/zabbix/zabbix_agentd.d/iptables.conf
UserParameter=iptstate[*],/etc/zabbix/monitor_scripts/iptables.sh $
配置监控脚本:
# cat /etc/zabbix/monitor_scripts/iptables.sh
#!/bin/bash
#iptables 监控脚本
#/-
function tcp {
sudo iptstate --single | grep tcp | wc -l
}
function tcp-syn {
sudo iptstate --single | grep SYN | wc -l
}
function tcp-timewait {
sudo iptstate --single | grep TIME_WAIT | wc -l
}
function tcp-established {
sudo iptstate --single | grep ESTABLISHED | wc -l
}
function tcp-close {
sudo iptstate --single | grep CLOSE | wc -l
}
function udp {
sudo iptstate --single | grep udp | wc -l
}
function icmp {
sudo iptstate --single | grep icmp | wc -l
}
function all {
sudo iptstate --single | wc -l
}
# Run the requested function
$
查看脚本的权限:
# ll
total
-rwxr-xr-x root root Apr : iptables.sh
添加sudo执行权限:
sed -i "s/^Defaults requiretty/#Defaults requiretty/g" /etc/sudoers
echo “zabbix ALL=NOPASSWD: /usr/sbin/iptstate” /etc/sudoers
模板配置:
# cat Template-iptables.xml
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>2.0</version>
<date>--18T09::03Z</date>
<groups>
<group>
<name>Template-Security</name>
</group>
</groups>
<templates>
<template>
<template>Template-iptables</template>
<name>Template-iptables</name>
<description/>
<groups>
<group>
<name>Template-Security</name>
</group>
</groups>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<items>
<item>
<name>total all</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[all]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>total icmp</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[icmp]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>tcp close</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp-close]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>tcp established</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp-established]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>tcp syn</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp-syn]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>tcp timewait</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp-timewait]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>total tcp</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>total udp</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[udp]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
</items>
<discovery_rules/>
<macros/>
<templates/>
<screens/>
</template>
</templates>
<triggers>
<trigger>
<expression>{Template-iptables:iptstate[all].last()}<</expression>
<name>iptables not running</name>
<url/>
<status></status>
<priority></priority>
<description>iptstates条目小于3认为关闭或者异常状态</description>
<type></type>
<dependencies/>
</trigger>
</triggers>
<graphs>
<graph>
<name>iptstate</name>
<width></width>
<height></height>
<yaxismin>0.0000</yaxismin>
<yaxismax>100.0000</yaxismax>
<show_work_period></show_work_period>
<show_triggers></show_triggers>
<type></type>
<show_legend></show_legend>
<show_3d></show_3d>
<percent_left>0.0000</percent_left>
<percent_right>0.0000</percent_right>
<ymin_type_1></ymin_type_1>
<ymax_type_1></ymax_type_1>
<ymin_item_1></ymin_item_1>
<ymax_item_1></ymax_item_1>
<graph_items>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>00C800</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp-close]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>C80000</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp-established]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>0000C8</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp-syn]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>C800C8</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp-timewait]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>00C8C8</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[all]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>C8C800</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[icmp]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>C8C8C8</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color></color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[udp]</key>
</item>
</graph_item>
</graph_items>
</graph>
</graphs>
</zabbix_export>
导入模板:
重启zabbix-agent:
# /etc/init.d/zabbix-agent restart
Shutting down Zabbix agent: [ OK ]
Starting Zabbix agent: [ OK ]
增加模板本上档host
zabbix 实现 iptables 监控的更多相关文章
- zabbix和iptables的nat表结合使用
A 机器要去访问C机器,但是无法直接访问到A可以访问到B机器,B机器可以访问到C机器这时候就可以再B机器设置nat,让A机器访问C机器 正好工作中zabbix server要监控2个http地址,缺无 ...
- zabbix 配置SNMP监控
什么是SNMP? 简单网络管理协议(SNMP),由一组网络管理的标准组成,包含一个应用层协议(application layer protocol).数据库模型(database schema)和一组 ...
- Zabbix Proxy 分布式监控
简介: Zabbix 是一个分布式监控系统,它可以以一个中心点.多个分节点的模式运行,使用 proxy 能降低 Zabbix Server 的压力,当然也带来了成本~ 适用范围:跨机房.跨地域的网络监 ...
- zabbix模板化监控
zabbix模板化监控 1. 实验简述 在zabbix监控中,有很多组的概念,具体有以下几种: 1. 主机和主机组,相同类型/应用的主机,可以归属于同一个主机组 2. item和application ...
- Zabbix 添加端口监控链接
zabbix 添加端口监控 连接数: zabbix 配置 添加 监控项: 其他检测 方式也是 示例: zabbix 客户端配置文件添加: 编辑 zabbix_agentd.conf 添加 端口 ...
- zabbix实现自定义监控
实现自定义监控项实例 .创建主机组 .创建主机 .创建监控项 .到需要监控的主机的agent中添加自定义的监控项目 cd /etc/zabbix/zabbix_agentd.d vi userpara ...
- zabbix使用jmx监控tomcat
zabbix监控Tomcat/JVM实例性能(115) – 运维生存时间http://www.ttlsa.com/zabbix/zabbix-use-jmx-monitor-tomcat/ zabbi ...
- 24 Zabbix系统配置日志监控告警--关键字触发
点击返回:自学Zabbix之路 点击返回:自学Zabbix4.0之路 点击返回:自学zabbix集锦 24 Zabbix系统配置日志监控告警--关键字触发 trapper是被监控主机主动发送数据给za ...
- 给zabbix添加percona监控模板
简单说明一下给zabbix添加的percona的监控模板. 在percona官方网站有说明怎么安装,这里记录下步骤.首先搭建好的zabbix环境. 监控插件连接 : 链接:https://pan.ba ...
随机推荐
- where常用运算符
mysql查询的五种子句:where(条件查询).having(筛选).group by(分组).order by(排序).limit(限制结果数) where常用运算符:比较运算符> , &l ...
- Leveldb 使用说明文档
Leveldb 使用说明文档 原作者:Jeff Dean, Sanjay Ghemawat 翻译:乌合之众solym@sohu.com 英文原文地址https://rawgit.com/google/ ...
- 关于通信的关键词UDP/(TCP/IP)/IPC/RPC/.NET Remoting/WebService/WCF/Http 系列
OSI七层和TCP/IP四层的关系 1.1 OSI引入了服务.接口.协议.分层的概念,TCP/IP借鉴了OSI的这些概念建立TCP/IP模型. 1.2 OSI先有模型,后有协议,先有标准,后进行实践: ...
- C#让控制台程序不显示闪退窗口的方法
新建一个控制台程序,然后编译为 窗体程序.即可........
- Linux-配置虚拟IP
Linux下配置网卡ip别名何谓ip别名?用windows的话说,就是为一个网卡配置多个ip.什么场合增加ip别名能派上用场?布网需要.多ip访问测试.特定软件对多ip的需要...and so on. ...
- 统计bytearray中的bitcount
给定一个byte数组,要求统计byte数组的bitcount,也就是byte数组中为1的位的个数. Redis提供了位数组数据结构,位数组是相对独立的一个程序,在<Redis设计与实现>( ...
- 第一次使用Mac
Mac禁用掉默认输入法 搜狗输入法已经包含中文.英文输入法了,其余输入法可以删除掉.按ctrol键的时候本来应该是搜狗输入法中英文切换,结果却是搜狗输入法和ABC输入法之间互相切换. 打开键盘偏好设置 ...
- linux shell 脚本攻略学习8---md5校验,sort排序,uniq命令详解
一.校验与核实 目前最为出名的校验技术是md5sum和sha1sum,它们对文件内容使用相应的算法来生成校验和. 举例: amosli@amosli-pc:~/learn$ md5sum text.t ...
- lu协程练习
生产者和消费者问题:当协程调用yield时,从一个悬而未决的resume中返回.简单的协程练习: function receive() local status,value = coroutine.r ...
- Log4j 基本配置示例
1.log4j.properties log4j.rootLogger=INFO, stdout, fileout log4j.logger.TestProject=INFO log4j.append ...