zabbix 实现 iptables 监控
安装iptstate
# yum install iptstate
配置zabbix key
iptables.conf
# cat /etc/zabbix/zabbix_agentd.d/iptables.conf
UserParameter=iptstate[*],/etc/zabbix/monitor_scripts/iptables.sh $
配置监控脚本:
# cat /etc/zabbix/monitor_scripts/iptables.sh
#!/bin/bash
#iptables 监控脚本
#/-
function tcp {
sudo iptstate --single | grep tcp | wc -l
}
function tcp-syn {
sudo iptstate --single | grep SYN | wc -l
}
function tcp-timewait {
sudo iptstate --single | grep TIME_WAIT | wc -l
}
function tcp-established {
sudo iptstate --single | grep ESTABLISHED | wc -l
}
function tcp-close {
sudo iptstate --single | grep CLOSE | wc -l
}
function udp {
sudo iptstate --single | grep udp | wc -l
}
function icmp {
sudo iptstate --single | grep icmp | wc -l
}
function all {
sudo iptstate --single | wc -l
}
# Run the requested function
$
查看脚本的权限:
# ll
total
-rwxr-xr-x root root Apr : iptables.sh
添加sudo执行权限:
sed -i "s/^Defaults requiretty/#Defaults requiretty/g" /etc/sudoers
echo “zabbix ALL=NOPASSWD: /usr/sbin/iptstate” /etc/sudoers
模板配置:
# cat Template-iptables.xml
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>2.0</version>
<date>--18T09::03Z</date>
<groups>
<group>
<name>Template-Security</name>
</group>
</groups>
<templates>
<template>
<template>Template-iptables</template>
<name>Template-iptables</name>
<description/>
<groups>
<group>
<name>Template-Security</name>
</group>
</groups>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<items>
<item>
<name>total all</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[all]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>total icmp</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[icmp]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>tcp close</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp-close]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>tcp established</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp-established]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>tcp syn</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp-syn]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>tcp timewait</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp-timewait]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>total tcp</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[tcp]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>total udp</name>
<type></type>
<snmp_community/>
<multiplier></multiplier>
<snmp_oid/>
<key>iptstate[udp]</key>
<delay></delay>
<history></history>
<trends></trends>
<status></status>
<value_type></value_type>
<allowed_hosts/>
<units/>
<delta></delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel></snmpv3_securitylevel>
<snmpv3_authprotocol></snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol></snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula></formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type></data_type>
<authtype></authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link></inventory_link>
<applications>
<application>
<name>Iptstates</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
</items>
<discovery_rules/>
<macros/>
<templates/>
<screens/>
</template>
</templates>
<triggers>
<trigger>
<expression>{Template-iptables:iptstate[all].last()}<</expression>
<name>iptables not running</name>
<url/>
<status></status>
<priority></priority>
<description>iptstates条目小于3认为关闭或者异常状态</description>
<type></type>
<dependencies/>
</trigger>
</triggers>
<graphs>
<graph>
<name>iptstate</name>
<width></width>
<height></height>
<yaxismin>0.0000</yaxismin>
<yaxismax>100.0000</yaxismax>
<show_work_period></show_work_period>
<show_triggers></show_triggers>
<type></type>
<show_legend></show_legend>
<show_3d></show_3d>
<percent_left>0.0000</percent_left>
<percent_right>0.0000</percent_right>
<ymin_type_1></ymin_type_1>
<ymax_type_1></ymax_type_1>
<ymin_item_1></ymin_item_1>
<ymax_item_1></ymax_item_1>
<graph_items>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>00C800</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp-close]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>C80000</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp-established]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>0000C8</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp-syn]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>C800C8</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp-timewait]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>00C8C8</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[all]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>C8C800</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[icmp]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color>C8C8C8</color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[tcp]</key>
</item>
</graph_item>
<graph_item>
<sortorder></sortorder>
<drawtype></drawtype>
<color></color>
<yaxisside></yaxisside>
<calc_fnc></calc_fnc>
<type></type>
<item>
<host>Template-iptables</host>
<key>iptstate[udp]</key>
</item>
</graph_item>
</graph_items>
</graph>
</graphs>
</zabbix_export>
导入模板:


重启zabbix-agent:
# /etc/init.d/zabbix-agent restart
Shutting down Zabbix agent: [ OK ]
Starting Zabbix agent: [ OK ]
增加模板本上档host

zabbix 实现 iptables 监控的更多相关文章
- zabbix和iptables的nat表结合使用
A 机器要去访问C机器,但是无法直接访问到A可以访问到B机器,B机器可以访问到C机器这时候就可以再B机器设置nat,让A机器访问C机器 正好工作中zabbix server要监控2个http地址,缺无 ...
- zabbix 配置SNMP监控
什么是SNMP? 简单网络管理协议(SNMP),由一组网络管理的标准组成,包含一个应用层协议(application layer protocol).数据库模型(database schema)和一组 ...
- Zabbix Proxy 分布式监控
简介: Zabbix 是一个分布式监控系统,它可以以一个中心点.多个分节点的模式运行,使用 proxy 能降低 Zabbix Server 的压力,当然也带来了成本~ 适用范围:跨机房.跨地域的网络监 ...
- zabbix模板化监控
zabbix模板化监控 1. 实验简述 在zabbix监控中,有很多组的概念,具体有以下几种: 1. 主机和主机组,相同类型/应用的主机,可以归属于同一个主机组 2. item和application ...
- Zabbix 添加端口监控链接
zabbix 添加端口监控 连接数: zabbix 配置 添加 监控项: 其他检测 方式也是 示例: zabbix 客户端配置文件添加: 编辑 zabbix_agentd.conf 添加 端口 ...
- zabbix实现自定义监控
实现自定义监控项实例 .创建主机组 .创建主机 .创建监控项 .到需要监控的主机的agent中添加自定义的监控项目 cd /etc/zabbix/zabbix_agentd.d vi userpara ...
- zabbix使用jmx监控tomcat
zabbix监控Tomcat/JVM实例性能(115) – 运维生存时间http://www.ttlsa.com/zabbix/zabbix-use-jmx-monitor-tomcat/ zabbi ...
- 24 Zabbix系统配置日志监控告警--关键字触发
点击返回:自学Zabbix之路 点击返回:自学Zabbix4.0之路 点击返回:自学zabbix集锦 24 Zabbix系统配置日志监控告警--关键字触发 trapper是被监控主机主动发送数据给za ...
- 给zabbix添加percona监控模板
简单说明一下给zabbix添加的percona的监控模板. 在percona官方网站有说明怎么安装,这里记录下步骤.首先搭建好的zabbix环境. 监控插件连接 : 链接:https://pan.ba ...
随机推荐
- java 属性封装
//封装性 //封装概念: //1.是面向对象思想的三大特征之一 //2.封装细节是隐藏的,仅对外提供访问接口 //3.封装分类: //属性封装 //方法封装 //类的封装 //组件的封装 //模块化 ...
- 转 error while loading shared libraries: libmysqlclient.so.15: cannot open shared object file
我是今天再用emboss得时候发现出现问题了,再网上搜索了一下,发现有人和我一样得问题,解决得方法是: wget -O /usr/lib64/libmysqlclient.so.15 http://f ...
- 阿里云安装jdk,tomcat,maven,svn,git,nginx
1. 首先通过xftp等工具上传安装包 2. 配置目录 cd usr mkdir java cd java mkdir jdk mkdir tomcatmkdir maven 3. 安装jdk 3.1 ...
- shell脚本启动node服务
#!/bin/bash cd /root/dev-web source /etc/profile /usr/local/node-8.11.1/bin/npm i && EGG_SER ...
- [转载]linux下如何查看系统和内核版本
原文地址:linux下如何查看系统和内核版本作者:vleage 1. 查看内核版本命令: 1) [root@q1test01 ~]# cat /proc/version Linux version 2 ...
- Swift3 JSON字符串和字典互转(JSON字符串转字典和字典转JSON字符串)
直接上代码吧 1.JSONString转换为字典 /// JSONString转换为字典 /// /// - Parameter jsonString: <#jsonString descrip ...
- <转>赋值表达式解析的流程
转自:http://www.cnblogs.com/nazhizq/p/6520072.html 上节说到表达式的解析问题,exprstate函数用于解析普通的赋值表达式.lua语言支持多变量赋值.本 ...
- aligned_storage简单学习
#include <iostream> #include <type_traits> #include <string> /* template< std:: ...
- NYOJ------汉诺塔(一)
汉诺塔(一) 时间限制:1000 ms | 内存限制:65535 KB 难度:3 描述 在印度,有这么一个古老的传说:在世界中心贝拿勒斯(在印度北部)的圣庙里,一块黄铜板上插着三根宝石针.印度 ...
- hihocoder第229周:最大连续字母个数
题目链接 给定一个仅包含小写字母的字符串s(长度小于1e5),你可以交换任意两个字符的位置,现在允许交换k次,要求交换之后,s中最长的连续相同字符个数尽量多,求这个最长连续区间的长度. 样例 输入 1 ...