Скрипты и файлы конфигурации для мониторинга состояния TCP соединений.
Шаблон для zabbix:
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>2.0</version>
<date>2015-05-31T06:58:27Z</date>
<groups>
<group>
<name>Linux servers</name>
</group>
</groups>
<templates>
<template>
<template>Template UnixTcp</template>
<name>Template UnixTcp</name>
<groups>
<group>
<name>Linux servers</name>
</group>
</groups>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<items>
<item>
<name>CLOSE_WAIT</name>
<type>2</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>tcp.closew</key>
<delay>60</delay>
<history>7</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>0</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>ESTABLISHED</name>
<type>2</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>tcp.establ</key>
<delay>60</delay>
<history>7</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>0</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>FIN_WAIT1</name>
<type>2</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>tcp.finw1</key>
<delay>60</delay>
<history>7</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>0</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>FIN_WAIT2</name>
<type>2</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>tcp.finw2</key>
<delay>60</delay>
<history>7</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>0</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>LISTEN</name>
<type>2</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>tcp.listen</key>
<delay>60</delay>
<history>7</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>0</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>SYN_RECV</name>
<type>2</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>tcp.synrecv</key>
<delay>60</delay>
<history>7</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>0</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>SYN_SENT</name>
<type>2</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>tcp.synsent</key>
<delay>60</delay>
<history>7</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>0</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>TIME_WAIT</name>
<type>2</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>tcp.timew</key>
<delay>60</delay>
<history>7</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>0</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>Trapper</name>
<type>0</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>tcp.all</key>
<delay>30</delay>
<history>7</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>TCP</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
</items>
<discovery_rules/>
<macros/>
<templates/>
<screens/>
</template>
</templates>
<triggers>
<trigger>
<expression>{Template UnixTcp:tcp.establ.last(0)}>10000</expression>
<name>Too many ESTABLISHED connections on {HOST.NAME}</name>
<url/>
<status>0</status>
<priority>3</priority>
<description/>
<type>0</type>
<dependencies/>
</trigger>
<trigger>
<expression>{Template UnixTcp:tcp.timew.last(0)}>30000</expression>
<name>Too many TIME_WAIT connections on {HOST.NAME}</name>
<url/>
<status>0</status>
<priority>3</priority>
<description/>
<type>0</type>
<dependencies/>
</trigger>
</triggers>
<graphs>
<graph>
<name>TCP Connections</name>
<width>900</width>
<height>200</height>
<yaxismin>0.0000</yaxismin>
<yaxismax>100.0000</yaxismax>
<show_work_period>1</show_work_period>
<show_triggers>1</show_triggers>
<type>1</type>
<show_legend>1</show_legend>
<show_3d>0</show_3d>
<percent_left>0.0000</percent_left>
<percent_right>0.0000</percent_right>
<ymin_type_1>0</ymin_type_1>
<ymax_type_1>0</ymax_type_1>
<ymin_item_1>0</ymin_item_1>
<ymax_item_1>0</ymax_item_1>
<graph_items>
<graph_item>
<sortorder>6</sortorder>
<drawtype>1</drawtype>
<color>009900</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template UnixTcp</host>
<key>tcp.establ</key>
</item>
</graph_item>
<graph_item>
<sortorder>3</sortorder>
<drawtype>1</drawtype>
<color>9999FF</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template UnixTcp</host>
<key>tcp.closew</key>
</item>
</graph_item>
<graph_item>
<sortorder>0</sortorder>
<drawtype>1</drawtype>
<color>3333FF</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template UnixTcp</host>
<key>tcp.timew</key>
</item>
</graph_item>
<graph_item>
<sortorder>5</sortorder>
<drawtype>1</drawtype>
<color>DDDD00</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template UnixTcp</host>
<key>tcp.synrecv</key>
</item>
</graph_item>
<graph_item>
<sortorder>1</sortorder>
<drawtype>1</drawtype>
<color>FFFF66</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template UnixTcp</host>
<key>tcp.listen</key>
</item>
</graph_item>
<graph_item>
<sortorder>4</sortorder>
<drawtype>1</drawtype>
<color>BBBB00</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template UnixTcp</host>
<key>tcp.synsent</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<drawtype>1</drawtype>
<color>DDDDDD</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template UnixTcp</host>
<key>tcp.finw1</key>
</item>
</graph_item>
<graph_item>
<sortorder>1</sortorder>
<drawtype>1</drawtype>
<color>CCCCCC</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template UnixTcp</host>
<key>tcp.finw2</key>
</item>
</graph_item>
</graph_items>
</graph>
</graphs>
</zabbix_export>
Для удобства установки различных нестандартных метрик для мониторинга я использую директиву Include=/etc/zabbix/zabbix_agentd.conf.d/
после чего можно добавлять отдельные файлы, в которых будут все опции,
необходимые для работы необходимой метрики, в данном случае: /etc/zabbix/zabbix_agentd.conf.d/tcp_status.conf
:
UserParameter=tcp.all,/etc/zabbix/scripts/tcp_status.sh
Теперь создадим скрипт, который осуществляет доставку данных в Zabbix - /etc/zabbix/scripts/tcp_status.sh
:
#!/bin/sh
# WARNING: Correctly setup 'Hostname=' in config is REQUIRED!
/usr/bin/env ss -ant | \
awk '{
if (NR>1) state[$1]++;
}
END {
split("establ,listen,synsent,synrecv,finw1,finw2,closew,timew",list,",")
for (i in list) {array[list[i]]=0}
for (i in state) {
s=i;
sub(/ESTAB/, "establ", s);
sub(/LISTEN/, "listen", s);
sub(/SYN-SENT/, "synsent", s);
sub(/SYN-RECV/, "synrecv", s);
sub(/FIN-WAIT-1/, "finw1", s);
sub(/FIN-WAIT-2/, "finw2", s);
sub(/CLOSE-WAIT/, "closew", s);
sub(/TIME-WAIT/, "timew", s);
array[s]=state[i]
}
for (i in array){print "- tcp."i, array[i]}
}' | /usr/bin/env zabbix_sender \
--config /etc/zabbix/zabbix_agentd.conf \
--input-file - >/dev/null 2>&1
echo $?
exit 0
И сразу выставляем правильные права на скрипт:
chmod 755 /etc/zabbix/scripts/tcp_status.sh
chown zabbix:zabbix /etc/zabbix/scripts/tcp_status.sh
Если каталога /etc/zabbix/scripts
у вас еще нет, то его нужно создать:
mkdir /etc/zabbix/scripts
chmod 755 /etc/zabbix/scripts
chown zabbix:zabbix /etc/zabbix/scripts
Стоит отметить тот факт, что в скрипте используется ss
(из пакета iproute2
), вместо netstat
, замеры и опыт использования показал, что ss
быстрее.
Все почти готово, теперь можно зайти в панель Zabbix и добавить нужному хосту новый шаблон Template UnixTcp.
Comments
comments powered by Disqus