监控利器Nagios之一:监控本地NFS和外部HTTP、MySQL服务
监控利器Nagios之一:监控本地NFS和外部HTTP、MySQL服务
Nagios是一款开源的免费网络监视工具,能有效监控Windows、Linux和Unix的主机状态,交换机路由器等网络设置,打印机等。在系统或服务状态异常时发出邮件或短信报警第一时间通知网站运维人员,在状态恢复后发出正常的邮件或短信通知。
Nagios的特点:
1、监控服务http、MySQL、nfs、tcp、ping等
2、监控主机资源cpu、负载、I/O、虚拟及内存磁盘利用率等
3、支持邮件微信等报警通信。
4、可选web见面用于查看当前的网络状态等
Nagios的组成:
Nagios监控软件是一个监控平台。Nagios监控一般由一个主程序(nagios)、一个插件程序(nagios-plugins)和一些可选的插件组成。
1、NRPE组件
Nrpe组件一般工作在备监控端,朱勇用于监控本地资源,包括负载(uptime)、CPU(top、Sar)、磁盘(df -hi)、内存(free)、I/O(iostat)等
2、NSClient++
3、NDOUtils
Nagios的监控完整图:
原理如下:
通常由nagios服务端发起获取数据请求,由check_nrpe插件携带要获取的命令,传给给监控端nrpe守护进程,默认是5666端口,nrpe进程读取nrpe.Cfg里对应服务器端发送的命令信息,通过调用本地插件获取数据,然后返回给nagios服务器端的check_nrpe,进而传给nagios战术的web页面中。
一:实验目标
1、监控外部服务器NFS,服务端当做客户端
2、监控外部服务器的MySQL服务
3、监控外部服务器httpd
4、监控外部服务器的私有信息
二:实验环境
VMare |
作用 |
主机名 |
Ip地址 |
安装的软件 |
RHEL-6.5 |
服务端 |
yu61 |
192.168.1.61 |
Nagios软件,nagios插件,nrpe,LAMP环境、NFS |
RHEL-6.5 |
客户端 |
yu62 |
192.168.1.62 |
nagios插件,nrpe、mysql-server、IO |
RHEL-6.5 |
客户端 |
yu63 |
192.168.1.63 |
nagios插件,nrpe、NFS、Http、 |
#所有服务器都需要关闭防火墙
三:实验步骤
安装服务端环境
1、安装LAMP环境
Nagios服务端需要有web界面用来展示监控效果,而监控的内容是属于动态的,因此使用LAMP环境,Apache用作于web展示监控效果,PHP用于展示监控动态信息。
1
2
3
4
5
6
7
8
|
[[email protected] ~] # mkdir -p /home/yu/tools
[[email protected] ~] # yum install -y httpd gccglibc glibc-common php gd gd-devel libpng libmng libjpeg zlib mysql-server
[[email protected] ~] # service iptables stop
[[email protected] ~] # service httpd restart
[[email protected] ~] # vim /var/www/html/index.php
<?php phpinfo(); ?> |
2、添加用户
Apache用户默认是存在的,属组默认的是daemon,需要把它改成nagios。这样它才能有权限访问安装的nagios目录,执行相关的cgi命令,如通过浏览器界面关闭nagios、停止某个故障对象发送报警信息等。
添加nagios帐户,以用来运行Nagios。当然也可以用root运行,但出于安全考虑而使用普通帐号来运行,并且不给这个账号分配shell登录权限
1
2
3
4
|
[[email protected] tools] # useradd -s /sbin/nollogin nagios
[[email protected] tools] # groupadd nagcmd
[[email protected] tools] # usermod -a -G nagcmd nagios
[[email protected] tools] # usermod -a -G nagcmd apache
|
3、安装nagios主程序
1
2
3
4
5
6
7
8
9
10
|
[[email protected] tools] # tar jxvf nagios-cn-3.2.3.tar.bz2
[[email protected] tools] # cd nagios-cn-3.2.3
[[email protected] nagios-cn-3.2.3] # ./configure --with-command-group=nagcmd
[[email protected] nagios-cn-3.2.3] #make all
[[email protected] nagios-cn-3.2.3] # make install
[[email protected] nagios-cn-3.2.3] # make install-init
[[email protected] nagios-cn-3.2.3] #make install-commandmode
[[email protected] nagios-cn-3.2.3] # make install-config
[[email protected] nagios-cn-3.2.3] # make install-webconf
[[email protected] nagios-cn-3.2.3] # htpasswd -c /usr/local/nagios/etc/htpasswd.users mobanche
|
用于检测文件的完整性的方法有两种。一种是绝对路径,一种是启动检测
第一种:
1
|
[[email protected] nagios] # /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
|
第二种:
1
|
[[email protected] nrpe-2.12] # vim /etc/init.d/nagios
|
#删掉启动项中178行中的“ > /dev/null 2>&1;”内容。
1
2
3
4
5
6
|
[[email protected] objects] # vim /usr/local/nagios/etc/cgi.cfg
use_authentication=0 #改为0
[[email protected] nrpe-2.12] # /etc/init.d/nagios checkconfig
Total Warnings: 0 Total Errors: 0 |
4、安装nagios-plugins插件包
Nagios的插件包就是实现获取数据信息的命令或者程序,用过这些命令或程序,nagios可以获取到需要的数据,然后进行报警和展示。
1
2
3
4
5
6
|
[[email protected] tools] # yum install perl-devel openssl-devel -y
[[email protected] tools] # tar zxvf nagios-plugins-1.4.16.tar.gz
[[email protected] tools] # cd nagios-plugins-1.4.16
[[email protected] nagios-plugins-1.4.16] # ./configure --with-nagios-user=nagios --with-nagios-group=nagcmd --enable-perl-modules --with-mysql
[[email protected] nagios-plugins-1.4.16] # make -j 4
[[email protected] nagios-plugins-1.4.16] # make install
|
5、安装nrpe软件包
Nrpe是通常用于安装被监控端的,这里在服务端也安装的了nrpe软件,是因为nagios服务器端需要check_nrpe插件做被动检查,如果服务端不安装nrpe插件,那么也就没有这个插件了,其次nagios服务器端本地的资源也需要被监控,因此nagios服务器端也会被认作客户端。
1
2
3
4
|
[[email protected] tools] # tar zxvf nrpe-2.12.tar.gz
[[email protected] tools] # cd nrpe-2.12
[[email protected] nrpe-2.12] # ./configure
[[email protected] nrpe-2.12] # make all && make instll
|
6、服务端附件
(1)检查登录nagios的管理账户信息
1
2
3
4
|
[[email protected] nagios-cn-3.2.3] # grep AuthUserFile /etc/httpd/conf.d/nagios.conf
AuthUserFile /usr/local/nagios/etc/htpasswd . users
AuthUserFile /usr/local/nagios/etc/htpasswd . users
AuthUserFile /usr/local/nagios/etc/htpasswd . users
|
(2)设置nagios开机自启动
1
2
3
|
[[email protected] nagios-cn-3.2.3] # chkconfig postfix on
[[email protected] nagios-cn-3.2.3] # chkconfig postfix --list
postfix 0:关闭1:关闭2:启用3:启用4:启用5:启用6:关闭 |
(3)邮件报警
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[[email protected] nagios-cn-3.2.3] # /etc/init.d/httpd reload
[[email protected] nagios-cn-3.2.3] # sed -n '35p ' /usr/local/nagios/etc/objects/contacts.cfg
email [email protected]; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
[[email protected] nagios-cn-3.2.3] # /etc/init.d/postfix start
[[email protected] nagios-cn-3.2.3] # lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE /OFF NODE NAME
master 2094 root 12u IPv4 12921 0t0 TCP localhost:smtp (LISTEN) master 2094 root 13u IPv6 12923 0t0 TCP localhost:smtp (LISTEN) [[email protected] nagios-cn-3.2.3] # mail -s "test" [email protected] < /etc/hosts
[[email protected] nagios-cn-3.2.3] # mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender /Recipient-------
A1C723FFA6 599 Sun May 21 12:23:56 [email protected] (lost connection with mx2.qq.com[14.17.41.170] while performing the HELO handshake)
|
安装客户端端环境
注释:三台客户端同时安装,安装的内容一样。
1、添加用户
1
2
3
4
5
6
|
[[email protected] ~] # mkdir -p /home/yu/tools
[[email protected] ~] # cd /home/yu/tools/
[[email protected] tools] # yum install perl-devel openssl-devel -y
[[email protected] tools] # useradd -s /sbin/nologin nagios
[[email protected] tools] # groupadd nagcmd
[[email protected] tools] # usermod -G nagcmd nagios
|
1
2
3
4
5
|
2、安装nagios-plugins插件包 [[email protected] tools] # tar zxvf nagios-plugins-1.4.16.tar.gz
[[email protected] tools] # cd nagios-plugins-1.4.16
[[email protected] nagios-plugins-1.4.16] # ./configure --with-nagios-user=nagios --with-nagios-group=nagcmd --enable-perl-modules --with-mysql
[[email protected] nagios-plugins-1.4.16] # make -j 4 && make install
|
3、安装nrpe软件包
1
2
3
|
[[email protected] tools] # tar zxvf nrpe-2.12.tar.gz
[[email protected] tools] # cd nrpe-2.12
[[email protected] nrpe-2.12] # ./configure && make all && make install
|
实战:监控外部服务器MySQL服务
1、服务端修改配置文件
1
2
3
4
5
6
7
|
[email protected] ~] # cd /usr/local/nagios/etc
[[email protected] etc] # vim nagios.cfg
改:cfg_file= /usr/local/nagios/etc/objects/localhost .cfg
为:注释localhost这一项,添加以下两行: #cfg_file=/usr/local/nagios/etc/objects/localhost.cfg cfg_file= /usr/local/nagios/etc/objects/hosts .cfg
cfg_file= /usr/local/nagios/etc/objects/service .cfg
|
2、修改配置文件、生成要检测的主机配置文件和服务配置文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[[email protected] etc] # cd objects/
[[email protected] objects] # vim hosts.cfg # 添加以下内容
####################chreck_host########################### define host{ use linux-server
host_name yu62
alias mysql服务
address 192.168.1.64
icon_image switch.gif
statusmap_image switch.gd2
2d_coords 100,200
3d_coords 100,200,100
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[[email protected] objects] # vim service.cfg # 添加以下内容
###################check_server_mysql############################# define service{ use local -service
host_name yu62
service_groups mysql服务组
service_description mysql服务
check_command check_mysql
}
##########################check_server_mysql_groups#########################define servicegroup{ servicegroup_name mysql服务组
alias mysql服务器
members yu62,mysql服务
} |
1
2
3
4
5
6
|
[[email protected] objects] # vim commands.cfg #在此文件最后添加以下内容:
define command {
command_name check_mysql command_line $USER1$ /check_mysql -H$HOSTADDRESS$ -u nagdb -d nagdb
} [[email protected] nrpe-2.12] # /etc/init.d/nagios checkconfig
|
3、客户端上安装MySQL服务
1
2
3
4
5
|
[[email protected] ~] # yum install mysql-server -y
[[email protected] ~] # service mysqld restart
[[email protected]~] # mysql
mysql>create database nagdb; |
4、重启mysqld、nagios服务
1
2
3
4
5
|
[[email protected] ~] # /etc/init.d/httpd restart
[[email protected] ~] # /etc/init.d/mysqld restart
[[email protected] ~] # /etc/init.d/nagios restart
[[email protected] objects] #/usr/local/nagios/libexec/check_mysql -H 192.168.1.64 -u nagdb -d nagdb
Uptime: 516 Threads: 1 Questions: 6 Slow queries: 0 Opens: 15 Flush tables: 1 Open tables:8 Queries per second avg: 0.11 |
#上述命令执行后,出现以下信息,表示正常,连接192.168.1.64的mysql里面的用户是正常的
5)测试查看主机和服务:
http://192.168.1.63/nagios/
实战:监控外部服务器NFS服务
1、安装配置NFS服务器
1
2
3
4
5
6
7
8
|
[[email protected] objects] # service rpcbind status
rpcbind (pid 1614) 正在运行... [[email protected] ~] # vim /etc/exports
/tmp *(rw)
[[email protected] ~] # /etc/init.d/nfs restart
[[email protected] ~] # showmount -e 192.168.1.61
Export list for 192.168.1.61:
/tmp *
|
2、编辑check_nfs命令脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
[[email protected] libexec] # pwd
/usr/local/nagios/libexec [[email protected] libexec] # cat check_nfs
check_nfs #!/bin/bash . /data1/server/nagios/libexec/utils .sh
CHECKNAME= "Mount NFS"
RESULT= ""
EXIT_STATUS=$STATE_OK NFSFSTAB=`LC_ALL=C awk '!/^#/ && $3 ~ /^nfs/ && $3 != "nfsd" && $4 !~ /noauto/ { print $1 }' /etc/fstab `
NFSMTAB=`LC_ALL=C awk '$3 ~ /^nfs/ && $3 != "nfsd" && $2 != "/" { print $1 }' /proc/mounts `
theend() { echo $RESULT
exit $EXIT_STATUS
} CHECK_MOUNT(){ LIST= ""
for list in $NFSFSTAB
do
NFS_MOUNT=$(LC_ALL=C cat /proc/mounts | cut -d " " -f 1| grep "${list}$" )
if [ -z "${NFS_MOUNT}" ]; then
LIST= "$LIST$list "
fi
done
} if [ -n "${NFSMTAB}" ]; then
CHECK_MOUNT
if [ -z "${LIST}" ]; then
RESULT= "$CHECKNAME OK - NFS BE MOUNTED PROPERLY"
EXIT_STATUS=$STATE_OK
else
RESULT= "$CHECKNAME WARNING - ${LIST} NOT BE MOUNTED"
EXIT_STATUS=$STATE_WARNING
fi
else RESULT= "$CHECKNAME CRITICAL - ALL NFS NOT BE MOUNTED"
EXIT_STATUS=$STATE_CRITICAL
fi Theend |
注释:为了安全起见修改权限,不修改默认为644 root
1
2
3
4
|
[[email protected] libexec] # chmod 755 check_nfs
[[email protected] libexec] # chown nagios:nagcmd check_nfs
[[email protected] libexec] # ll check_nfs
-rwxr-xr-x 1 nagios nagcmd 973 5月 22 13:27 check_nfs |
3、修改配置文件
1
2
3
4
5
6
7
8
9
10
11
12
|
[[email protected] objects] # cat hosts.cfg ##末尾添加
####################chreck_host########################### define host{ use linux-server
host_name yu61
alias nfs服务
address 192.168.1.61
icon_image switch.gif
statusmap_image switch.gd2
2d_coords 100,200
3d_coords 100,200,100
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[[email protected] objects] # cat service.cfg ##末尾添加
###################check_server_mysql############################# define service{ use local -service
host_name yu61
service_groups nfs服务组
service_description nfs服务
check_command check_nrpe!check_nfs
}
##########################check_server_mysql_groups###################### define servicegroup{ servicegroup_name nfs服务组
alias nfs服务器
members yu61,nfs服务
} |
1
2
3
4
5
6
7
8
9
10
11
|
[[email protected] objects] # vim commands.cfg ##末尾添加
#'check_nrpe' command definition definecommand{ command_name check_nrpe
command_line $USER1$ /check_nrpe -H $HOSTADDRESS$ -c$ARG1$
}
define command {
command_name check_nfs
command_line $USER1$ /check_nfs
}
|
4、检测服务配置及启动服务
1
2
3
4
|
[[email protected] objects] # /etc/init.d/nagios checkconfig
Total Warnings: 0 Total Errors: 0 [[email protected] objects] # /etc/init.d/nagios reload
|
5、测试查看主机和服务
http://192.168.1.63/nagios/
实战:监控外部服务器httpd服务
1、修改配置文件
1
2
3
4
5
6
7
8
9
10
11
|
[[email protected] objects] # cat hosts.cfg ##最后编辑
define host{ use linux-server
host_name yu63
alias http服务
address 192.168.1.63
icon_image switch.gif
statusmap_image switch.gd2
2d_coords 100,200
3d_coords 100,200,100
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[[email protected] objects] # cat service.cfg ##最后添加
###################check_server_httpd-63############################# define service{ use local -service
host_name yu63
service_groups http服务组
service_description http服务
check_command check_http
}
##########################check_server_http-63_groups###################### define servicegroup{ servicegroup_name http服务组
alias http服务器
members yu63,http服务
} |
#Check_http的命令默认就有的
2、检测配置文件和重启服务
1
2
3
4
5
6
7
|
[[email protected] objects] # /etc/init.d/nagios checkconfig
Total Warnings: 0 Total Errors: 0 [[email protected] nrpe-2.12] # service iptables stop
[[email protected] nrpe-2.12] # setenforce 1
setenforce: SELinux is disabled [[email protected] nrpe-2.12] # service httpd restart
|
3、测试查看主机和服务