环境
| 名称 | 主机名 | IP |
|---|---|---|
| 服务端 | wangyitong | 192.168.232.128 |
| 客户端 | wyt3 | 192.168.232.132 |
1.创建脚本检查日志文件中是否有指定的关键字
[root@wyt3 ~]# ls
anaconda-ks.cfg pyscripts-master.zip //下载安装包
[root@wyt3 ~]# unzip pyscripts-master.zip //解压安装包
[root@wyt3 ~]# cd pyscripts-master
[root@wyt3 pyscripts-master]# ls
dmp4.py log.py mail_send.py README.md 定时发微信群消息.zip
[root@wyt3 pyscripts-master]# rm -f dmp4.py mail_send.py README.md 定时发微信 群消息.zip //删除不需要的文件
[root@wyt3 pyscripts-master]# ls
log.py
[root@wyt3 pyscripts-master]# ls /scripts/
check_process.sh
[root@wyt3 pyscripts-master]# mv log.py /scripts/ //移动到放置脚本目录
[root@wyt3 ~]# cd /scripts/
[root@wyt3 scripts]# ls
check_process.sh log.py
[root@wyt3 scripts]# chmod +x log.py //执行权限
[root@wyt3 scripts]# ll
total 8
-rwxr-xr-x 1 root root 139 Jul 21 05:52 check_process.sh
-rwxr-xr-x 1 root root 1854 Mar 22 16:09 log.py
[root@wyt3 scripts]# tail -f /var/log/secure //查看错误日志
Jul 21 15:10:36 wyt3 sshd[45342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.232.1 user=root
Jul 21 15:10:36 wyt3 sshd[45342]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jul 21 15:10:39 wyt3 sshd[45342]: Failed password for root from 192.168.232.1 port 49376 ssh2
Jul 21 15:10:44 wyt3 sshd[45342]: error: Received disconnect from 192.168.232.1 port 49376:0: [preauth]
Jul 21 15:10:44 wyt3 sshd[45342]: Disconnected from 192.168.232.1 port 49376 [preauth]
[root@wyt3 scripts]# echo 'Failed' > key //记录错误日志关键词
[root@wyt3 scripts]# ls
check_process.sh key log.py
2.修改配置文件
[root@wyt3 etc]# vim zabbix_agentd.conf
//加入下列内容
UserParameter=check_logs[*],/usr/bin/python /scripts/log.py $1 $2 $3
3.测试脚本关键字是否可以取出
[root@wyt3 ~]# python /scripts/log.py /var/log/secure /tmp/seek Failed
1
[root@wyt3 ~]#
[root@wyt3 ~]# python /scripts/log.py /var/log/secure /tmp/seek Failed
0
4.手动测试一下可否取出值
[root@wyt3 ~]# cd /var/log/
[root@wyt3 log]# setfacl -m u:zabbix:r secure //给文件可读权限
[root@wyt3 log]# getfacl secure
# file: secure
# owner: root
# group: root
user::rw-
user:zabbix:r--
group::---
mask::r--
other::---
[root@wangyitong ~]# zabbix_get -s 192.168.232.132 -k check_logs[/var/log/secure,/tmp/logseek,Failed]
0
5.配置web界面
1.添加监控项
2.添加触发器
6.错误登录
[C:~]$ ssh root@ 192.168.232.132
[root@wyt3 ~]# ls /tmp //自动生成日志文件
logseek
7.收到告警邮件
