Zabbix custom TCP 11 state monitoring templates
It will be very troublesome if you have been adding monitoring items to multiple hosts at the same time. In actual production, there are many times when we need to add multiple identical monitoring items to a batch of machines at the same time. It will be very troublesome to manually add one by one. With the birth of the template, we only need to create a template to link the template to the host that needs to be monitored.
We first manually realize the large-scale creation of monitoring items, and then make it into a template
We take tcp11 states as an example to add monitoring items
tcp11中状态
ESTABLISHED
SYN_SENT
SYN_RECV
FIN_WAIT1
FIN_WAIT2
TIME_WAIT
CLOSE
CLOSE_WAIT
LAST_ACK
LISTEN
CLOSING
tcp three-time handshake, four-time wave concept map
Three handshake:
First, the client is in the close closed state, and after the first SYN request is sent with the server (this SYN request will carry a seq random sequence), the client is in the SYN_SENT state, and the server must be in the listen state while receiving the request sent by the client Listening state, otherwise the request packet cannot be received. After receiving the request packet, it is in the SYN_RCVD state. At this time, a SYN request packet (also with a random sequence) is sent to the client, and an ACK confirmation packet (here ACK is random) The sequence value is the sequence number of the SYN sent by the client + 1). The client will be in the ESTABLISHED state after receiving these two packets. At this time, it will also send an ACK packet to the server (where the random sequence value of the ACK is the server The sent SYN sequence +1), the status is in ESTABLISHED after the server receives it
Note that if the number of requests in this state is large, they will be attacked by ddos
Wave four times:
When the connection needs to be disconnected, the server actively disconnects, because the data transmission is initiated by the server, so the disconnection is also initiated by the server
First, the server sends a FIN request packet to the client (representing the request to disconnect). After the sending is completed, the server is in the FIN_WAIT_1 state (_1 is just to distinguish it from the second wave of hands). The client will send one after receiving it. After the ACK is sent, the client is in the CLOSE_WAIT state, and the server will be in the FIN_WAIT_2 state after receiving it. At this time, the client will also send a FIN request packet to request disconnection. The client regrets that it is in LAST_ACK after sending it. Status, the server will be in the TIME_WAIT state after receiving the FIN request packet. At this time, there will be a 2MSL time (MSL time is 60s, 2MSL is 120s), and an ACK confirmation packet will be sent to the client after 2 minutes, indicating that the confirmation is broken Open the connection, the client will be in the close state after receiving it, wave four times to complete
1. Manually create TCP 11 status monitoring items
1.1. Create a custom monitoring item key
1.批量获取tcp11种状态取值命令
[root@zabbix-server ~]# stata=(ESTABLISHED SYN_SENT SYN_RECV FIN_WAIT1 FIN_WAIT2 TIME_WAIT TIME_WAITCLOSE CLOSE_WAIT LAST_ACK LISTEN CLOSING )
[root@zabbix-server ~]# for i in ${stata[@]}; do echo "netstat -anpt | grep -c "\'$i\'""; done
netstat -anpt | grep -c 'ESTABLISHED'
netstat -anpt | grep -c 'SYN_SENT'
netstat -anpt | grep -c 'SYN_RECV'
netstat -anpt | grep -c 'FIN_WAIT1'
netstat -anpt | grep -c 'FIN_WAIT2'
netstat -anpt | grep -c 'TIME_WAIT'
netstat -anpt | grep -c 'TIME_WAITCLOSE'
netstat -anpt | grep -c 'CLOSE_WAIT'
netstat -anpt | grep -c 'LAST_ACK'
netstat -anpt | grep -c 'LISTEN'
netstat -anpt | grep -c 'CLOSING'
2.批量获得key值
[root@zabbix-server ~]# for i in ${stata[@]}
> do
> echo "UserParameter=$i,netstat -anpt | grep -c "\'$i\'""
> done
UserParameter=ESTABLISHED,netstat -anpt | grep -c 'ESTABLISHED'
UserParameter=SYN_SENT,netstat -anpt | grep -c 'SYN_SENT'
UserParameter=SYN_RECV,netstat -anpt | grep -c 'SYN_RECV'
UserParameter=FIN_WAIT1,netstat -anpt | grep -c 'FIN_WAIT1'
UserParameter=FIN_WAIT2,netstat -anpt | grep -c 'FIN_WAIT2'
UserParameter=TIME_WAIT,netstat -anpt | grep -c 'TIME_WAIT'
UserParameter=TIME_WAITCLOSE,netstat -anpt | grep -c 'TIME_WAITCLOSE'
UserParameter=CLOSE_WAIT,netstat -anpt | grep -c 'CLOSE_WAIT'
UserParameter=LAST_ACK,netstat -anpt | grep -c 'LAST_ACK'
UserParameter=LISTEN,netstat -anpt | grep -c 'LISTEN'
UserParameter=CLOSING,netstat -anpt | grep -c 'CLOSING
3.在配置文件定义key值
[root@zabbix-server ~]# vim /etc/zabbix/zabbix_agentd.d/tcp.conf
UserParameter=ESTABLISHED,netstat -anpt | grep -c 'ESTABLISHED'
UserParameter=SYN_SENT,netstat -anpt | grep -c 'SYN_SENT'
UserParameter=SYN_RECV,netstat -anpt | grep -c 'SYN_RECV'
UserParameter=FIN_WAIT1,netstat -anpt | grep -c 'FIN_WAIT1'
UserParameter=FIN_WAIT2,netstat -anpt | grep -c 'FIN_WAIT2'
UserParameter=TIME_WAIT,netstat -anpt | grep -c 'TIME_WAIT'
UserParameter=TIME_WAITCLOSE,netstat -anpt | grep -c 'TIME_WAITCLOSE'
UserParameter=CLOSE_WAIT,netstat -anpt | grep -c 'CLOSE_WAIT'
UserParameter=LAST_ACK,netstat -anpt | grep -c 'LAST_ACK'
UserParameter=LISTEN,netstat -anpt | grep -c 'LISTEN'
UserParameter=CLOSING,netstat -anpt | grep -c 'CLOSING
4.重启zabbix-agent
[root@zabbix-server ~]# systemctl restart zabbix-agent
1.2. Create monitoring items on the page
Find our zabbix server host, because custom keys are created on zabbix server
All monitoring items are created like this
Click to create monitoring item
Name: Number of ESTABLISHED states
Key-value: ESTABLISHED
Application set: tcp 11 state
All monitoring items are created
2. Make tcp11 states into templates and apply them to all hosts in the host group
2.1. Push the monitoring item key configuration file to the monitoring host
[root@zabbix-server ~]# for i in 192.168.81.220 192.168.81.230
> do
> scp /etc/zabbix/zabbix_agentd.d/tcp.conf root@$i:/etc/zabbix/zabbix_agentd.d/
> ssh root@$i "systemctl restart zabbix-agent"
> done
Warning: Permanently added '192.168.81.220' (ECDSA) to the list of known hosts.
[email protected]'s password:
tcp.conf 100% 660 205.2KB/s 00:00
[email protected]'s password:
Warning: Permanently added '192.168.81.230' (ECDSA) to the list of known hosts.
[email protected]'s password:
tcp.conf 100% 660 708.3KB/s 00:00
[email protected]'s password:
2.2. Create a template
Click Configure-Template-Create Template
2.3. Add monitoring items
Click to create a monitoring item
2.4. Add existing monitoring items to the template
Find the tcp11 monitoring items you just created and click Copy
Target type selection template-find the corresponding template
You can see that there are already monitoring items
2.5. Create an application set
Find template-application set-create application set
2.6. Add monitoring items to the application set
Select all monitoring items-batch update
Find and add new or existing applications to select the application set
2.7. Create graphics
Templates-graphics-create graphics
Fill in the graphic information
Name: Status in tcp11
Select all tcp monitoring items
Click add
2.8. Template creation is complete
2.9. Apply templates to hosts in the host group
192.168.81.220 operation
Click Configure—Host—Template—Select Template—Add
Click update
192.168.81.230 operation is consistent
2.10. Monitoring items have been added
2.11 View monitoring data
Monitoring-latest data-select host-select application set
2.12 View graphics
Configuration-graphics-select host-select graphics
3. Reduce the waiting time for unsupported items
The default is 10m, we modify it to 10s
Management—General—Select Other—Refresh unsupported items
Unsupported ones will be refreshed automatically after 10s