Zabbix custom TCP 11 state monitoring templates (14)

Zabbix custom TCP 11 state monitoring templates

It will be very troublesome if you have been adding monitoring items to multiple hosts at the same time. In actual production, there are many times when we need to add multiple identical monitoring items to a batch of machines at the same time. It will be very troublesome to manually add one by one. With the birth of the template, we only need to create a template to link the template to the host that needs to be monitored.

We first manually realize the large-scale creation of monitoring items, and then make it into a template

We take tcp11 states as an example to add monitoring items

tcp11中状态
ESTABLISHED
SYN_SENT
SYN_RECV
FIN_WAIT1
FIN_WAIT2
TIME_WAIT
CLOSE
CLOSE_WAIT
LAST_ACK
LISTEN
CLOSING

tcp three-time handshake, four-time wave concept map

Three handshake:

​ First, the client is in the close closed state, and after the first SYN request is sent with the server (this SYN request will carry a seq random sequence), the client is in the SYN_SENT state, and the server must be in the listen state while receiving the request sent by the client Listening state, otherwise the request packet cannot be received. After receiving the request packet, it is in the SYN_RCVD state. At this time, a SYN request packet (also with a random sequence) is sent to the client, and an ACK confirmation packet (here ACK is random) The sequence value is the sequence number of the SYN sent by the client + 1). The client will be in the ESTABLISHED state after receiving these two packets. At this time, it will also send an ACK packet to the server (where the random sequence value of the ACK is the server The sent SYN sequence +1), the status is in ESTABLISHED after the server receives it

Note that if the number of requests in this state is large, they will be attacked by ddos

Wave four times:

​ When the connection needs to be disconnected, the server actively disconnects, because the data transmission is initiated by the server, so the disconnection is also initiated by the server

​ First, the server sends a FIN request packet to the client (representing the request to disconnect). After the sending is completed, the server is in the FIN_WAIT_1 state (_1 is just to distinguish it from the second wave of hands). The client will send one after receiving it. After the ACK is sent, the client is in the CLOSE_WAIT state, and the server will be in the FIN_WAIT_2 state after receiving it. At this time, the client will also send a FIN request packet to request disconnection. The client regrets that it is in LAST_ACK after sending it. Status, the server will be in the TIME_WAIT state after receiving the FIN request packet. At this time, there will be a 2MSL time (MSL time is 60s, 2MSL is 120s), and an ACK confirmation packet will be sent to the client after 2 minutes, indicating that the confirmation is broken Open the connection, the client will be in the close state after receiving it, wave four times to complete

1. Manually create TCP 11 status monitoring items

1.1. Create a custom monitoring item key

1.批量获取tcp11种状态取值命令
[root@zabbix-server ~]# stata=(ESTABLISHED SYN_SENT SYN_RECV FIN_WAIT1 FIN_WAIT2 TIME_WAIT TIME_WAITCLOSE CLOSE_WAIT LAST_ACK LISTEN  CLOSING )
[root@zabbix-server ~]# for i in ${stata[@]}; do echo "netstat -anpt | grep -c "\'$i\'""; done
netstat -anpt | grep -c 'ESTABLISHED'
netstat -anpt | grep -c 'SYN_SENT'
netstat -anpt | grep -c 'SYN_RECV'
netstat -anpt | grep -c 'FIN_WAIT1'
netstat -anpt | grep -c 'FIN_WAIT2'
netstat -anpt | grep -c 'TIME_WAIT'
netstat -anpt | grep -c 'TIME_WAITCLOSE'
netstat -anpt | grep -c 'CLOSE_WAIT'
netstat -anpt | grep -c 'LAST_ACK'
netstat -anpt | grep -c 'LISTEN'
netstat -anpt | grep -c 'CLOSING'

2.批量获得key值
[root@zabbix-server ~]# for i in ${stata[@]}
> do
> echo "UserParameter=$i,netstat -anpt | grep -c "\'$i\'""
> done
UserParameter=ESTABLISHED,netstat -anpt | grep -c 'ESTABLISHED'
UserParameter=SYN_SENT,netstat -anpt | grep -c 'SYN_SENT'
UserParameter=SYN_RECV,netstat -anpt | grep -c 'SYN_RECV'
UserParameter=FIN_WAIT1,netstat -anpt | grep -c 'FIN_WAIT1'
UserParameter=FIN_WAIT2,netstat -anpt | grep -c 'FIN_WAIT2'
UserParameter=TIME_WAIT,netstat -anpt | grep -c 'TIME_WAIT'
UserParameter=TIME_WAITCLOSE,netstat -anpt | grep -c 'TIME_WAITCLOSE'
UserParameter=CLOSE_WAIT,netstat -anpt | grep -c 'CLOSE_WAIT'
UserParameter=LAST_ACK,netstat -anpt | grep -c 'LAST_ACK'
UserParameter=LISTEN,netstat -anpt | grep -c 'LISTEN'
UserParameter=CLOSING,netstat -anpt | grep -c 'CLOSING

3.在配置文件定义key值
[root@zabbix-server ~]# vim /etc/zabbix/zabbix_agentd.d/tcp.conf
UserParameter=ESTABLISHED,netstat -anpt | grep -c 'ESTABLISHED'
UserParameter=SYN_SENT,netstat -anpt | grep -c 'SYN_SENT'
UserParameter=SYN_RECV,netstat -anpt | grep -c 'SYN_RECV'
UserParameter=FIN_WAIT1,netstat -anpt | grep -c 'FIN_WAIT1'
UserParameter=FIN_WAIT2,netstat -anpt | grep -c 'FIN_WAIT2'
UserParameter=TIME_WAIT,netstat -anpt | grep -c 'TIME_WAIT'
UserParameter=TIME_WAITCLOSE,netstat -anpt | grep -c 'TIME_WAITCLOSE'
UserParameter=CLOSE_WAIT,netstat -anpt | grep -c 'CLOSE_WAIT'
UserParameter=LAST_ACK,netstat -anpt | grep -c 'LAST_ACK'
UserParameter=LISTEN,netstat -anpt | grep -c 'LISTEN'
UserParameter=CLOSING,netstat -anpt | grep -c 'CLOSING

4.重启zabbix-agent
[root@zabbix-server ~]# systemctl restart zabbix-agent

1.2. Create monitoring items on the page

Find our zabbix server host, because custom keys are created on zabbix server

All monitoring items are created like this

Click to create monitoring item

Name: Number of ESTABLISHED states

Key-value: ESTABLISHED

Application set: tcp 11 state

All monitoring items are created

2. Make tcp11 states into templates and apply them to all hosts in the host group

2.1. Push the monitoring item key configuration file to the monitoring host

[root@zabbix-server ~]# for i in 192.168.81.220 192.168.81.230
> do
> scp /etc/zabbix/zabbix_agentd.d/tcp.conf root@$i:/etc/zabbix/zabbix_agentd.d/
> ssh root@$i "systemctl restart zabbix-agent"
> done
Warning: Permanently added '192.168.81.220' (ECDSA) to the list of known hosts.
[email protected]'s password: 
tcp.conf                          100%  660   205.2KB/s   00:00    
[email protected]'s password: 
Warning: Permanently added '192.168.81.230' (ECDSA) to the list of known hosts.
[email protected]'s password: 
tcp.conf                          100%  660   708.3KB/s   00:00   
[email protected]'s password: 

2.2. Create a template

Click Configure-Template-Create Template

2.3. Add monitoring items

Click to create a monitoring item

2.4. Add existing monitoring items to the template

Find the tcp11 monitoring items you just created and click Copy

Target type selection template-find the corresponding template

You can see that there are already monitoring items

2.5. Create an application set

Find template-application set-create application set

2.6. Add monitoring items to the application set

Select all monitoring items-batch update

Find and add new or existing applications to select the application set

2.7. Create graphics

Templates-graphics-create graphics

Fill in the graphic information

Name: Status in tcp11

Select all tcp monitoring items

Click add

2.8. Template creation is complete

2.9. Apply templates to hosts in the host group

192.168.81.220 operation

Click Configure—Host—Template—Select Template—Add

Click update

192.168.81.230 operation is consistent

2.10. Monitoring items have been added

2.11 View monitoring data

Monitoring-latest data-select host-select application set

2.12 View graphics

Configuration-graphics-select host-select graphics

3. Reduce the waiting time for unsupported items

The default is 10m, we modify it to 10s

Management—General—Select Other—Refresh unsupported items

Unsupported ones will be refreshed automatically after 10s