We are more familiar with the TCP three-way handshake, and know when DOSS attack occurs, the client sends a SYN to the server, the server response SYN + ACK, then the client does not respond to the server ACK friends (if the normal three-way handshake to establish the client will respond to ACK, represent three-way handshake is successfully established, the server ESTABLISED state to state, do not understand the small partners can own Baidu.) , which causes the server SYN-RCVD state of the high side. Therefore, monitoring of TCP connections or necessary, when a SYN-RCVD ones, we may speculate services are abnormal, the process requires manual intervention. Next we will look at how zabbix is to monitor the status of 11 of the TCP.
A state literacy .TCP
1> three-way handshake
Reference links: https://baike.baidu.com/item/%E4%B8%89%E6%AC%A1%E6%8F%A1%E6%89%8B/5111559?fr=aladdin .
2> Use the netstat command to view the status of TCP tool
3> command line to view a certain state of TCP server
[[email protected] ~]# netstat -ant | grep -c LISTEN 4 [[email protected] ~]#
Two .zabbix monitor TCP state cases and custom templates
1>. Zabbix agent at the end of the custom key and restart the service
[[email protected] ~]# cat /etc/zabbix/zabbix_agentd.d/TCP_STATUS.conf UserParameter=TCP_STATUS[*],netstat -ant | grep -c $1 [[email protected] ~]#
[[email protected] ~]# systemctl restart zabbix-agent [[email protected] ~]# [[email protected] ~]# systemctl status zabbix-agent ● zabbix-agent.service - Zabbix Agent Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2019-05-07 07:53:16 PDT; 4s ago Process: 9416 ExecStop=/bin/kill -SIGTERM $MAINPID (code=exited, status=0/SUCCESS) Process: 9419 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS) Main PID: 9422 (zabbix_agentd) CGroup: /system.slice/zabbix-agent.service ├─9422 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf ├─9423 /usr/sbin/zabbix_agentd: collector [idle 1 sec] ├─9424 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection] ├─9425 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection] ├─9426 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection] └─9427 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec] May 07 07:53:16 node102.yinzhengjie.org.cn systemd[1]: Starting Zabbix Agent... May 07 07:53:16 node102.yinzhengjie.org.cn systemd[1]: PID file /run/zabbix/zabbix_agentd.pid not readable (yet?) after start. May 07 07:53:16 node102.yinzhengjie.org.cn systemd[1]: Started Zabbix Agent. [[email protected] ~]#
2>.服务端验证zabbix agent自定义的key是否生效
[[email protected] ~]# yum -y install zabbix-get Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile epel/x86_64/metalink | 6.0 kB 00:00:00 * base: mirrors.aliyun.com * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base | 3.6 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 3.4 kB 00:00:00 mysql-connectors-community | 2.5 kB 00:00:00 mysql-tools-community | 2.5 kB 00:00:00 mysql56-community | 2.5 kB 00:00:00 updates | 3.4 kB 00:00:00 zabbix | 2.9 kB 00:00:00 zabbix-non-supported | 951 B 00:00:00 (1/5): extras/7/x86_64/primary_db | 201 kB 00:00:00 epel/x86_64/primary_db FAILED https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/repodata/b46e7947260ac0114fc1b48c782d12377659fe2b8f565a55bcab0cf98b124aa1-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found ] 0.0 B/s | 0 B --:--:-- ETA Trying other mirror. To address this issue please refer to the below wiki article https://wiki.centos.org/yum-errors If above article doesn't help to resolve this issue please use https://bugs.centos.org/. (2/5): mysql-tools-community/x86_64/primary_db | 58 kB 00:00:00 (3/5): epel/x86_64/updateinfo | 994 kB 00:00:01 (4/5): updates/7/x86_64/primary_db | 4.2 MB 00:00:01 (5/5): epel/x86_64/primary_db | 6.7 MB 00:00:04 Resolving Dependencies --> Running transaction check ---> Package zabbix-get.x86_64 0:4.0.7-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================================================================================================================== Installing: zabbix-get x86_64 4.0.7-1.el7 zabbix 282 k Transaction Summary ================================================================================================================================================================================================================================== Install 1 Package Total download size: 282 k Installed size: 1.1 M Downloading packages: zabbix-get-4.0.7-1.el7.x86_64.rpm | 282 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : zabbix-get-4.0.7-1.el7.x86_64 1/1 Verifying : zabbix-get-4.0.7-1.el7.x86_64 1/1 Installed: zabbix-get.x86_64 0:4.0.7-1.el7 Complete! [[email protected] ~]#
[[email protected] ~]# zabbix_get -s node102.yinzhengjie.org.cn -k TCP_STATUS[LISTEN] #需要注意的是:这样取值其实在客户端是以zabbix用户进行取值操作,有些命令需要root用户权限才能执行,因此我们要考虑命令权限的问题哟! 4 [[email protected] ~]#
3>.在zabbix web页面中创建模板
4>.填写相应参数并添加模板
5>.模板添加成功
6>.为模板添加监控项(item)
7>.监控ESTABLISHED状态
8>.克隆上述操作,将其他11中状态监控起来
9>.TCP的12中状态照单全收
三.使用自定义模板
1>.配置主机的监控信息
2>.链接我们自定义的模板
3>.自定义zabbix监控项
4>.刷新配置并查看最新数据
[[email protected] ~]# zabbix_server -R config_cache_reload #在zabbix server端刷新一下配置 zabbix_server [10628]: command sent successfully [[email protected] ~]#
、