Alarm Configuration

The need for alarm

Why should alarm?

When unusual performance server, in order to achieve real-time alarm information to charge, easy system maintenance personnel in a timely manner to avoid or resolve system failures

Alarms principle

What is the principle ZABBIX alerts?

Each zabbix trigger is identified by a unique trigger id, the time trigger condition is satisfied, zabbix generate events, such as CPU utilization for five minutes more than 90% is a condition that can define a trigger based on this condition. CPU usage data monitored item is called an item in terms of zabbix. Zabbix monitoring a large number of item, such as CPU, disk, network bandwidth, ping status, availability of web services, etc.

Trigger has cut only two states: OK and PROBLEM, OK represents the normal state, PROBLEM indicates a problem, beyond the predetermined threshold value, the trigger when the state changes, an event happened. Problem entered the state of the flip-flop is a zabbix problem

Event to a corresponding one of the action is called action, an action is a result of its operation, such as sending alarm information, remote operation, etc.

Alarm mode

ZABBIX alarm in the following ways:

e-mail
script
SMS
Jabber
EZ newsletter

This is mainly to explain the e-mail alerts and alarms micro letter (script warning)

E-mail alerts

Configuring the host zabbix

# Detect whether mailx software has been installed, if the installation is skipped, the installation does not install mailx 
[root @ zabbix ~] # RPM -qa | grep mailx && echo  " mailx already installed " || yum  install mailx - the y- 
configuration mailx service, my alarm mail Tencent mail 
[root @ zabbix ~] # vim / etc / Mail.rc 
# set the alarm zabbix Outbox, configuration smtp domain 
the sET from = = mailbox name smtp smtp.exmail.qq.com   
# zabbix alarm Outbox login user name and password 
sET SMTP -auth-user mailbox name = smtp-auth-password = mail password 
# Outbox will alert zabbix set to automatically log in 
sET SMTP -auth = login   
[zabbix the root @ ~] # echo  "the Test " | mail -s " zabbix "   Inbox   // test whether the normal e-mail to send a message, if you can show that you would normally send mail configuration no problem, you can continue to the next step

web-side configuration

Configure the alarm media types

My alarm media type configuration is as follows

Name: Email
Type: E-mail
SMTP server: smtp.exmail.qq.com
SMTP server port: 465
SMTP the HELO: exmail.qq.com.cn

Configure the alarm message recipients

Configuration actions

Zabbix clones carrying action, and then edit

Fault alarm: {TRIGGER.NAME} 
trap host: {HOST.NAME} 
alert time: {EVENT.DATE} {EVENT.TIME} 
Alarm Level: {TRIGGER.SEVERITY} 
alarm information: {TRIGGER.NAME} 
Alarm items: {TRIGGER .KEY} 
problem details: {iTEM.NAME}: {ITEM.VALUE} 
current status: {TRIGGER.STATUS}: {ITEM.VALUE1}

Configuring the recovery operation and configuration procedure is the same as

告警主机：{HOST.NAME}
主机IP地址：{HOST.IP}
恢复时间：{EVENT.RECOVERY.DATE} {EVENT.RECOVERY.TIME}
告警等级：{TRIGGER.SEVERITY}
告警信息：{TRIGGER.NAME}
告警项目：{TRIGGER.KEY}
问题详情：{ITEM.NAME}:{ITEM.VALUE}
当前状态：{TRIGGER.STATUS}:{ITEM.VALUE1}

测试邮件告警

修改触发器的触发条件，即可完成测试

企业微信告警

企业微信web端配置

注册企业微信账号或使用公司的企业微信账号，并创建应用

https://work.weixin.qq.com/

主要流程如下：

　1.创建微信用户成员。

　2.创建应用，这是关键，企业微信创建的应用ID为1000002

　3.创建应用管理组，添加组成员（也就是设置哪些用户可以接收到报警的通知信息）。

　4.创建成功后需要获取到以下信息：CropID 和Secret 当然还包括创建的用户信息。

　　申请企业微信，创建对应的组成员这些就不介绍了，按照注册向导创建即可，主要写下创建应用获取应用Secret 和CorpID

企业微信配置

创建应用并获取Agentld和Secret

获取Agentld和secert

获取CorpID

获取部门ID

zabbix服务端配置

#ZABBIX脚本配置
#找到放置告警脚本的目录
[root@zabbix ~]# find  / -name alertscripts
/usr/lib/zabbix/alertscripts
#进入目录配置脚本
[root@zabbix ~]# cd /usr/lib/zabbix/alertscripts
[root@zabbix alertscripts]# vim weixin.sh
#!/bin/bash
# @Date: 2019-09-26 21:05:59
# @Author: zhangcheng (3359957053@qq.com)
# @Description: 微信告警脚本
 
#####################################
#填写企业ID
CropID='wx9ac8f9478320ea89 '
 
#应用的secret,下面的GURL和PURL 地址无需变动
Secret='qUwDxMnL73w0VAR807O0X57KAaI7GJ4YP_RFau5quEI'
GURL="https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=$CropID&corpsecret=$Secret"
Gtoken=$(/usr/bin/curl -s -G $GURL | awk -F\" '{print $10}')
PURL="https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=$Gtoken"
 
function body() {                
        #这里是创建的应用ID 
        local int AppID=1000002                
        #接收消息用户，系统传参
        local UserID=$1                              
        #接收消息的部门ID
        local PartyID=2                             
        local Msg=$(echo "$@" | cut -d" " -f3-)
        printf '{\n'
        printf '\t"touser": "'"$UserID"\"",\n"
        printf '\t"toparty": "'"$PartyID"\"",\n"
        printf '\t"msgtype": "text",\n'
        printf '\t"agentid": "'" $AppID "\"",\n"
        printf '\t"text": {\n'
        printf '\t\t"content": "'"$Msg"\""\n"
        printf '\t},\n'
        printf '\t"safe":"0"\n'
        printf '}\n'
}
/usr/bin/curl --data-ascii "$(body $1 $2 $3)" $PURL

#脚本权限配置
[root@zabbix alertscripts]# chown zabbix.zabbix weixin.sh 
[root@zabbix alertscripts]# chmod -v +x weixin.sh

web端配置

这里的设置和邮件告警的步骤基本相同了，创建【动作】、【示警媒介】、【接收消息的用户】

脚本传参： {ALERT.SENDTO} {ALERT.SUBJECT} {ALERT.MESSAGE}

用户这里添加需要增加用户的示警媒介【管理】-【用户】-选择对应的用户-【示警媒介】添加的收件人则为企业微信中的账号

配置action
告警动作
服务器:{HOST.NAME}出现故障！\n
主机:{HOSTNAME1}\n
IP地址:{HOST.IP}\n
时间:{EVENT.DATE} {EVENT.TIME}\n
等级:{TRIGGER.SEVERITY}\n
信息: {TRIGGER.NAME}\n
项目:{TRIGGER.KEY1}\n
详情:{ITEM.NAME}:{ITEM.VALUE}\n
状态:{TRIGGER.STATUS}:{ITEM.VALUE1}\n
事件ID:{EVENT.ID}\n
注意：恢复信息中时间:{EVENT.DATE} {EVENT.TIME}\n 要修改为时间:{EVENT.RECOVERY.DATE} {EVENT.RECOVERY.TIME}\n 否则不能获取到正确的恢复时间。

测试告警，和邮件告警一样

zabbix study notes of alarm configuration