一、理论:
zabbix各类文件功能:
- zabbix登录的配置信息,如果配置错误,可以在此文件中进行更改:/etc/zabbix/web/zabbix.conf.php
- agentd的配置文件:/etc/zabbix/zabbix_agentd.conf
- mysql的配置文件:/etc/my.cnf
- zabbix的日志路径:/var/log/zabbix/zabbix_server.log
- 在Windows上字体包的路径:C:\Windows\fonts
- 在linux中涉及zabbix端的字体路径:/usr/share/fonts/dejavu-sans-fonts/DejaVuSans.ttf
zabbix的优势
- nagios图形不是特别好,也可以安装图形插件,但是也不怎么好看
- nagios一般情况下如果需要图形可以和cacti配合使用
- cacti的监控是轮询监控,效率低,图形相对nagios比较好看
- zabbix和nagios因为是并发监控,对cpu的要求更高
- zabbix在性能和功能上都强大很多
- zabbix的图形相当漂亮
- 支持多种监控方式 zabbix-agent snmp 等等
- 支持分布式监控,能监控的agent非常多
- zabbix有图形的web配置界面,配置简洁
- zabbix支持自动发现功能
zabbix的缺点
需在被监控主机上安装 agent,所有数据都存在数据库里, 产生的数据很大,瓶颈主要在数据库。
zabbix的监控方式:被动模式,主动模式
zabbix的架构
server:Zabbix server 是agent程序报告系统可用性、系统完整性和统计数据的核心组件,是所有配置信息、统计信息和操作数据的核心存储器。
数据库存储:所有配置信息和Zabbix收集到的数据都被存储在数据库中。
web界面:为了从任何地方和任何平台都可以轻松的访问Zabbix, 我们提供基于Web的Zabbix界面。该界面是Zabbix Server的一部分,通常(但不一定)跟Zabbix Server运行在同一台物理机器上。如果使用SQLite,Zabbix Web界面必须要跟Zabbix Server运行在同一台物理机器上。
proxy代理服务器:Zabbix proxy 可以替Zabbix Server收集性能和可用性数据。Proxy代理服务器是Zabbix软件可选择部署的一部分;当然,Proxy代理服务器可以帮助单台Zabbix Server分担负载压力。
agent监控代理:Zabbix agents监控代理 部署在监控目标上,能够主动监控本地资源和应用程序,并将收集到的数据报告给Zabbix Server。
数据流:监控方面,为了创建一个监控项(item)用于采集数据,必须先创建一个主机(host)。告警方面,在监控项里创建触发器(trigger),通过触发器(trigger)来触发告警动作(action)
收到Server XCPU负载过高的告警,你必须: 1. 为Server X创建一个host并关联一个用于对CPU进行监控的监控项(Item)。 2. 创建一个Trigger,设置成当CPU负载过高时会触发 3. Trigger被触发,发送告警邮件 虽然看起来有很多步骤,但是使用模板的话操作起来其实很简单,Zabbix这样的设计使得配置机制非常灵活易用。
二、安装流程
安装版本为zabbix6.4(安装中所涉及的mysql数据库必须是8.3.0版本以下)
官方获取安装方案:zabbix官方源
数据库官方版本下载地址:mysql数据库版本汇总
1、安装zabbix-server
- 确认环境:
- 确认服务器/etc/yum.repo.d中是否含有epel*文件,如果含有添加以下字段
[epel]
...
excludepkgs=zabbix*
- 安装zabbix
rpm -Uvh https://repo.zabbix.com/zabbix/6.4/rhel/9/x86_64/zabbix-release-6.4-2.el9.noarch.rpm && dnf clean all
- 安装Zabbix server,Web前端,agent
dnf install zabbix-server-mysql zabbix-web-mysql zabbix-nginx-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent
mysql数据库安装
- 创建数据库
rpm -Uvh https://dev.mysql.com/get/mysql84-community-release-el9-1.noarch.rpm
- 打开80,关闭其他
vim /etc/yum.repos.d/mysql-community.repo
[mysql80-community]
name=MySQL 8.0 Community Server
baseurl=http://repo.mysql.com/yum/mysql-8.0-community/el/9/$basearch/
#1为打开
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
[mysql-innovation-community]
name=MySQL Innovation Release Community Server
baseurl=http://repo.mysql.com/yum/mysql-innovation-community/el/9/$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
[mysql-8.4-lts-community]
name=MySQL 8.4 LTS Community Server
baseurl=http://repo.mysql.com/yum/mysql-8.4-community/el/9/$basearch
#0为关闭
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
[mysql-connectors-community]
name=MySQL Connectors Community
baseurl=http://repo.mysql.com/yum/mysql-connectors-community/el/9/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
[mysql-tools-community]
name=MySQL Tools Community
baseurl=http://repo.mysql.com/yum/mysql-tools-community/el/9/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
[mysql-tools-innovation-community]
name=MySQL Tools Innovation Community
baseurl=http://repo.mysql.com/yum/mysql-tools-innovation-community/el/9/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
[mysql-tools-8.4-lts-community]
name=MySQL Tools 8.4 LTS Community
baseurl=http://repo.mysql.com/yum/mysql-tools-8.4-community/el/9/$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
[mysql-cluster-8.0-community]
name=MySQL Cluster 8.0 Community
baseurl=http://repo.mysql.com/yum/mysql-cluster-8.0-community/el/9/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
[mysql-cluster-innovation-community]
name=MySQL Cluster Innovation Release Community
baseurl=http://repo.mysql.com/yum/mysql-cluster-innovation-community/el/9/$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
[mysql-cluster-8.4-lts-community]
name=MySQL Cluster 8.4 LTS Community
baseurl=http://repo.mysql.com/yum/mysql-cluster-8.4-community/el/9/$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
- 安装数据库
yum -y install mysql-community-server mysql
- mysql数据库配置文件添加内容
vim /etc/my.cnf
[mysqld]
skip_name_resolve = ON #跳过主机名解析
innodb_file_per_table = ON #
innodb_buffer_pool_size = 256M #缓存池大小
max_connections = 2000 #最大连接数
log-bin = master-log #开启二进制日志
- 启动数据库
systemctl start mysqld
- 修改密码
grep "password" /var/log/mysqld.log
mysqladmin -uroot -p'1!+9gf3KwQx?' password "Renxiaonan@123"
- 进入数据库进行zabbix库建立
mysql -uroot -pRenxiaonan@123
mysql> create database zabbix character set utf8mb4 collate utf8mb4_bin;
mysql> create user zabbix@localhost identified by 'password';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> set global log_bin_trust_function_creators = 1;
mysql> quit;
- 导入初始化数据
rpm -qa |grep "zabbix-sql-scripts*" && rpm -ql zabbix-sql-scripts
zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbix
- 将数据库参数改为0
mysql -uroot -pRenxiaonan@123
mysql> set global log_bin_trust_function_creators = 0;
mysql> quit;
Zabbix-server配置文件修改
- 修改配置文件
vim /etc/zabbix/zabbix_server.conf
sed -i 's/# ListenPort=10051/ListenPort=10051/' /etc/zabbix/zabbix_server.conf
#此参数可以改,也可以不改,如果改了再nginx的配置文件中也需要相应的更改。出站ip,在server端口需要配置清楚
sed -i 's/# SourceIP\=/SourceIP\=10.35.186.120/' /etc/zabbix/zabbix_server.conf
sed -i 's/# DBHost=localhost/DBHost=10.35.186.120/' /etc/zabbix/zabbix_server.conf
sed -i 's/# DBPassword=/DBPassword=Renxiaonan@123/' /etc/zabbix/zabbix_server.conf
sed -i 's/# DBPort=/DBPort=3306/' /etc/zabbix/zabbix_server.conf
如果数据库中的DBName和DBUser都为zabbix,则不用改,如果不是也需要更改
- 修改/etc/nginx/nginx.conf
vim /etc/nginx/nginx.conf
#注释server模块
#server {
# listen 80;
# listen [::]:80;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /404.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
- 编辑zabbix配置文件
vim /etc/nginx/conf.d/zabbix.conf
server {
listen 80;
server_name -;
root /usr/share/zabbix;
index index.php;
location = /favicon.ico {
log_not_found off;
}
location / {
try_files $uri $uri/ =404;
}
location /assets {
access_log off;
expires 10d;
}
location ~ /\.ht {
deny all;
}
location ~ /(api\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location /vendor {
deny all;
return 404;
}
location ~ [^/]\.php(/|$) {
fastcgi_pass unix:/run/php-fpm/zabbix.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param DOCUMENT_ROOT /usr/share/zabbix;
fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}
- 启动zabbix
systemctl restart zabbix-server zabbix-agent nginx php-fpm
systemctl enable zabbix-server zabbix-agent nginx php-fpm
页面配置zabbix
选择语言:如果无法选择中文,在服务器端输入一下命令
dnf install -y langpacks-zh_CN && dnf install glibc-common
systemctl restart zabbix-server zabbix-agent nginx php-fpm
初始化页面报错,配置信息修改
vim /etc/zabbix/zabbix_agentd.conf
# This is a configuration file for Zabbix agent daemon (Unix)
# To get more information about Zabbix, visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_agentd.pid
PidFile=/run/zabbix/zabbix_agentd.pid
### Option: LogType
# Specifies where log messages are written to:
# system - syslog
# file - file specified with LogFile parameter
# console - standard output
#
# Mandatory: no
# Default:
# LogType=file
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: yes, if LogType is set to file, otherwise no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_agentd.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level:
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
#这里的ip和nginx的ip一致
SourceIP=10.35.186.120
### Option: AllowKey
# Allow execution of item keys matching pattern.
# Multiple keys matching rules may be defined in combination with DenyKey.
# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
# Parameters are processed one by one according their appearance order.
# If no AllowKey or DenyKey rules defined, all keys are allowed.
#
# Mandatory: no
### Option: DenyKey
# Deny execution of items keys matching pattern.
# Multiple keys matching rules may be defined in combination with AllowKey.
# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
# Parameters are processed one by one according their appearance order.
# If no AllowKey or DenyKey rules defined, all keys are allowed.
# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
#
# Mandatory: no
# Default:
# DenyKey=system.run[*]
### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
# Internal alias for AllowKey/DenyKey parameters depending on value:
# 0 - DenyKey=system.run[*]
# 1 - AllowKey=system.run[*]
#
# Mandatory: no
### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 - disabled
# 1 - enabled
#
# Mandatory: no
# Default:
# LogRemoteCommands=0
##### Passive checks related
### Option: Server
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
# Incoming connections will be accepted only from the hosts listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: yes, if StartAgents is not explicitly set to 0
# Default:
# Server=
#这里配置的为mysql的ip
Server=10.35.186.120
### Option: ListenPort
# Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
#释放监听端口
ListenPort=10050
### Option: ListenIP
# List of comma delimited IP addresses that the agent should listen on.
# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
### Option: StartAgents
# Number of pre-forked instances of zabbix_agentd that process passive checks.
# If set to 0, disables passive checks and the agent will not listen on any TCP port.
#
# Mandatory: no
# Range: 0-100
# Default:
# StartAgents=3
##### Active checks related
### Option: ServerActive
# Zabbix server/proxy address or cluster configuration to get active checks from.
# Server/proxy address is IP address or DNS name and optional port separated by colon.
# Cluster configuration is one or more server addresses separated by semicolon.
# Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma.
# More than one Zabbix proxy should not be specified from each Zabbix server/cluster.
# If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified.
# Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
# If port is not specified, default port is used.
# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
# If port is not specified, square brackets for IPv6 addresses are optional.
# If this parameter is not specified, active checks are disabled.
# Example for Zabbix proxy:
# ServerActive=127.0.0.1:10051
# Example for multiple servers:
# ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
# Example for high availability:
# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3
# Example for high availability with two clusters and one server:
# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain
#
# Mandatory: no
# Default:
# ServerActive=
#这里也需要更改
ServerActive=10.35.186.120
### Option: Hostname
# List of comma delimited unique, case sensitive hostnames.
# Required for active checks and must match hostnames as configured on the server.
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=
#更改为主机名
Hostname=zabbix-server
### Option: HostnameItem
# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
# Does not support UserParameters or aliases.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname
### Option: HostMetadata
# Optional parameter that defines host metadata.
# Host metadata is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 2034 bytes.
# If not defined, value will be acquired from HostMetadataItem.
#
# Mandatory: no
# Range: 0-2034 bytes
# Default:
# HostMetadata=
### Option: HostMetadataItem
# Optional parameter that defines an item used for getting host metadata.
# Host metadata is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 65535 characters.
# This option is only used when HostMetadata is not defined.
#
# Mandatory: no
# Default:
# HostMetadataItem=
### Option: HostInterface
# Optional parameter that defines host interface.
# Host interface is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 255 characters.
# If not defined, value will be acquired from HostInterfaceItem.
#
# Mandatory: no
# Range: 0-255 characters
# Default:
# HostInterface=
### Option: HostInterfaceItem
# Optional parameter that defines an item used for getting host interface.
# Host interface is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 255 characters.
# This option is only used when HostInterface is not defined.
#
# Mandatory: no
# Default:
# HostInterfaceItem=
### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 1-86400
# Default:
# RefreshActiveChecks=5
### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5
### Option: BufferSize
# Maximum number of values in a memory buffer. The agent will send
# all collected data to Zabbix Server or Proxy if the buffer is full.
#
# Mandatory: no
# Range: 2-65535
# Default:
# BufferSize=100
### Option: MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing 'log' and 'logrt' active checks.
# The provided value will be overridden by the parameter 'maxlines',
# provided in 'log' or 'logrt' item keys.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxLinesPerSecond=20
### Option: HeartbeatFrequency
# Frequency of heartbeat messages in seconds.
# Used for monitoring availability of active checks.
# 0 - heartbeat messages disabled.
#
# Mandatory: no
# Range: 0-3600
# Default: 60
# HeartbeatFrequency=
############ ADVANCED PARAMETERS #################
### Option: Alias
# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
# Different Alias keys may reference the same item key.
# For example, to retrieve the ID of user 'zabbix':
# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
# Now shorthand key zabbix.userid may be used to retrieve data.
# Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
#
# Mandatory: no
# Range:
# Default:
### Option: Timeout
# Spend no more than Timeout seconds on processing
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
### Option: AllowRoot
# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
# NOTE: This option is overriden by settings in systemd service file!
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
Include=/etc/zabbix/zabbix_agentd.d/*.conf
# Include=/usr/local/etc/zabbix_agentd.userparams.conf
# Include=/usr/local/etc/zabbix_agentd.conf.d/
# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
####### USER-DEFINED MONITORED PARAMETERS #######
### Option: UnsafeUserParameters
# Allow all characters to be passed in arguments to user-defined parameters.
# The following characters are not allowed:
# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
# Additionally, newline characters are not allowed.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Range: 0-1
# Default:
# UnsafeUserParameters=0
### Option: UserParameter
# User-defined parameter to monitor. There can be several user-defined parameters.
# Format: UserParameter=<key>,<shell command>
# See 'zabbix_agentd' directory for examples.
#
# Mandatory: no
# Default:
# UserParameter=
### Option: UserParameterDir
# Directory to execute UserParameter commands from. Only one entry is allowed.
# When executing UserParameter commands the agent will change the working directory to the one
# specified in the UserParameterDir option.
# This way UserParameter commands can be specified using the relative ./ prefix.
#
# Mandatory: no
# Default:
# UserParameterDir=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of agent modules.
# Default depends on compilation options.
# To see the default path run command "zabbix_agentd --help".
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at agent startup. Modules are used to extend functionality of the agent.
# Formats:
# LoadModule=<module.so>
# LoadModule=<path/module.so>
# LoadModule=</abs_path/module.so>
# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the agent should connect to server or proxy. Used for active checks.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted
### Option: TLSAccept
# What incoming connections to accept.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=
### Option: TLSCertFile
# Full pathname of a file containing the agent certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=
### Option: TLSKeyFile
# Full pathname of a file containing the agent private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=
####### For advanced users - TLS ciphersuite selection criteria #######
### Option: TLSCipherCert13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate-based encryption.
#
# Mandatory: no
# Default:
# TLSCipherCert13=
### Option: TLSCipherCert
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128
#
# Mandatory: no
# Default:
# TLSCipherCert=
### Option: TLSCipherPSK13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example:
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherPSK13=
### Option: TLSCipherPSK
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
# Example for OpenSSL:
# kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherPSK=
### Option: TLSCipherAll13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example:
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherAll13=
### Option: TLSCipherAll
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherAll=
####### For advanced users - TCP-related fine-tuning parameters #######
## Option: ListenBacklog
# The maximum number of pending connections in the queue. This parameter is passed to
# listen() function as argument 'backlog' (see "man listen").
#
# Mandatory: no
# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
# Default: SOMAXCONN (hard-coded constant, depends on system)
# ListenBacklog=
重启zabbix
2、服务端(以nginx服务为例演示需要收集的服务的相关配置)
- 确认服务器/etc/yum.repo.d中是否含有epel*文件,如果含有添加以下字段
[epel]
...
excludepkgs=zabbix*
- 安装zabbix的yum源
rpm -Uvh https://repo.zabbix.com/zabbix/6.4/rhel/9/x86_64/zabbix-release-6.4-2.el9.noarch.rpm && dnf clean all
- 安装Zabbix-agent
yum install zabbix-agent zabbix-sender -y
zabbix-agent配置
vim /etc/zabbix/zabbix_agentd.conf
#server服务器的ip
SourceIP=10.35.186.120
#zabbix-server服务的ip
Server=10.35.186.120
#agent被监听的端口号
ListenPort=10050
#zabbix-server的ip
ServerActive=10.35.186.120
#被监听的服务机的名称
Hostname=web-agent
三、zabbix 页面调用
1)、监听规则创建:
-
单个规则创建
创建主机,需要先创建主机群组,即将一个功能的服务器可以放在一个群组内进行统一管理,统一配置。
创建主机群组
- 创建主机
- 添加监控项:
- 创建触发器:
触发器是监控控制项内容到达指定标准后进行报警,且此报警内容可以在仪表盘中显示,同事可以配置告警系统,通知到对应的人员。
-
模版创建
模版可以用于多个相同配置规则的主机上,通过模版创建的规则,无法在主机侧一条一条更给规则,需要再模版中对相应的规则更改。创建模版,需要先创建模版组
其余的监控项和触发器和单个添加相同,需要再模版中将触发器、监控项配置完。在主机配置中,直接选择相应模版不用一个一个配置。
2)、页面乱码解决:
将需要上传的字体包上传至linux端
在Windows上字体包的路径:C:\Windows\fonts
在linux中涉及zabbix端的字体路径:/usr/share/fonts/dejavu-sans-fonts/DejaVuSans.ttf
- 上传字体包
- 替换字体
cp /usr/share/fonts/dejavu-sans-fonts/DejaVuSans.ttf /usr/share/fonts/dejavu-sans-fonts/DejaVuSans.ttf.back
mv STXINGKA.TTF DejaVuSans.ttf
mv DejaVuSans.ttf /usr/share/fonts/dejavu-sans-fonts/
- 刷新页面,正常
3)、服务器通过zabbix远程启动指定服务
- 更改需要操作启动的服务器的zabbix-agent文件
vim /etc/zabbix/zabbix_agentd.conf
LogRemoteCommands=1
EnableRemoteCommands=1
systemctl start zabbix-agent
提权
visudo
在100行添加
zabbix ALL=(ALL) NOPASSWD: ALL
- 创建启动对应服务器的脚本
- 创建触发动作
测试效果:
存在问题排错
问题:配置文件和告警配置无问题,但是一直显示无法发现agent机器
解决方式:在配置文件中,存在隐藏字符,将隐藏字符删掉,或者将对应的内容重新输入。
4)、钉钉告警配置
- 在钉钉中创建群聊(内部群聊),在群里面添加自定义机器人
webhook:记住webhook的地址 安全设置:设置加签,只有信息内容包含签才会被机器人发送
- 通过自定义webhook接入自定义服务
- 安装python依赖模块python-requests
-
yum install -y python3 python3-requests pip3 install requests
- 配置钉钉告警脚本
在server端创建目录/etc/zabbix/创建zabbix_ding.conf 文件
vim /etc/zabbix/zabbix_ding.conf
[config]
log_path=/var/log/zabbix/zabbix_ding.log
webhook=https://oapi.dingtalk.com/robot/send?access_token=c1d11ecf6704f008eb25de644ed5cead752c065c0d11f9f89b58273cf0c78a96
secret=SECc26e5bc55c64d454f15a8bdcce6825b7e5bb4f6fecc38025d2845837415192d7
在目录/var/log/zabbix中创建钉钉告警日志文件
/var/log/zabbix/zabbix_ding.log
设置钉钉告警日志文件zabbix_ding.log的所有权
chown zabbix.zabbix /var/log/zabbix/zabbix_ding.log
- 配置脚本告警(在zabbix_server.conf中配置告警脚本的路径
)
vim /etc/zabbix/zabbix_server.conf
在zabbix_server.conf中配置告警脚本的路径
# AlertScriptsPath=/usr/lib/zabbix/alertscripts
我这里修改为
AlertScriptsPath=/usr/lib/zabbix/alertscripts
在/usr/lib/zabbix/alertscripts目录中执行的脚本dingding.py的内容
cd /usr/lib/zabbix/alertscripts
vim dingding.py
#!/usr/bin/env python3
# coding:utf8
#
import configparser
import os
import time
import hmac
import hashlib
import base64
import urllib.parse
import requests
import json
import sys
config = configparser.ConfigParser()
config.read('/etc/zabbix/zabbix_ding.conf', encoding='utf-8')
log_path = config.get('config', 'log_path')
api_url = config.get('config', 'webhook')
api_secret = config.get('config', 'secret')
log_time = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
# 钉钉机器人文档说明
# https://ding-doc.dingtalk.com/doc#/serverapi2/qf2nxq
def get_timestamp_sign():
timestamp = str(round(time.time() * 1000))
secret = api_secret
secret_enc = secret.encode('utf-8')
string_to_sign = '{}\n{}'.format(timestamp, secret)
string_to_sign_enc = string_to_sign.encode('utf-8')
hmac_code = hmac.new(secret_enc, string_to_sign_enc, digestmod=hashlib.sha256).digest()
sign = urllib.parse.quote_plus(base64.b64encode(hmac_code))
return timestamp, sign
# 获取加签后的链接
def get_signed_url():
timestamp, sign = get_timestamp_sign()
webhook = api_url + "×tamp=" + timestamp + "&sign=" + sign
return webhook
# 定义消息模式
def get_webhook(mode):
if mode == 0: # only 关键字
webhook = api_url
elif mode == 1 or mode == 2: # 关键字和加签 或 # 关键字+加签+ip
webhook = get_signed_url()
else:
webhook = ""
print("error! mode: ", mode, " webhook : ", webhook)
return webhook
def get_message(text, user_info):
# 和类型相对应,具体可以看文档 :https://ding-doc.dingtalk.com/doc#/serverapi2/qf2nxq
# 可以设置某个人的手机号,指定对象发送
message = {
"msgtype": "text", # 有text, "markdown"、link、整体跳转ActionCard 、独立跳转ActionCard、FeedCard类型等
"text": {
"content": text # 消息内容
},
"at": {
"atMobiles": [
user_info,
],
"isAtAll": False # 是否是发送群中全体成员
}
}
return message
# 消息发送日志
def log(info):
if os.path.exists(log_path):
log_file = open(log_path, "a+")
else:
log_file = open(log_path, "w+")
log_file.write(info)
def send_ding_message(text, user_info):
# 请求的URL,WebHook地址
# 主要模式有 0 : 关键字 1:# 关键字 +加签 3:关键字+加签+IP
webhook = get_webhook(1)
# 构建请求头部
header = {
"Content-Type": "application/json",
"Charset": "UTF-8"
}
# 构建请求数据
message = get_message(text, user_info)
# 对请求的数据进行json封装
message_json = json.dumps(message)
# 发送请求
info = requests.post(url=webhook, data=message_json, headers=header).json()
code = info["errcode"]
errmsg = info["errmsg"]
if code == 0:
log(log_time + ":消息已发送成功 返回信息:%s %s\n" % (code, errmsg))
else:
log(log_time + ":消息发送失败 返回信息:%s %s\n" % (code, errmsg))
print(log_time + ":消息发送失败 返回信息:%s %s\n" % (code, errmsg))
exit(3)
if __name__ == "__main__":
text = sys.argv[3]
user_info = sys.argv[1]
send_ding_message(text, user_info)
设置脚本目录的所有权
chown -R zabbix.zabbix /usr/lib/zabbix/alertscripts/
给脚本x权限后测试
chmod +x dingding.py
./dingding.py user subject mesages
-
配置脚本告警----告警-->媒介-->创建媒介类型
脚本传输参数:
{ALERT.SENDTO}
{ALERT.SUBJECT}
{ALERT.MESSAGE}
消息模版,以下消息模板会自动填充
-
为用户添加报警媒介
自定义消息内容
主题:服务器报警
消息:
告警主机:{HOST.NAME}
告警地址:{HOST.IP}
监控项目:{ITEM.NAME}
监控取值:{ITEM.LASTVALUE}
告警等级:{TRIGGER.SEVERITY}
当前状态:{TRIGGER.STATUS}
告警信息:{TRIGGER.NAME}
告警时间:{EVENT.DATE} {EVENT.TIME}
事件ID:{EVENT.ID}
主题:服务器已恢复
消息:
告警主机:{HOST.NAME}
告警地址:{HOST.IP}
监控项目:{ITEM.NAME}
监控取值:{ITEM.LASTVALUE}
告警等级:{TRIGGER.SEVERITY}
当前状态:{TRIGGER.STATUS}
告警信息:{TRIGGER.NAME}
告警时间:{EVENT.DATE} {EVENT.TIME}
事件ID:{EVENT.ID}
5)、电话报警
- 监控内容
- 使用睿象云
睿象云-智能运维管理平台-智能运维系统-自动化运维性能监控平台 睿象云
应用名称:zabbix AppKey:82e9d8885eb44fc7b1da61afc81d10a9
一、安装 Agent
1、切换到zabbix脚本目录 (注意查看自己的zabbix存放脚本的目录):
cd /usr/local/zabbix-server/share/zabbix/alertscripts
2、获取Cloud Alert Agent包:
wget https://download.aiops.com/ca_agent/zabbix/ca_zabbix_release-4.0.1.tar.gz
3、解压、安装。
tar -xzf ca_zabbix_release-4.0.1.tar.gz
cd cloudalert/bin
bash install.sh {appKey}
注:1、在安装过程中根据安装提示,输入zabbix管理地址、管理员用户名、密码。
2、zabbix管理地址正确示例:http://zabbix.server.com/zabbix 或是:https://zabbix.server.com/zabbix
4、修改运行zabbix服务权限与cloudalert探针目录权限
请保证运行zabbix服务的权限和cloudalert探针目录的权限保持一致,不一致会导致告警无法正常接入。
5、验证告警集成
产生新的zabbix告警(problem),动作状态为“已送达”表示集成成功。
- 分配策略
分配策略:什么类型的报警发送到哪个用户
-
通知策略
通知策略:采用什么方式进行通知
-
Zabbix添加动作
关联触发器
发送到 Cloud Alert User 组 和 Cloud Alert User 用户
测试报警