zabbix之监控日志文件

最新推荐文章于 2024-03-28 23:20:17 发布

A panacea

最新推荐文章于 2024-03-28 23:20:17 发布

阅读量207

点赞数

本文链接：https://blog.csdn.net/weixin_47726353/article/details/107500132

版权

客户端	服务端
192.168.175.100	192.168.175.150

客户端添加log压缩包
压缩包地址：https://github.com/chendao2015/pyscripts

[root@localhost ~]# yum -y install unzip
已加载插件：fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.njupt.edu.cn
 * extras: mirrors.njupt.edu.cn
 * updates: mirrors.njupt.edu.cn                                             此处省略。。。。。。

已安装:
  unzip.x86_64 0:6.0-21.el7                                                                     

完毕！
[root@localhost ~]# ls
anaconda-ks.cfg  pyscripts-master.zip  zabbix-5.0.2  zabbix-5.0.2.tar.gz
[root@localhost ~]# unzip pyscripts-master.zip 
Archive:  pyscripts-master.zip
67a2f27e90f1cb27d46bbe855d255b3e0d302cd7
   creating: pyscripts-master/
  inflating: pyscripts-master/README.md  
  inflating: pyscripts-master/dmp4.py  
  inflating: pyscripts-master/log.py  
  inflating: pyscripts-master/mail_send.py  
  inflating: pyscripts-master/定时发微信群消息.zip  
[root@localhost ~]# ls
anaconda-ks.cfg  pyscripts-master  pyscripts-master.zip  zabbix-5.0.2  zabbix-5.0.2.tar.gz
[root@localhost pyscripts-master]# ls
dmp4.py  log.py  mail_send.py  README.md  定时发微信群消息.zip
[root@localhost pyscripts-master]# rm -rf dmp4.py mail_send.py 定时发微信群消息.zip README.md  删除一些多余的
[root@localhost pyscripts-master]# ls
log.py
[root@localhost pyscripts-master]# ls /scripts/
check_process.sh
[root@localhost pyscripts-master]# mv log.py /scripts/    把脚本统一放到一个地方
[root@localhost pyscripts-master]# ls
[root@localhost pyscripts-master]# cd
[root@localhost ~]# ls 
anaconda-ks.cfg  pyscripts-master  pyscripts-master.zip  zabbix-5.0.2  zabbix-5.0.2.tar.gz
[root@localhost ~]# rm -rf pyscripts-master*
[root@localhost ~]# ls
anaconda-ks.cfg  zabbix-5.0.2  zabbix-5.0.2.tar.gz
[root@localhost ~]# cd /scripts/
[root@localhost scripts]# ls
check_process.sh  log.py
[root@localhost scripts]# chmod +x log.py 
[root@localhost scripts]# ll
总用量 8
-rwxr-xr-x 1 root root  143 7月  23 10:34 check_process.sh
-rwxr-xr-x 1 root root 1854 3月  22 16:09 log.py
[root@localhost scripts]# 
[root@localhost scripts]# ls /var/log/
anaconda  btmp    dmesg      lastlog   ppp     spooler   vmware-vmsvc.log
audit     chrony  dmesg.old  maillog   rhsm    tallylog  wtmp
boot.log  cron    firewalld  messages  secure  tuned     yum.log
[root@localhost scripts]# tail -f /var/log/secure   查找关键字
Jul 23 14:28:54 localhost sshd[36410]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jul 23 14:28:56 localhost sshd[36410]: **Failed** password for root from 192.168.175.100 port 33632 ssh2
Jul 23 14:29:02 localhost sshd[36410]: Connection closed by 192.168.175.100 [preauth]
[root@localhost scripts]# echo 'Failed' > key
[root@localhost scripts]# ls
check_process.sh  key  log.py
[root@localhost ~]# cd /usr/local/etc/
[root@localhost etc]# ls
zabbix_agentd.conf  zabbix_agentd.conf.d
[root@localhost etc]# vim zabbix_agentd.conf
[root@localhost etc]# which python
/usr/bin/python
编辑文件添加下面内容
***UserParameter=check_logs[*]，/usr/bin/python /scripts/log.py $1 $2 $3***
检查文件
[root@localhost ~]# python /scripts/log.py /var/log/secure /tmp/myseek Failed
1
[root@localhost ~]# python /scripts/log.py /var/log/secure /tmp/myseek Failed
0
[root@localhost ~]# tail -30 /usr/local/etc/zabbix_agentd.conf
[root@localhost ~]# pkill zabbix
[root@localhost ~]# zabbix_agentd

[root@localhost ~]# cd /var/log
[root@localhost log]# ll secure
-rw-------. 1 root root 13739 7月  23 14:53 secure
[root@localhost log]# setfacl -m u:zabbix:r secure
[root@localhost log]# getfacl secure
# file: secure
# owner: root
# group: root
user::rw-
user:zabbix:r--
group::---
mask::r--
other::---

服务端验证

[root@localhost ~]# zabbix_get -s 192.168.175.150 -k check_logs[/var/log/secure,/tmp/logseek,Failed]
1
[root@localhost ~]# zabbix_get -s 192.168.175.150 -k check_logs[/var/log/secure,/tmp/logseek,Failed]
0