[b](一)Cacti[/b]
*** 需要先安装Apache + MySQL + PHP(php-snmp)
(1)安装Net-SNMP
# yum -y install net-snmp
# cp -p /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
# vi /etc/snmp/snmpd.conf
[quote] # sec.name source community
#com2sec notConfigUser default public ←注释掉
com2sec local localhost private ←
com2sec mynetwork 192.168.21.0/24 public ←
# groupName securityModel securityName
#group notConfigGroup v1c notConfigUser ←注释掉
#group notConfigGroup v2c notConfigUser ←注释掉
group MyROGroup v1 local ←
group MyROGroup v2c local ←
group MyROGroup v1 mynetwork ←
group MyROGroup v2c mynetwork ←
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
#view systemview included .1.3.6.1.2.1.1 ←注释掉
#view systemview included .1.3.6.1.2.1.25.1.1 ←注释掉
view all included .1 80 ←
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
#access notConfigGroup "" any noauth exact systemview none none ←注释掉
access MyROGroup "" any noauth exact all none none ←
access MyRWGroup "" any noauth exact all all none ←
# Check the / partition and make sure it contains at least 10 megs.
#disk / 10000
disk / 10000 ←[/quote]
# /etc/init.d/snmpd start
(2)安装RRDtool & cacti
# vi /etc/yum.repos.d/CentOS-Base.repo
[quote] [dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://ftp.riken.jp/Linux/dag/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
enabled=0[/quote]
# wget http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
# rpm --import RPM-GPG-KEY.dag.txt
# yum -y install --enablerepo=dag rrdtool
# yum -y install --enablerepo=dag cacti
(3)设置
创建数据库
# mysql -u root -p
[quote] mysql> create database cacti;
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'your-password-here';
mysql> FLUSH privileges;
mysql> quit;[/quote]
# rpm -ql cacti | grep cacti.sql
/usr/share/doc/cacti-0.8.8b/cacti.sql
# mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.8b/cacti.sql
设置cacti
# vi /etc/cacti/db.php
[quote] $database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "your-password-here";
$database_port = "3306";
$database_ssl = false;[/quote]
设置Apache
# vi /etc/httpd/conf.d/cacti.conf
[quote] Alias /cacti/ /var/www/cacti/
<Directory /var/www/cacti/>
DirectoryIndex index.php
Options -Indexes
AllowOverride all
order deny,allow
deny from all
allow from 127.0.0.1
allow from 192.168.1.0/24 ←
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>[/quote]
# /etc/init.d/httpd restart
设置自动收集数据
# vi /etc/cron.d/cacti
[quote] */5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1[/quote]
(4)确认
http://<youripaddress>/cacti/
第一次需要按照向导设置。
[b](二)Nagios[/b]
被监视机器端
(1)安装nagios-plugins
(2)安装NRPE
[quote]启动nrpe:
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
重启nrpe:
ps aux|grep nrpe
kill $pid
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d[/quote]
服务器端
(1)安装Nagios
(2)安装NRPE
安装完成后,nagios的plugin里应该有一个check_nrpe:/usr/local/nagios/libexec/check_nrpe
(3)设置NRPE
(4)服务器测试被监视服务器NRPE
(5)设置邮件通知
设置邮件内容和发送人地址
设置收件人地址
所有的设置内容可以放入一个新建的文件
(6)使用check_linux_stats.pl监控系统运行参数
被监视机器端的默认nrpe.cfg配置文件中已经定义好了以下监控服务:check_users、check_load、check_hda1、check_zombie_procs、check_total_procs。但是有一些局限性,这里使用check_linux_stats.pl脚本扩展监控。
安装perl
安装Sys::Statistics::Linux
下载脚本
从https://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check_linux_stats/details下载文件check_linux_stats.pl到/usr/local/src。
修改配置
监控服务器端确认
[color=red]被监控端常见的几个错误:[/color]
[quote]CHECK_NRPE: Error - Could not complete SSL handshake.[/quote]
原因:nrpe.cfg里IP限制、5666端口
[quote]NRPE: Unable to read output[/quote]
原因:脚本执行权限
[quote]NRPE: Command 'check_tomcat' not defined[/quote]
原因:nrpe.cfg里没有配置该命令
*** 需要先安装Apache + MySQL + PHP(php-snmp)
(1)安装Net-SNMP
# yum -y install net-snmp
# cp -p /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
# vi /etc/snmp/snmpd.conf
[quote] # sec.name source community
#com2sec notConfigUser default public ←注释掉
com2sec local localhost private ←
com2sec mynetwork 192.168.21.0/24 public ←
# groupName securityModel securityName
#group notConfigGroup v1c notConfigUser ←注释掉
#group notConfigGroup v2c notConfigUser ←注释掉
group MyROGroup v1 local ←
group MyROGroup v2c local ←
group MyROGroup v1 mynetwork ←
group MyROGroup v2c mynetwork ←
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
#view systemview included .1.3.6.1.2.1.1 ←注释掉
#view systemview included .1.3.6.1.2.1.25.1.1 ←注释掉
view all included .1 80 ←
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
#access notConfigGroup "" any noauth exact systemview none none ←注释掉
access MyROGroup "" any noauth exact all none none ←
access MyRWGroup "" any noauth exact all all none ←
# Check the / partition and make sure it contains at least 10 megs.
#disk / 10000
disk / 10000 ←[/quote]
# /etc/init.d/snmpd start
(2)安装RRDtool & cacti
# vi /etc/yum.repos.d/CentOS-Base.repo
[quote] [dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://ftp.riken.jp/Linux/dag/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
enabled=0[/quote]
# wget http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
# rpm --import RPM-GPG-KEY.dag.txt
# yum -y install --enablerepo=dag rrdtool
# yum -y install --enablerepo=dag cacti
(3)设置
创建数据库
# mysql -u root -p
[quote] mysql> create database cacti;
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'your-password-here';
mysql> FLUSH privileges;
mysql> quit;[/quote]
# rpm -ql cacti | grep cacti.sql
/usr/share/doc/cacti-0.8.8b/cacti.sql
# mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.8b/cacti.sql
设置cacti
# vi /etc/cacti/db.php
[quote] $database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "your-password-here";
$database_port = "3306";
$database_ssl = false;[/quote]
设置Apache
# vi /etc/httpd/conf.d/cacti.conf
[quote] Alias /cacti/ /var/www/cacti/
<Directory /var/www/cacti/>
DirectoryIndex index.php
Options -Indexes
AllowOverride all
order deny,allow
deny from all
allow from 127.0.0.1
allow from 192.168.1.0/24 ←
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>[/quote]
# /etc/init.d/httpd restart
设置自动收集数据
# vi /etc/cron.d/cacti
[quote] */5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1[/quote]
(4)确认
http://<youripaddress>/cacti/
第一次需要按照向导设置。
[b](二)Nagios[/b]
被监视机器端
(1)安装nagios-plugins
# yum -y install gcc openssl openssl-devel
# mkdir /usr/local/nagios /usr/local/nagios/bin /usr/local/nagios/libexec /usr/local/nagios/etc
# useradd -d /usr/local/nagios/ -M nagios
# cd /usr/local/src
# wget http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz
# tar zxvf nagios-plugins-2.0.3.tar.gz
# cd nagios-plugins-2.0.3
# ./configure --prefix=/usr/local/nagios --with-nagios-user=nagios --with-nagios-group=nagios
# make
# make install
(2)安装NRPE
# cd /usr/local/src
# wget --no-check-certificate https://jaist.dl.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
# tar zxvf nrpe-2.15.tar.gz
# cd nrpe-2.15
# ./configure
# make all
# make install
# cp -p init-script /etc/rc.d/init.d/nrpe
# chmod 755 /etc/rc.d/init.d/nrpe
# chown nagios:nagios /usr/local/nagios/etc
# cp -p sample-config/nrpe.cfg /usr/local/nagios/etc/
# vim /usr/local/nagios/etc/nrpe.cfg
allowed_hosts=127.0.0.1,<Nagios服务器IP>
# /etc/init.d/nrpe start
# netstat -nlp | grep 5666
[quote]启动nrpe:
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
重启nrpe:
ps aux|grep nrpe
kill $pid
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d[/quote]
服务器端
(1)安装Nagios
# yum -y install gd-devel
# useradd -d /usr/local/nagios/ -M nagios
# cd /usr/local/src
# wget http://jaist.dl.sourceforge.net/sourceforge/nagios/nagios-4.0.8.tar.gz -O nagios-4.0.8.tar.gz
# tar zxvf nagios-4.0.8.tar.gz
# cd nagios-4.0.8
# ./configure && make all && make fullinstall && make install-config
(2)安装NRPE
# cd /usr/local/src
# wget http://cznic.dl.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
# tar zxvf nrpe-2.15.tar.gz
# cd nrpe-2.15
# ./configure
# make all
# make install
安装完成后,nagios的plugin里应该有一个check_nrpe:/usr/local/nagios/libexec/check_nrpe
(3)设置NRPE
# vi /usr/local/nagios/etc/objects/commands.cfg
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
# vi /usr/local/nagios/etc/objects/localhost.cfg
define host{
use linux-server ; Name of host template to use
host_name Web_Server_A
alias Web_Server_A
address 192.168.1.100
}
define hostgroup{
hostgroup_name linux-servers ; The name of the hostgroup
alias Linux Servers ; Long name of the group
members Nagios_Server,Web_Server_A ; Comma separated list of hosts that belong to this group
}
# vi /usr/local/nagios/etc/objects/services.cfg
define service{
use generic-service
host_name Web_Server_A
service_description load
check_command check_nrpe!check_load
notifications_enabled 1
}
(4)服务器测试被监视服务器NRPE
# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.100
NRPE v2.15
# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.100 -c check_load
OK - load average: 0.02, 0.01, 0.00|load1=0.020;15.000;30.000;0; load5=0.010;10.000;25.000;0; load15=0.000;5.000;20.000;0;
(5)设置邮件通知
设置邮件内容和发送人地址
# vi /usr/local/nagios/etc/objects/commands.cfg
define command{
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/local/bin/sendEmail -f rensanning@gmail.com -t $CONTACTEMAIL$ -s mail.gmail.com -u "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **"
}
define command{
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$ \nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/local/bin/sendEmail -f rensanning@gmail.com -t $CONTACTEMAIL$ -s mail.gmail.com -u "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **"
}
设置收件人地址
# vi /usr/local/nagios/etc/objects/contacts.cfg
define contact{
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email rensanning@gmail.com ←管理员邮件地址
}
# service nagios restart
所有的设置内容可以放入一个新建的文件
# vi /usr/local/nagios/etc/objects/mysetting.cfg
# vi /usr/local/nagios/etc/nagios.cfg
cfg_file=/usr/local/nagios/etc/objects/mysetting.cfg
(6)使用check_linux_stats.pl监控系统运行参数
被监视机器端的默认nrpe.cfg配置文件中已经定义好了以下监控服务:check_users、check_load、check_hda1、check_zombie_procs、check_total_procs。但是有一些局限性,这里使用check_linux_stats.pl脚本扩展监控。
安装perl
# yum install -y perl-devel
安装Sys::Statistics::Linux
# cd /usr/local/src
# wget http://search.cpan.org/CPAN/authors/id/B/BL/BLOONIX/Sys-Statistics-Linux-0.66.tar.gz
# tar -zxvf Sys-Statistics-Linux-0.66.tar.gz
# cd Sys-Statistics-Linux-0.66
# perl Makefile.PL
# make
# make install
下载脚本
从https://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check_linux_stats/details下载文件check_linux_stats.pl到/usr/local/src。
# cd /usr/local/src
# cp check_linux_stats.pl /usr/local/nagios/libexec/check_linux_stats.pl
# chown nagios:nagiso /usr/local/nagios/libexec/check_linux_stats.pl
# chmod 755 /usr/local/nagios/libexec/check_linux_stats.pl
# vi /etc/sudoers
nagios ALL=(ALL) NOPASSWD:/usr/local/nagios/libexec/check_linux_stats.pl
修改配置
# vi /usr/local/nagios/etc/nrpe.cfg
command[check_cpu]=/usr/local/nagios/libexec/check_linux_stats.pl -C -w 90 -c 95 -s 5
command[check_disk]=/usr/local/nagios/libexec/check_linux_stats.pl -D -w 20 -c 10 -u % -p /
command[check_load]=/usr/local/nagios/libexec/check_linux_stats.pl -L -w 10,8,5 -c 20,18,15
command[check_memory]=/usr/local/nagios/libexec/check_linux_stats.pl -M -w 90 -c 95
command[check_nginx]=/usr/local/nagios/libexec/check_linux_stats.pl -T -w 200000000 -c 300000000 -p /usr/local/nginx/logs/nginx.pid
command[check_tomcat]=sudo /usr/local/nagios/libexec/check_linux_stats.pl -T -w 5000000000 -c 7000000000 -p /var/run/tomcat.pid
# /etc/init.d/nrpe restart
监控服务器端确认
# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.100 -c check_disk
[color=red]被监控端常见的几个错误:[/color]
[quote]CHECK_NRPE: Error - Could not complete SSL handshake.[/quote]
原因:nrpe.cfg里IP限制、5666端口
[quote]NRPE: Unable to read output[/quote]
原因:脚本执行权限
[quote]NRPE: Command 'check_tomcat' not defined[/quote]
原因:nrpe.cfg里没有配置该命令