*** 需要先安装Apache + MySQL + PHP(php-snmp)
(1)安装Net-SNMP
# yum -y install net-snmp
# cp -p /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
# vi /etc/snmp/snmpd.conf
引用
# sec.name source community
#com2sec notConfigUser default public ←注释掉
com2sec local localhost private ←
com2sec mynetwork 192.168.21.0/24 public ←
# groupName securityModel securityName
#group notConfigGroup v1c notConfigUser ←注释掉
#group notConfigGroup v2c notConfigUser ←注释掉
group MyROGroup v1 local ←
group MyROGroup v2c local ←
group MyROGroup v1 mynetwork ←
group MyROGroup v2c mynetwork ←
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
#view systemview included .1.3.6.1.2.1.1 ←注释掉
#view systemview included .1.3.6.1.2.1.25.1.1 ←注释掉
view all included .1 80 ←
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
#access notConfigGroup "" any noauth exact systemview none none ←注释掉
access MyROGroup "" any noauth exact all none none ←
access MyRWGroup "" any noauth exact all all none ←
# Check the / partition and make sure it contains at least 10 megs.
#disk / 10000
disk / 10000 ←
#com2sec notConfigUser default public ←注释掉
com2sec local localhost private ←
com2sec mynetwork 192.168.21.0/24 public ←
# groupName securityModel securityName
#group notConfigGroup v1c notConfigUser ←注释掉
#group notConfigGroup v2c notConfigUser ←注释掉
group MyROGroup v1 local ←
group MyROGroup v2c local ←
group MyROGroup v1 mynetwork ←
group MyROGroup v2c mynetwork ←
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
#view systemview included .1.3.6.1.2.1.1 ←注释掉
#view systemview included .1.3.6.1.2.1.25.1.1 ←注释掉
view all included .1 80 ←
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
#access notConfigGroup "" any noauth exact systemview none none ←注释掉
access MyROGroup "" any noauth exact all none none ←
access MyRWGroup "" any noauth exact all all none ←
# Check the / partition and make sure it contains at least 10 megs.
#disk / 10000
disk / 10000 ←
# /etc/init.d/snmpd start
(2)安装RRDtool & cacti
# vi /etc/yum.repos.d/CentOS-Base.repo
引用
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://ftp.riken.jp/Linux/dag/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
enabled=0
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://ftp.riken.jp/Linux/dag/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
enabled=0
# wget http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
# rpm --import RPM-GPG-KEY.dag.txt
# yum -y install --enablerepo=dag rrdtool
# yum -y install --enablerepo=dag cacti
(3)设置
创建数据库
# mysql -u root -p
引用
mysql> create database cacti;
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'your-password-here';
mysql> FLUSH privileges;
mysql> quit;
mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'your-password-here';
mysql> FLUSH privileges;
mysql> quit;
# rpm -ql cacti | grep cacti.sql
/usr/share/doc/cacti-0.8.8b/cacti.sql
# mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.8b/cacti.sql
设置cacti
# vi /etc/cacti/db.php
引用
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "your-password-here";
$database_port = "3306";
$database_ssl = false;
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "your-password-here";
$database_port = "3306";
$database_ssl = false;
设置Apache
# vi /etc/httpd/conf.d/cacti.conf
引用
Alias /cacti/ /var/www/cacti/
DirectoryIndex index.php
Options -Indexes
AllowOverride all
order deny,allow
deny from all
allow from 127.0.0.1
allow from 192.168.1.0/24 ←
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc on
php_flag track_vars on
DirectoryIndex index.php
Options -Indexes
AllowOverride all
order deny,allow
deny from all
allow from 127.0.0.1
allow from 192.168.1.0/24 ←
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc on
php_flag track_vars on
# /etc/init.d/httpd restart
设置自动收集数据
# vi /etc/cron.d/cacti
引用
*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1
(4)确认
http://
第一次需要按照向导设置。
(二)Nagios
被监视机器端
(1)安装nagios-plugins
# yum -y install gcc openssl openssl-devel # mkdir /usr/local/nagios /usr/local/nagios/bin /usr/local/nagios/libexec /usr/local/nagios/etc # useradd -d /usr/local/nagios/ -M nagios # cd /usr/local/src # wget http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz # tar zxvf nagios-plugins-2.0.3.tar.gz # cd nagios-plugins-2.0.3 # ./configure --prefix=/usr/local/nagios --with-nagios-user=nagios --with-nagios-group=nagios # make # make install
(2)安装NRPE
# cd /usr/local/src # wget --no-check-certificate https://jaist.dl.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz # tar zxvf nrpe-2.15.tar.gz # cd nrpe-2.15 # ./configure # make all # make install # cp -p init-script /etc/rc.d/init.d/nrpe # chmod 755 /etc/rc.d/init.d/nrpe # chown nagios:nagios /usr/local/nagios/etc # cp -p sample-config/nrpe.cfg /usr/local/nagios/etc/ # vim /usr/local/nagios/etc/nrpe.cfg allowed_hosts=127.0.0.1,# /etc/init.d/nrpe start # netstat -nlp | grep 5666
引用
启动nrpe:
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
重启nrpe:
ps aux|grep nrpe
kill $pid
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
重启nrpe:
ps aux|grep nrpe
kill $pid
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
服务器端
(1)安装Nagios
# yum -y install gd-devel # useradd -d /usr/local/nagios/ -M nagios # cd /usr/local/src # wget http://jaist.dl.sourceforge.net/sourceforge/nagios/nagios-4.0.8.tar.gz -O nagios-4.0.8.tar.gz # tar zxvf nagios-4.0.8.tar.gz # cd nagios-4.0.8 # ./configure && make all && make fullinstall && make install-config
(2)安装NRPE
# cd /usr/local/src # wget http://cznic.dl.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz # tar zxvf nrpe-2.15.tar.gz # cd nrpe-2.15 # ./configure # make all # make install
安装完成后,nagios的plugin里应该有一个check_nrpe:/usr/local/nagios/libexec/check_nrpe
(3)设置NRPE
# vi /usr/local/nagios/etc/objects/commands.cfg define command{ command_name check_nrpe command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ } # vi /usr/local/nagios/etc/objects/localhost.cfg define host{ use linux-server ; Name of host template to use host_name Web_Server_A alias Web_Server_A address 192.168.1.100 } define hostgroup{ hostgroup_name linux-servers ; The name of the hostgroup alias Linux Servers ; Long name of the group members Nagios_Server,Web_Server_A ; Comma separated list of hosts that belong to this group } # vi /usr/local/nagios/etc/objects/services.cfg define service{ use generic-service host_name Web_Server_A service_description load check_command check_nrpe!check_load notifications_enabled 1 }
(4)服务器测试被监视服务器NRPE
# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.100 NRPE v2.15 # /usr/local/nagios/libexec/check_nrpe -H 192.168.1.100 -c check_load OK - load average: 0.02, 0.01, 0.00|load1=0.020;15.000;30.000;0; load5=0.010;10.000;25.000;0; load15=0.000;5.000;20.000;0;
(5)设置邮件通知
设置邮件内容和发送人地址
# vi /usr/local/nagios/etc/objects/commands.cfg define command{ command_name notify-host-by-email command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/local/bin/sendEmail -f [email protected] -t $CONTACTEMAIL$ -s mail.gmail.com -u "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" } define command{ command_name notify-service-by-email command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$ \nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/local/bin/sendEmail -f [email protected] -t $CONTACTEMAIL$ -s mail.gmail.com -u "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" }
设置收件人地址
# vi /usr/local/nagios/etc/objects/contacts.cfg define contact{ contact_name nagiosadmin ; Short name of user use generic-contact ; Inherit default values from generic-contact template (defined above) alias Nagios Admin ; Full name of user email [email protected] ←管理员邮件地址 } # service nagios restart
所有的设置内容可以放入一个新建的文件
# vi /usr/local/nagios/etc/objects/mysetting.cfg # vi /usr/local/nagios/etc/nagios.cfg cfg_file=/usr/local/nagios/etc/objects/mysetting.cfg
(6)使用check_linux_stats.pl监控系统运行参数
被监视机器端的默认nrpe.cfg配置文件中已经定义好了以下监控服务:check_users、check_load、check_hda1、check_zombie_procs、check_total_procs。但是有一些局限性,这里使用check_linux_stats.pl脚本扩展监控。
安装perl
# yum install -y perl-devel
安装Sys::Statistics::Linux
# cd /usr/local/src # wget http://search.cpan.org/CPAN/authors/id/B/BL/BLOONIX/Sys-Statistics-Linux-0.66.tar.gz # tar -zxvf Sys-Statistics-Linux-0.66.tar.gz # cd Sys-Statistics-Linux-0.66 # perl Makefile.PL # make # make install
下载脚本
从https://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check_linux_stats/details下载文件check_linux_stats.pl到/usr/local/src。
# cd /usr/local/src # cp check_linux_stats.pl /usr/local/nagios/libexec/check_linux_stats.pl # chown nagios:nagiso /usr/local/nagios/libexec/check_linux_stats.pl # chmod 755 /usr/local/nagios/libexec/check_linux_stats.pl # vi /etc/sudoers nagios ALL=(ALL) NOPASSWD:/usr/local/nagios/libexec/check_linux_stats.pl
修改配置
# vi /usr/local/nagios/etc/nrpe.cfg command[check_cpu]=/usr/local/nagios/libexec/check_linux_stats.pl -C -w 90 -c 95 -s 5 command[check_disk]=/usr/local/nagios/libexec/check_linux_stats.pl -D -w 20 -c 10 -u % -p / command[check_load]=/usr/local/nagios/libexec/check_linux_stats.pl -L -w 10,8,5 -c 20,18,15 command[check_memory]=/usr/local/nagios/libexec/check_linux_stats.pl -M -w 90 -c 95 command[check_nginx]=/usr/local/nagios/libexec/check_linux_stats.pl -T -w 200000000 -c 300000000 -p /usr/local/nginx/logs/nginx.pid command[check_tomcat]=sudo /usr/local/nagios/libexec/check_linux_stats.pl -T -w 5000000000 -c 7000000000 -p /var/run/tomcat.pid # /etc/init.d/nrpe restart
监控服务器端确认
# /usr/local/nagios/libexec/check_nrpe -H 192.168.1.100 -c check_disk
被监控端常见的几个错误:
引用
CHECK_NRPE: Error - Could not complete SSL handshake.
原因:nrpe.cfg里IP限制、5666端口
引用
NRPE: Unable to read output
原因:脚本执行权限
引用
NRPE: Command 'check_tomcat' not defined
原因:nrpe.cfg里没有配置该命令