一、配置邮件告警、微信告警和钉钉告警:
1、配置邮件告警:
(1)定义发件人:
Administration --> Media types --> Email --> Media type --> Update
(2)定义收件人:
Administration --> Users --> Admin --> Media --> Add --> Update
(3)定义动作:
Configuration --> Actions --> Create action --> Add
备注:自定义告警内容
https://www.zabbix.com/documentation/4.0/zh/manual/appendix/macros/supported_by_location
2、配置微信告警:
(1)注册企业微信:https://work.weixin.qq.com/
(2)微信扫码登录:
我的企业 --> 微工作台 --> 邀请关注(使用微信扫描二维码直接关注)
应用管理 --> 应用 --> 自建 --> 创建Zabbix微信告警应用
我的企业 --> 企业信息 --> 企业ID
通讯录:
(3)编写微信告警脚本:
# grep ^AlertScriptsPath /etc/zabbix/zabbix_server.conf
# cd /usr/lib/zabbix/alertscripts
# vim wechat.py
#!/usr/bin/env python
#-*- coding: utf-8 -*-
#comment: Zabbix微信告警脚本
import requests
import sys
import os
import json
import logging
logging.basicConfig(level=logging.DEBUG, format='%(asctime)s, %(filename)s, %(levelname)s, %(message)s',datefmt='%a, %d %b %Y %H:%M:%S',filename=os.path.join('/tmp','wechat.log'),filemode='a')
corpid='XXXXXXXX'
appsecret='XXXXXXXX'
agentid='XXXXXXXX'
#获取accesstoken
token_url='https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=' + corpid + '&corpsecret=' + appsecret
req=requests.get(token_url)
accesstoken=req.json()['access_token']
#发送消息
msgsend_url='https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=' + accesstoken
touser=sys.argv[1]
subject=sys.argv[2]
message=sys.argv[2] + "\n\n" +sys.argv[3]
params={
"touser": touser,
"msgtype": "text",
"agentid": agentid,
"text": {
"content": message
},
"safe":0
}
req=requests.post(msgsend_url, data=json.dumps(params))
logging.info('sendto:' + touser + ';;subject:' + subject + ';;message:' + message)
# chmod +x wechat.py
备注:上述脚本中的XXXXXXXX需要按照实际情况替换
(4)执行wechat.py脚本前的准备工作:
a、配置epel源:# yum -y install epel-release
b、安装python2-pip软件包:
# python --version
# yum -y install python2-pip
c、修改pip源为阿里云镜像源:
# mkdir -pv ~/.pip
# vim ~/.pip/pip.conf
[global]
index-url = http://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host = mirrors.aliyun.com
d、升级pip软件包:
# pip -V
# pip install --upgrade pip
# pip -V
e、安装Python的requests模块:# pip install requests
f、创建日志文件,并修改其属主属组:
# touch /tmp/wechat.log
# chown zabbix.zabbix /tmp/wechat.log
(5)测试wechat.py脚本:
# /usr/lib/zabbix/alertscripts/wechat.py 'XXXX' '主题:test' '内容:wechat alert'
(6)媒介中新增微信告警:
Administration --> Media types --> Create media type --> Media type --> Add
需要3个参数:{ALERT.SENDTO}、{ALERT.SUBJECT}、{ALERT.MESSAGE}
(7)对应用户中设置报警媒介:
Administration --> Users --> Admin --> Media --> Add --> Update
(8)定义动作:
Configuration --> Actions --> Email --> Clone --> Add
3、配置钉钉告警:
(1)需要服务器公网出口IP
(2)注册企业钉钉:https://oa.dingtalk.com/
(3)钉钉扫码,输入管理密码后登录:
通讯录 --> 内部通讯录管理 --> 部门人员 --> 邀请成员加入(使用钉钉扫描二维码申请加入)
工作台 --> 应用管理 --> 自建应用 --> 创建Zabbix钉钉告警应用
钉钉开放平台:https://open-dev.dingtalk.com/
(4)编写钉钉告警脚本:
# cd /usr/lib/zabbix/alertscripts
# vim dingtalk.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
import json,urllib2,sys
appkey = 'XXXXXXXX'
appsecret = 'XXXXXXXX'
agentid = 'XXXXXXXX'
touser = sys.argv[1]
content = sys.argv[2]
tockenurl = 'https://oapi.dingtalk.com/gettoken?corpid=' + appkey + "&corpsecret=" + appsecret
tockenresponse = urllib2.urlopen(tockenurl)
tockenresult = json.loads(tockenresponse.read().decode('utf-8'))
tocken = tockenresult['access_token']
sendurl = 'https://oapi.dingtalk.com/message/send?access_token=' + tocken
headers = {
'Content-Type':'application/json'
}
main_content = {
"touser": touser,
"toparty": "",
"agentid": agentid,
"msgtype": "text",
"text": {
"content": content
}
}
main_content = json.dumps(main_content)
req = urllib2.Request(sendurl,headers=headers)
response = urllib2.urlopen(req, main_content.encode('utf8'))
print(response.read().decode('utf-8'))
# chmod +x dingtalk.py
备注:上述脚本中的XXXXXXXX需要按照实际情况替换
(5)测试dingtalk.py脚本:
# /usr/lib/zabbix/alertscripts/dingtalk.py 'XXXX' 'zabbix alert test'
(6)媒介中新增钉钉告警:
Administration --> Media types --> Create media type --> Media type --> Add
需要2个参数:{ALERT.SENDTO}、{ALERT.MESSAGE}
(7)对应用户中设置报警媒介:
Administration --> Users --> Admin --> Media --> Add --> Update
(8)定义动作:
Configuration --> Actions --> Email --> Clone --> Add
4、告警测试:
(1)停止node-122节点上的vsftpd:# systemctl stop vsftpd
查看Action log:Reports --> Action log
(2)启动node-122节点上的vsftpd:# systemctl start vsftpd
查看Action log:Reports --> Action log