获取操作系统Centos源更新
修改更新源
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
yum update
yum -y install gcc gcc-c++ bison patch unzip mlocate flex wget automake autoconf gd cpp gettext readline-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel libidn libidn-devel openldap openldap-devel openldap-clients openldap-servers nss_ldap expat-devel libtool libtool-ltdl-devel
如果系统默认安装了apache,请先卸载.执行:
yum remove httpd
下载最新稳定版的程序源码包,以下都是到官方网站或sourceforge下载的源码包.
wget http://dev.mysql.com/get/Downloads/MySQL-5.1/mysql-5.1.45.tar.gz/from/http://mysql.he.net/
wget http://www.apache.org/dist/httpd/httpd-2.2.15.tar.gz
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.bz2/download
wget http://sourceforge.net/projects/mcrypt/files/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz/download
wget http://sourceforge.net/projects/mhash/files/mhash/0.9.9.9/mhash-0.9.9.9.tar.bz2/download
wget http://www.php.net/get/php-5.2.13.tar.gz/from/this/mirror
wget http://php-fpm.org/downloads/php-5.2.13-fpm-0.5.13.diff.gz
wget http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/php5-mail-header.patch
wget http://pecl.php.net/get/memcache-2.2.5.tgz
wget http://bart.eaccelerator.net/source/0.9.6/eaccelerator-0.9.6.tar.bz2
wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz
wget http://pecl.php.net/get/imagick-2.3.0.tgz
wget http://download.suhosin.org/suhosin-0.9.29.tgz
wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
wget http://downloads.zend.com/optimizer/3.3.9/ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
wget http://monkey.org/~provos/libevent-1.4.13-stable.tar.gz
wget http://memcached.googlecode.com/files/memcached-1.4.4.tar.gz
一.安装Mysql.安装最新稳定版5.1.44版本
tar -zxf mysql-5.1.44.tar.gz
cd mysql-5.1.44
./configure --prefix=/usr/local/mysql --enable-assembler --enable-thread-safe-client --with-extra-charsets=all --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=partition,innodb_plugin,myisam,myisammrg
make && make install
cd ../
groupadd mysql -g 27
useradd mysql -u 27 -g 27 -c "MySQL Server" -d /var/lib/mysql -M
cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
/usr/local/mysql/bin/mysql_install_db --user=mysql
chown -R mysql /usr/local/mysql/var
chgrp -R mysql /usr/local/mysql/.
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/mysql
chmod u+x /etc/init.d/mysql
chkconfig --level 345 mysql on
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
echo "/usr/local/lib" >>/etc/ld.so.conf
ldconfig
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
ln -s /usr/local/mysql/bin/mysql_config /usr/bin/mysql_config
service mysql start
/usr/local/mysql/bin/mysqladmin -u root password root
service mysql restart
service mysql stop
二.编译安装apache(httpd).apache的执行用户为httpd.
groupadd httpd
useradd -g httpd -s /sbin/nologin -M httpd
cd /usr/local/src
tar zxvf httpd-2.2.8.tar.gz
cd httpd-2.2.8
./configure --prefix=/usr/local/apache --enable-headers --enable-mime-magic --enable-proxy --enable-rewrite --enable-ssl --enable-suexec --disable-userdir --with-included-apr --with-mpm=prefork --with-ssl=/usr --with-suexec-caller=nobody --with-suexec-docroot=/ --with-suexec-gidmin=100 --with-suexec-logfile=/usr/local/apache/logs/suexec_log --with-suexec-uidmin=100 --with-suexec-userdir=public_html
make
make install
mkdir /usr/local/apache/domlogs
cp /usr/local/apache/bin/apachectl /etc/init.d/httpd
1.编辑/etc/init.d/httpd,在首行#!/bin/sh下添加:
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config: /usr/local/apache/conf/httpd.conf
ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
ulimit -n 32768
ulimit -n 65535
保存退出.
2.配置apache配置参数文件httpd.conf,位于/usr/local/apache/conf/目录
cd /usr/local/apache/conf/
mv httpd.conf httpd.conf.bak
mkdir vhosts
vi httpd.conf
输入以下内容:
PidFile logs/httpd.pid
LockFile logs/accept.lock
ServerRoot "/usr/local/apache"
Listen 0.0.0.0:80
User httpd
Group httpd
ServerAdmin [email protected]
ServerName nagios.gviva.com
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
TraceEnable Off
ServerTokens ProductOnly
FileETag None
ServerSignature Off
HostnameLookups Off
# LoadModule perl_module modules/mod_perl.so
DocumentRoot "/usr/local/apache/htdocs"
<Directory "/">
Options ExecCGI FollowSymLinks Includes IncludesNOEXEC -Indexes -MultiViews SymLinksIfOwnerMatch
Order allow,deny
Allow from all
AllowOverride All
</Directory>
<Directory "/usr/local/apache/htdocs">
Options Includes -Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
RewriteEngine on
AddType text/html .shtml
AddHandler cgi-script .cgi .pl .plx .ppl .perl
AddHandler server-parsed .shtml
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/perl .pl .plx .ppl .perl
AddType application/x-img .img
AddType application/x-httpd-php .php .php3 .php4 .php5 .php6
AddType application/x-httpd-php-source .phps
AddType application/cgi .cgi
AddType text/x-sql .sql
AddType text/x-log .log
AddType text/x-config .cnf conf
AddType text/x-registry .reg
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType application/x-tar .tgz
AddType application/rar .rar
AddType application/x-compressed .rar
AddType application/x-rar .rar
AddType application/x-rar-compressed .rar
AddType text/vnd.wap.wml .wml
AddType image/vnd.wap.wbmp .wbmp
AddType text/vnd.wap.wmlscript .wmls
AddType application/vnd.wap.wmlc .wmlc
AddType application/vnd.wap.wmlscriptc .wmlsc
</IfModule>
<IfModule dir_module>
DirectoryIndex index.html index.htm index.shtml index.php index.perl index.pl index.cgi
</IfModule>
<Files ~ "^error_log$">
Order allow,deny
Deny from all
Satisfy All
</Files>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<IfModule mpm_prefork_module>
StartServers 3
MinSpareServers 3
MaxSpareServers 5
MaxClients 150
MaxRequestsPerChild 1024
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(html|htm|shtml)$">
Header set Cache-Control "max-age=3600, must-revalidate"
</FilesMatch>
</IfModule>
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
Include conf/extra/httpd-languages.conf
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
ExtendedStatus On
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
<IfModule ssl_module>
Listen 0.0.0.0:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
#Vhosts
NameVirtualHost 127.0.0.1:80
NameVirtualHost *
<VirtualHost 127.0.0.1:80 *>
ServerName host.evlit.com
DocumentRoot /var/www/html
ServerAdmin [email protected]
</VirtualHost>
Include conf/vhosts/*上述出现的127.0.0.1请改为你本机公网IP.
配置apache
将下面的内容加入apache配置文件的alias模块<IfModule alias_module>
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
安装服务并开机启动
chmod 755 /etc/init.d/httpd
chkconfig --add httpd
chkconfig --level 345 httpd on
service httpd start
三.编译安装php(mod_php)
1.编译安装相关支持库
tar -zxf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1/
./configure
make
make install
cd ../
tar -jxf libmcrypt-2.5.8.tar.bz2
cd libmcrypt-2.5.8/
./configure
make
make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
cd ../
tar -jxf mhash-0.9.9.9.tar.bz2
cd mhash-0.9.9.9/
./configure
make
make install
ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
cd ../
tar -zxf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8/
/sbin/ldconfig
./configure
make
make install
2.编译php,这里我们为php打入补丁.有助于防止邮件发送被滥用(多用户)以及在邮件中提供有价值的信息.
补丁介绍信息请点击:http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/
tar -zxf php-5.2.13.tar.gz
patch -d php-5.2.13 -p1 < php5-mail-header.patch
cd php-5.2.13
./configure --prefix=/usr/local --with-config-file-path=/etc --with-apxs2=/usr/local/apache/bin/apxs --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-magic-quotes --enable-mbstring --enable-pdo=shared --enable-soap --enable-sockets --enable-zip --with-bz2 --with-curl --with-curlwrappers --with-freetype-dir --with-gd --with-gettext --with-jpeg-dir --with-kerberos --with-libexpat-dir=/usr --with-libxml-dir=/usr --with-mcrypt=/usr --with-mhash=/usr --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=/usr/bin/mysql_config --with-openssl=/usr --with-openssl-dir=/usr --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-png-dir=/usr --with-sqlite=shared --with-ttf --with-xmlrpc --with-zlib -with-zlib-dir=/usr --enable-pcntl
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-dist /etc/php.ini
cd ../
3.安装php扩展模块
tar -zxf memcache-2.2.5.tgz
cd memcache-2.2.5/
phpize
./configure --with-php-config=/usr/local/bin/php-config --with-zlib-dir --enable-memcache
make
make install
cd ../
tar -jxf eaccelerator-0.9.6.tar.bz2
cd eaccelerator-0.9.6/
phpize
./configure --enable-eaccelerator=shared --with-php-config=/usr/local/bin/php-config
make
make install
mkdir -p /tmp/eaccelerator
chmod 777 /tmp/eaccelerator
echo "mkdir -p /tmp/eaccelerator" >> /etc/rc.local
echo "chmod 777 /tmp/eaccelerator" >> /etc/rc.local
cd ../
tar -zxf ImageMagick.tar.gz
cd ImageMagick-*
./configure
make
make install
cd ../
tar -zxf imagick-2.3.0.tgz
cd imagick-2.3.0/
phpize
./configure --with-php-config=/usr/local/bin/php-config
make
make install
cd ../
tar -zxf suhosin-0.9.29.tgz
cd suhosin-0.9.29
phpize
./configure
make
make install
cd ../
tar -zxf ioncube_loaders_lin_x86.tar.gz
cd ioncube
mkdir /usr/local/ioncube
mv ioncube_loader_lin_5.2.so /usr/local/ioncube/
cd /usr/local/src
tar -zxf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz
mkdir -p /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x
cp ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
3.1.修改php.ini.
查找/etc/php.ini中的extension_dir = "./".将其修改为extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613/"
查找;include_path = ".:/php/includes",删除前面的分号,并修改为include_path = ".:/usr/lib/php:/usr/local/lib/php"
跳到最后一行,然后添加以下内容:
extension = "memcache.so"
extension = "pdo.so"
extension = "pdo_mysql.so"
extension = "pdo_sqlite.so"
extension = "sqlite.so"
extension = "eaccelerator.so"
eaccelerator.shm_size = 32
eaccelerator.cache_dir = "/tmp/eaccelerator"
eaccelerator.enable = 1
eaccelerator.optimizer = 0
eaccelerator.debug = 0
eaccelerator.name_space = ""
eaccelerator.check_mtime = 1
eaccelerator.filter = ""
eaccelerator.shm_max = 0
eaccelerator.shm_ttl = 7200
eaccelerator.shm_prune_period = 7200
eaccelerator.shm_only = 1
eaccelerator.compress = 0
eaccelerator.compress_level = 9
eaccelerator.keys = shm
eaccelerator.sessions = shm
eaccelerator.content = shm
zend_extension = "/usr/local/ioncube/ioncube_loader_lin_5.2.so"
zend_extension = "/usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so"
4,安装Memcached(可选)
cd /usr/local/src
tar -xzf libevent-1.4.13-stable.tar.gz
cd libevent-1.4.13-stable
./configure
make
make install
ln -s /usr/local/lib/libevent-1.4.so.2 /usr/lib
cd ../
tar -xzf memcached-1.4.4.tar.gz
cd memcached-1.4.4
./configure --with-libevent=/usr
make
make install
基本使用方法:
启动:/usr/local/bin/memcached -d -m 64 -p 11211 -u nobody -l localhost
关闭:killall -9 memcached
以下内容为安装Nagios3.2.3:
下载Nagios3.2.3,Nagios-plugins1.4.15,nrpe2.12,nsclient++
http://www.nagios.org/download/wgethttp://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.2.3.tar.gz
wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz
Nagios3.2.3,Nagios-plugins1.4.15,nrpe2.12安装在监控服务器上。
去http://www.nagios.org/download/addons/下载nrpe和nsclient++插件。
nrpe2.12安装在Linux/Unix被监控端。
nsclient++安装在Windows被监控端。
创建帐号及组
创建帐号
useradd -m nagios
passwd nagios
加入Nginx用户组
/usr/sbin/usermod -a -G httpd nagios
httpd 为运行Nginx的帐号。
安装nagios
tar xvf nagios-cn-3.2.3.tar.bz2
cd nagios-cn-3.2.3
./configure --with-command-group=httpd --prefix=/usr/local/nagios --with-gd-lib=/usr --with-gd-inc=/usr
make all
使用make install来安装主程序,CGI和HTML文件
make install
使用make install-init在/etc/rc.d/init.d安装启动脚本
make install-init
使用make install-cofig来安装示例配置文件,安装的路径是/usr/local/nagios/etc.
make install-config
使用make install-commandmode来配置目录权限
make install-commandmode
nagios目录功能的简要说明:
bin Nagios执行程序所在目录,nagios文件即为主程序
etc Nagios配置文件位置
sbin Nagios Cgi文件所在目录,也就是执行外部命令所需文件所在的目录
Share Nagios网页文件所在的目录
var Nagios日志文件、spid 等文件所在的目录
var/archives 日志归档目录
var/rw 用来存放外部命令文件
创建Nginx目录验证文件
需要使用有apache服务器创建密码文件
/usr/local/apache/bin/htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
New password: (输入密码)
Re-type new password: (再输入一次密码)
Adding password for user nagiosadmin
当然也可以使用perl 创建密码文件 新建 一个 pw.pl 文件 其内容:
#!/usr/bin/perl
use strict;
my $pw=$ARGV[0] ;
print crypt($pw,$pw)."\n";
然后执行 chmod +x pw.pl
./pw.pl password
papAq5PwY/QQM
papAq5PwY/QQM 就是password 的crypt()密码
然后 将上面用 perl 生成的 加密后的密码
按照
用户名:密码
的格式写到 htpasswd 文件中
这样既完成了设置
配置nagios配置文件
vi /usr/local/nagios/etc/objects/contacts.cfg
将里面的email地址改为自己的email地址。
cd ../
安装Nagios插件
tar xzvf nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15
./configure --with-nagios-user=nagios --with-nagios-group=httpd
make
make install
安装nagios-snmp-plugins
nagios-snmp-plugins是一套用Perl编写的通过SNMP方式监控主机的插件程序。
wget http://nagios.manubulon.com/nagios-snmp-plugins.1.1.1.tgz
tar xzf nagios-snmp-plugins.1.1.1.tgz
cd nagios_plugins
配置check_snmp_int.pl这些插件的使用时需要配置cpan,CPAN是Comprehensive Perl Archive Network的缩写.。它是一个巨大的Perl软件收藏库,收集了大量有用的Perl模块(modules)及其相关的文件。这里主要是使用Perl-Net-SNMP模块。有两种方式安装:
A)通过CPAN来安装
#perl -MCPAN -e shell
cpan> install Net::SNMP
B) 手工安装
首先去官方网站www.cpan.org下载以下几个模块
Crypt::DES
Digest::MD5
Digest::SHA1
Digest::HMAC
Net::SNMP
下载后对于每个模块依次按照下面的方式安装
tar zxf <module>.tar.gz <module>表示模块名,具体请按上面提到的模块替换
cd <module> <module>表示模块名,具体请按上面提到的模块替换
perl Makefile.pl
make test
make install
注意:Net::SNMP模块必须在最后安装。至此Net::SNMP手动安装完毕
./install.sh
执行nagios-snmp-plugins安装脚本,执行之后会将插件命令安装到/usr/local/nagios/libexec下
启动Nagios
配置机器启动时自动启动Nagios
chkconfig --add nagios
chkconfig nagios on
检查Nagios配置文件
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
启动Nagios
service nagios start
2).如果开启防火墙,应该允许访问apache(一般为80端口)并允许nagios去抓取被监控机信息(一般nrpe为5666端口)。
访问Nagios服务器
http://localhost/
输入用户名及密码登录。
安装nrpe插件,用来监控Linux机器
tar xzvf nrpe-2.12.tar.gz
cd nrpe-2.12
./configure
make all
在Nagios服务器端只要安装nrpe监控插件就行
make install-plugin
在/usr/local/nagios/etc/objects/commands.cfg中定义check_nrpe命令
vi /usr/local/nagios/etc/objects/commands.cfg
########################################################################
#
# 2008.11.18 add by Stone
# NRPE COMMAND
#
########################################################################
# 'check_nrpe ' command definition
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
在被监控服务器(Linux/unix)上安装Nagios-plugins和nrpeuseradd nagios
tar xzvf nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15
Nagios-plugins默认安装到/usr/local/nagios
./configure
make
make install
chown nagios.nagios /usr/local/nagios/
chown -R nagios.nagios /usr/local/nagios/libexec/
tar xzvf nrpe-2.12.tar.gz
cd nrpe-2.12
./configure
make all
安装nrpe插件,本监控端可以不装
make install-plugin
安装nrpe守护进程
make install-daemon
安张nrpe配置文件
make install-daemon-config
修改nrpe配置文件,允许Nagios监控服务器(NagiosServer IP)监控
vi /usr/local/nagios/etc/nrpe.cfg
多台机器用逗号隔开
allowed_hosts=127.0.0.1,(NagiosServer IP)
以独立守护进程启动nrpe,也可以使用xinetd启动nrpe,具体清查看nrpe官方文档。
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
开机自动启动nrpe
vi /etc/rc.d/rc.local
加入下面行
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
检查nrpe是否安装正常
/usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12
返回nrpe版本说明安装没问题。
查看启动端口
如果有防火墙应该开放5666端口:
***********************************************************
注意:我们需要在/usr/local/nagios/etc/nrpe.cfg中定义我们用到的监控本地资源的命令。
下面的命令是默认定义的:
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
复制代码下面的命令是自己定义的:
# 监控交换分区的使用情况,使用超过20%时为警告状态,超过10%时为严重状态
command[check_swap]=/usr/local/nagios/libexec/check_swap -w 20% -c 10%
# 监控根分区磁盘使用情况
command[check_disk_root]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /
***********************************************************
附:
做好必要的安全工作
设置用户家目录/home/user,相关配置参数文件,以及访问日志等目录的权限.
chmod 711 /home
chmod 711 /usr/local/pureftpd
chmod 711 /usr/local/apache/conf/vhosts
chmod 711 /usr/local/apache/domlogs
chmod 711 /usr/local/apache/logs
基础环境为Apache+PHP+Mysql+Nagios在这个基础上我们进行安装CACTI并与Nagios进行整合;
基础环境的安装请参见我前面的文章:Apache+PHP+Nagios服务器监控部署笔记(一)Nagios安装篇
下载Cacti并安装
安装rrdtool(http://oss.oetiker.ch/rrdtool/)
yum install pango pango-devel
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.3.tar.gz
tar zxvf rrdtool-1.4.3.tar.gz
cd rrdtool-1.4.3
make
make install
安装net-snmp(http://www.net-snmp.org/)
wget http://netcologne.dl.sourceforge.net/project/net-snmp/net-snmp/5.5/net-snmp-5.5.tar.gz
tar zxvf net-snmp-5.5.tar.gz
cd net-snmp-5.5
./configure --prefix=/usr/local/net-snmp --with-mysql=/usr/local/mysql/bin/mysql_config --enable-developer
make
make install
###########提示信息##############
default version of-snmp-version(3):3(在这里版本通常有三种形式:1,2c,3)
Systemcontact information(配置该设备的联系信息): [email protected](也可以是邮箱地址)
System location (该系统设备的地理位置):Fujian P.R.C
Location to write logfile (日志文件位置):/var/log/snmpd.log
Location to Write persistent(数据存储目录):/var/net-snmp
说明:也可以使用yum install net-snmp net-snmp-devel net-snmp-libs net-snmp-utils net-snmp-perl
或者yum net-snmp*来进行安装
ln -s /usr/local/net-snmp/bin/* /usr/local/bin/
cp EXAMPLE.conf /usr/local/net-snmp/share/snmp/snmpd.conf
vi /usr/local/net-snmp/share/snmp/snmpd.conf //修改snmpd.conf(修改COMMUNITY、允许抓取snmp数据的主机、抓取数据范围等)。
以下是我的snmpd.conf配置##########################################
# sec.name source community
com2sec local localhost public
##########################################
/usr/local/net-snmp/sbin/snmpd //启动SNMP服务
vi /etc/rc.d/rc.local //在rc.local上加入一行/usr/local/net-snmp/sbin/snmpd,系统启动时启动SNMP服务。
安装cacti与cacti-spine(http://cactiusers.org/)
wget http://www.cacti.net/downloads/cacti-0.8.7g.tar.gz
wget http://www.cacti.net/downloads/spine/cacti-spine-0.8.7g.tar.gz
安装cacti
tar zxvf cacti-0.8.7g.tar.gz
mv cacti-0.8.7g /usr/local/cacti
useradd -s /sbin/nologin cacti
passwd cacti
usermod -a -G httpd cacti
chown -R httpd:cacti /usr/local/cacti
安装cacti-spine
tar zxvf cacti-spine-0.8.7g.tar.gz
cd cacti-spine-0.8.7g
获取补丁程序并安装补丁
wget http://www.cacti.net/downloads/spine/patches/0.8.7g/unified_issues.patch
patch -p1 -N < unified_issues.patch
./configure --prefix=/usr/local/cacti-spine --with-mysql=/usr/local/mysql --with-snmp=/usr/local/net-snmp
make
make install
配置cacti、cacti-spine
创建cacti数据库,并初始化该数据库
/usr/local/mysql/bin/mysql -u root -pXXXX (XXXX为数据库密码)
mysql> create database cacti;
mysql> GRANT ALL PRIVILEGES ON *.* TO cacti@localhost IDENTIFIED BY 'cacti' WITH GRANT OPTION;
mysql> flush privileges;
/usr/local/mysql/bin/mysql -ucacti -pcacti cacti < /usr/local/cacti/cacti.sql
编译配置文件/usr/local/cacti-spine/etc/spine.conf(注意:如果是RPM方式安装,那么配置文件位于/etc/spine.conf)
vi /usr/local/cacti-spine/etc/spine.conf
写入如下内容
DB_Host localhost
DB_Database cacti
DB_User cacti
DB_Pass 2010
DB_Port 3306
DB_PreG 0
配置cacti的虚拟主机指向目录/usr/local/cacti/
配置cacti的config.php配置文件
vi /usr/local/cacti/include/config.php
修改如下内容
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "cacti";
$database_port = "3306";
配置/etc/cron.d/cacti任务文件,即:系统每5分钟进行收集SNMP代理上的数据
crontab -e
*/5 * * * * /usr/local/bin/php /usr/local/cacti/poller.php &>/dev/null 2>&1
测试一下
重启apache
http://ip/,登录cacti,还要相关配置,下面是一个配置例子
说明:路径要设置对,也可以先跳过,然后登录cacti主页后,选择"settings" -> "Paths"进行修改
---------------------------------------------------------------------------------
Cacti插件的安装
安装Plugin Architecture(http://cactiusers.org/)
作用:让cacti支持更多的插件
tar zxvf cacti-plugin-0.8.7g-PA-v2.9.tar.gz
mv cacti-plugin-arch /usr/local/cacti/
cd /usr/local/cacti/
/usr/local/mysql/bin/mysql -ucacti -pcacti cacti < cacti-plugin-arch/pa.sql
patch -p1 -N < cacti-plugin-arch/cacti-plugin-0.8.7g-PA-v2.9.diff
rm -rf cacti-plugin-arch
chown -R httpd:cacti /usr/local/cacti
vi /usr/local/cacti/include/global.php,修改并增加如下
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "2010";
$database_port = "3306";
显示Plugin-Management
User Management -> "admin" or "other user" -> "Realm Permissions" -> "Plugin Management" -> 打勾并保存
安装相关插件
安装Settings插件(http://docs.cacti.net/plugins)
wget http://docs.cacti.net/_media/plugin:settings-v0.7-1.tgz
tar zxvf settings-v0.7-1.tgz
mv settings /usr/local/cacti/plugins/settings
根据新旧版本插件,进行设置
安装Thold插件(http://docs.cacti.net/plugins)
wget http://docs.cacti.net/_media/plugin:thold-latest.tgz -O thold-latest.tgz
tar zxvf thold-latest.tgz
mv thold-0.41 /usr/local/cacti/plugins/thold
根据新旧版本插件,进行设置
安装Monitor插件(http://docs.cacti.net/plugins)
tar zxvf monitor-v1.2-1.tgz
mv monitor /usr/local/cacti/plugins/monitor
根据新旧版本插件,进行设置
WeatherMap插件(http://www.network-weathermap.com/download)
wget http://www.network-weathermap.com/files/php-weathermap-0.97a.zip
unzip php-weathermap-0.97a.zip
mv weathermap /usr/local/cacti/plugins/
cd /usr/local/cacti/plugins/weathermap/
chown -R httpd:cacti /usr/local/cacti
chmod u+w configs #设置configs目录的所属主对该目录可写
cp editor-config.php-dist editor-config.php
vi editor-config.php,修改如下参数
$cacti_base = "/usr/local/cacti"; #cacti目录的绝对路径
$cacti_url = "http://localhost/cacti/"; #访问cacti的地址
$mapdir= $cacti_base.'/plugins/weathermap/configs'; #设置configs目录的绝对路径
根据新旧版本插件,进行设置
Nagios整合到Cacti
安装Nagios Plugin for Cacti(NPC)插件(http://trac2.assembla.com/npc)
作用:将nagios的数据通过ndo2db导入到mysql数据库,然后cacti读取数据库信息将nagios的结果通过NPC展示出来
安装NPC
wget http://www.constructaegis.com/downloads/npc-2.0.4.tar.gz
tar zxvf npc-2.0.4.tar.gz
mv npc /usr/local/cacti/plugins/
最后:根据新旧版本插件,进行设置
安装php-json(http://pecl.php.net/package/json),因为NPC需要用到它
wget http://pecl.php.net/get/json-1.2.1.tgz
tar zxvf json-1.2.1.tgz
cd json-1.2.1
/usr/bin/phpize
./configure --with-php-config=/usr/local/bin/php-config --enable-shared --enable-static --with-json
make
make install
service httpd restart
http://ip /phpinfo.php
访问phpinfo.php文件,确定一下是否已经加载了json,文件可以自行创建,内容如下:
<?php
phpinfo();
?>
安装NDOUtils
cd /usr/src/ndoutils-1.4b9/
./configure --prefix=/usr/local/nagios --enable-mysql --disable-pgsql LDFLAGS=-L/usr/local/mysql/lib/mysql --with-mysql-lib=/usr/local/mysql/lib/mysql --with-mysql=/usr/local/mysql
make
在编译没有出错后,复制相应的配置文件与相关的执行文件,他们的主要作用就是做相关的配置与让nagios可以正确的调用。
cd /usr/src/ndoutils-1.4b9/src/
cp ndo2db-3x ndo2db-2x file2sock log2ndo /usr/local/nagios/bin/
cd ../config
cp ndo2db.cfg-sample /usr/local/nagios/etc/ndo2db.cfg
cp ndomod.cfg-sample /usr/local/nagios/etc/ndomod.cfg
以上复制的文档中前两项是版本相关的,即假如您的nagios主版本号是2系列,则需要拷贝名为ndomod-2x.o和ndo2db-2x的两个文档。后两项是通用文档,随便复制过去就OK了。
修改NPC在CACTI数据库中的相关表,这个应该是个BUG。所以需要执行如下操作:
ALTER TABLE `npc_hostchecks` ADD COLUMN `long_output` varchar(8192) NOT NULL default '' AFTER `output`;
ALTER TABLE `npc_hoststatus` ADD COLUMN `long_output` varchar(8192) NOT NULL default '' AFTER `output`;
ALTER TABLE `npc_servicechecks` ADD COLUMN `long_output` varchar(8192) NOT NULL default '' AFTER `output`;
ALTER TABLE `npc_servicestatus` ADD COLUMN `long_output` varchar(8192) NOT NULL default '' AFTER `output`;
ALTER TABLE `npc_statehistory` ADD COLUMN `long_output` varchar(8192) NOT NULL default '' AFTER `output`;
ALTER TABLE `npc_eventhandlers` ADD COLUMN `long_output` varchar(8192) NOT NULL default '' AFTER `output`;
ALTER TABLE `npc_systemcommands` ADD COLUMN `long_output` varchar(8192) NOT NULL default '' AFTER `output`;
ALTER TABLE `npc_notifications` ADD COLUMN `long_output` varchar(8192) NOT NULL default '' AFTER `output`;
配置ndo2db.cfg文件:
[root@node3 etc]# vim /usr/local/nagios/etc/ndo2db.cfg
lock_file=/usr/local/nagios/var/ndo2db.lock
ndo2db_user=nagios
ndo2db_group=nagios
socket_type=tcp
socket_name=/usr/local/nagios/var/ndo.sock
tcp_port=5668
use_ssl=0
db_servertype=mysql
db_host=localhost
db_port=3306
db_name=cacti
db_prefix=npc_
db_user=cacti
db_pass=cacti
max_timedevents_age=1440
max_systemcommands_age=10080
max_servicechecks_age=10080
max_hostchecks_age=10080
max_eventhandlers_age=44640
max_externalcommands_age=44640
debug_level=0
debug_verbosity=1
debug_file=/usr/local/nagios/var/ndo2db.debug
max_debug_file_size=1000000
配置ndomod.cfg文件
vi /usr/local/nagios/etc/ndomod.cfg
instance_name=node3
output_type=tcpsocket
output=127.0.0.1
tcp_port=5668
use_ssl=0
output_buffer_items=5000
buffer_file=/usr/local/nagios/var/ndomod.tmp
file_rotation_interval=14400
file_rotation_timeout=60
reconnect_interval=15
reconnect_warning_interval=15
data_processing_options=-1
config_output_options=2
配置nagios的配置文件
vi /usr/local/nagios/etc/nagios.cfg
添加以下两句,第二句如果没有才加上去,默认是有的。
broker_module=/usr/local/nagios/bin/ndomod-3x.o config_file=/usr/local/nagios/etc/ndomod.cfg
event_broker_options=-1
启动ndo2db守护进程
/usr/local/nagios/bin/ndo2db-3x -c /usr/local/nagios/etc/ndo2db.cfg
执行完以上这条命令,如果没有报错,就看看nagios.log的日志,如果出现以下提示:
nagios: ndomod: Could not open data sink! I'll keep trying, but some output may get lost...
解决方法就是:
查看/usr/local/nagios/etc/ndo2db.cfg文件里的ndo2db_user=nagios ndo2db_group=httpd db_user=cacti
db_pass=ndouser 这几项是否正确配置了,ndo2db_user就是你运行nagios的用户名;ndo2db_group是运行nagios的组,db_user表示的是你授权访问ndodb数据库的用户名,db_pass访问数据的密码。
如果在加载守护进程出现:
Failed to obtain lock on file /usr/local/nagios/var/ndo2db.lock: Permission denied : Permission denied
解决方法是:确认你在/usr/local/nagios/etc/ndo2db.cfg里ndo2db_user与ndo2db_group这两项的填写的用户是否对目录/usr/local/nagios/var/有写入的权限。
重新启动nagios
service nagios restart
至此已经全部配置完成,下面确认我们已经安装成功,进入mysql看看我们创建的数据表里是否有数据。并且访问CACTI
实现MSN报警
基础环境,请参考我的前面的文章:《Apache+PHP+Nagios+Cacti+MSN服务器监控部署笔记(一)Nagios安装篇》
要实现MSN报警需要使用phpmsnclass,这是一个用php实现的msn机器人程序。
wget http://phpmsnclass.googlecode.com/files/phpmsnclass_1.10.7z
下载phpmsnclass,此文件为7zip压缩格式,需要安装7z
wget http://nchc.dl.sourceforge.net/sourceforge/p7zip/p7zip_4.65_x86_linux_bin.tar.bz2
tar jxvf p7zip_4.65_x86_linux_bin.tar.bz2
cd p7zip_4.65
./install.sh 安装7z
7z e phpmsnclass_1.9.7z 解压文件
msn报警有2种方式,一种是直接使用php进行登陆验证发送消息,另外一个是以msn机器人的形式发送,将消息存储在目录内。这里采用第二种。
cd phpmsnclass
mkdir /var/spool/msnbot
mkdir /var/spool/msnbot/log
mkdir /var/spool/msnbot/spool
下面把msnbot.php, config.php和msn.class.php拷贝到/var/spool/msnbot/
cp msnbot.sh msnbot.php msn.class.php msnsendmsg.php notify_add.php notify_send.php notify.sql sample.php test.msn changelog.txt config.php notify_config.php /var/spool/msnbot/
chmod 777 /var/spool/msnbot/spool
chmod o+t /var/spool/msnbot/spool
这个机器人的工作原理是如果要发送消息,就调用php生成消息文件到
/var/spool/msnbot/spool目录中,发送程序检查到该目录有新文件就会模拟msn登陆和发信将信息发送出去。
chmod +x /var/spool/msnbot/msnbot.php
vi config.php
在配置文件中设置MSN的账号和密码(以后报警通过这个MSN发出)
cp msnbot.sh /etc/init.d/
chmod +x msnbot.sh 加上执行权限
vi msnbot.sh
修改后的内容如下:
#! /bin/sh
#
# MSN bot
#
NAME=msnbot
DESC="MSN bot"
set -e
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
/usr/local/php/bin/php -Cq /var/spool/msnbot/msnbot.php
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
MSNPID=`cat /var/spool/msnbot/log/msnbot.pid`
kill $MSNPID
echo "."
;;
restart|force-reload)
$0 stop
sleep 5s
$0 start
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
需要修改/var/spool/msnbot/msnbot.php这句
前面添加php程序的具体位置并添加具体参数:
/usr/local/php/bin/php -Cq /var/spool/msnbot/msnbot.php
修改msnbot.php文件
vi /var/spool/msnbot/msnbot.php
去除文件中第一行的内容;
启动MSN机器人
./msnbot.sh start
下面发个消息测试一下
php msnsendmsg.php [email protected] "this is a test2"
向[email protected]的MSN账号发送测试信息
注意需要将[email protected]和config.php里设置的MSN账号相互加为好友
如果成功接收到信息说明配置正确,此步骤到此结束,后面的能让Nagios使用MSN进行报警的功能需要到Nagios里设置了。