project5智能DNS
http://www.freehao123.com --免费注册域名|免费VPS
***********************************************************************
智能DNS<DNS轮循|DNS泛域名解析|DNS子域委派|DNS的ACL控制与视图|DNS主从>
***********************************************************************
1、可以根据客户端信息,来智能给对应解析结果
2、客户端信息指的是客户端IP地址(源IP地址)
为何要使用智能DNS
1、因为不同ISP厂商有竞争
1)电信阵营
2)联通阵营(网通、铁通、移动、联通)
上游DNS服务器(192.168.0.1)-->下游DNS服务器(192.168.0.3)
uplooking.com-->sh.uplooking.com-->192.168.0.3
2、全区域访问量过于巨大,单组服务器无法满足访问需求
正向查询 A记录 域名解析IP
反向查询 PTR记录 IP
DNS查询过程
本地缓存/etc/hosts---- 本地DNS(NS1|NS2--nameserver) -- 根域(13台) --- 一级域名(国家域|顶级域) ---
二级域名
---三级域名<行政域gz|sh|sz|bj>
DNS工作原理
一次递归 多次迭代
DNS轮循(负载均衡形DNS)
优点:负载均衡
缺点:浪费公网IP 成本很高
在递归查询中 根据缓存访问某一个节点
[root@i ~]# vim /var/named/uplooking.com.zone
$TTL 1D
@ IN SOA dns.uplooking.com. root.uplooking.com.(
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.uplooking.com.
dns A 192.168.0.254
www A 2.2.2.2
www A 3.3.3.3
www A 1.1.1.1
[root@i ~]# service named restart
[root@i ~]# echo "nameserver 192.168.0.254" >/etc/resolv.conf
--测试结果
[root@i ~]# ping -c1 www.uplooking.com
PING www.uplooking.com (3.3.3.3) 56(84) bytes of data.
[root@i ~]# ping -c1 www.uplooking.com
PING www.uplooking.com (1.1.1.1) 56(84) bytes of data.
[root@i ~]# ping -c1 www.uplooking.com
PING www.uplooking.com (2.2.2.2) 56(84) bytes of data.
DNS泛域名解析 结合apache的虚拟主机
*.qq.com ----- www.qq.com
优点: 简化地址 出现错误能够正常解析到默认首页www.xxx.com
缺点: 不便于不同的域名的页面分配
v.qq.com --- www.qq.com
qzone.qq.com --- www.qq.com
[root@i ~]# vim /var/named/uplooking.com.zone
@ NS dns.uplooking.com.
dns A 192.168.0.254
;www A 2.2.2.2
;www A 3.3.3.3
;www A 1.1.1.1
* A 192.168.0.1
uplooking.com. A 192.168.0.1
[root@i ~]# service named restart
---配置webserver的虚拟主机
[root@node1 ~]# vim /etc/httpd/conf.d/www.uplooking.conf
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.uplooking.com
ServerAlias *.uplooking.com
ErrorLoglogs/web.uplooking.com-error_log
CustomLoglogs/web.uplooking.com-access_log common
</VirtualHost>
[root@node1 ~]# echo 'test www.uplooking.com' > /var/www/html/index.html
[root@node1 ~]# echo "nameserver 192.168.0.254" > /etc/resolv.conf
[root@node1 ~]# service httpd start
[root@node1 ~]# ping www.uplooking.com
PING www.uplooking.com (192.168.0.1) 56(84) bytes of data.
[root@node1 ~]# elinks -dump http://www.uplooking.com
test www.uplooking.com
[root@node1 ~]# elinks -dump http://sb.uplooking.com
test www.uplooking.com
[root@node1 ~]# elinks -dump http://uplooking.com
test www.uplooking.com
连续域名解析
$GENERATE start-stop/[step] 1hs type rhs [comment] :语法
[root@i ~]# vim /var/named/uplooking.com.zone
a.uplooking.com. NS dns.a.uplooking.com.
dns.a.uplooking.com. A 192.168.0.254
;desktop1.a.uplooking.com. A 192.168.100.1
$GENERATE 1-254 desktop$.a IN A 192.168.100.$
间隔
$GENERATE 1-254/2 desktop$.a IN A 192.168.100.$ --奇数主机地址
---测试 获取所有的A记录
[root@i ~]# dig -t axfr uplooking.com
DNS子域委派
优点: 负载均衡
加速查询过程
父域--
上游DNS服务器(192.168.0.254) dns.uplooking.com
子域--
下游DNS服务器(192.168.0.1) ---- dns.gz.uplooking.com
下游DNS服务器(192.168.0.2) ---- dns.bj.uplooking.com
nslookup
> server 202.96.128.86 --DNS服务器
Default server: 202.96.128.86
Address: 202.96.128.86#53
> www.qq.com
Server: 202.96.128.86
Address: 202.96.128.86#53
Non-authoritative answer: --非权威应答
Name: www.qq.com
Address: 14.17.32.211
Name: www.qq.com
Address: 59.37.96.63
Name: www.qq.com
Address: 14.17.42.40
-----注意 选项 recursion yes; --开启递归查询
---------父域节点(192.168.0.254)
[root@i ~]# vim /var/named/uplooking.com.zone
$TTL 1D
@ IN SOA dns.uplooking.com. root.uplooking.com.(
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.uplooking.com.
dns A 192.168.0.254
www A 12.1.1.1
gz NS dns.gz.uplooking.com.
dns.gz.uplooking.com. A 192.168.0.1
bj NS dns.bj.uplooking.com.
dns.bj.uplooking.com. A 192.168.0.2
[root@i ~]# service named restart
-------子域1 (192.168.0.1)----------------
[root@node1 ~]# yum -y install bind
[root@node1 ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1; any;};
allow-query { localhost; any; };
--注册域(三级域名) gz.uplooking.com.
[root@node1 ~]# vim /etc/named.rfc1912.zones
zone "gz.uplooking.com" IN{
type master;
file"gz.uplooking.com.zone";
allow-update { none; };
};
[root@node1 named]# cp named.localhost gz.uplooking.com.zone -a
[root@node1 named]# vim gz.uplooking.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.gz.uplooking.com.
dns A 192.168.0.1
www A 13.1.1.1
[root@node1 ~]# service named restart
[root@node1 ~]# echo "nameserver 192.168.0.1" > /etc/resolv.conf
[root@node1 ~]# host www.gz.uplooking.com
www.gz.uplooking.com has address 13.1.1.1
----------子域2 (192.168.0.2)----------------
[root@node2 ~]# yum -y install bind
[root@node2 ~]# rsync -avz 192.168.0.1:/etc/named.conf /etc/
[root@node2 ~]# rsync -avz 192.168.0.1:/etc/named.rfc1912.zones /etc/
[root@node2 ~]# rsync -avz 192.168.0.1:/var/named/gz.uplooking.com.zone/var/named/
[root@node2 ~]# sed -i s/gz.uplooking/bj.uplooking/ /etc/named.rfc1912.zones
[root@node2 ~]# mv /var/named/gz.uplooking.com.zone/var/named/bj.uplooking.com.zone
[root@node2 ~]# vim /var/named/bj.uplooking.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.bj.uplooking.com.
dns A 192.168.0.2
www A 14.1.1.1
[root@node2 ~]# service named start
[root@node2 ~]# echo "nameserver 192.168.0.2" > /etc/resolv.conf
[root@node2 ~]# host www.bj.uplooking.com
www.bj.uplooking.com has address 14.1.1.1
---------------------------------------------
测试机(0.3)
直接指向DNS服务器 不做子域委派
[root@i named]# nslookup
> www.uplooking.com -- 直接指向DNS服务器 不做子域委派
Server: 192.168.0.254
Address: 192.168.0.254#53
Name: www.uplooking.com
Address: 12.1.1.1
> www.bj.uplooking.com --- 直接父域DNS服务器 做子域委派
Server: 192.168.0.254
Address: 192.168.0.254#53
Non-authoritative answer:
Name: www.bj.uplooking.com
Address: 14.1.1.1
> www.gz.uplooking.com
Server: 192.168.0.254
Address: 192.168.0.254#53
Non-authoritative answer:
Name: www.gz.uplooking.com
Address: 13.1.1.1
DNS的ACL控制与视图|DNS主从
智能DNS 根据源IP 切换到不同DNS服务器 查询所需要的记录
根据区域 国内|国外 北方|南方
根据ISP 南电信|北联通
根据行政 北京总部|广州
智能DNS 通过ACL控制列表 切换到区域|ISP|行政---连接服务器
| ACL列表分类
支持识别路线:电信、联通、教育网、搜索引擎、省份
ACL列表的管理
--允许那个范围
acl ALLOW-zone1 {
192.168.0.0/24;
};
listen-on port 53 { 127.0.0.1; ALLOW-zone1; };
allow-query { localhost; ALLOW-zone1;};
--拒绝某一个IP查询
192.168.0.254
acl DENY-zone1 {
192.168.0.254;
};
blackhole { DENY-zone1;};
-----------定义外部acl文件
include "/var/named/dianxi.acl"
include "/var/named/liantong.acl"
[root@node1 ~]# wget ftp://192.168.0.254/notes/project/software/IPinfo.txt
--电信网段
[root@node1 ~]# awk -F"," 'BEGIN {print "acl DX {"} ; $0 ~ /CHINANET/{print$1"/"$2";"} END{print "};"}' IPinfo.txt >/var/named/dianxi.acl
--其它网段
[root@node1 ~]# awk -F"," 'BEGIN {print "acl LT {"} ; $0 !~ /CHINANET/{print$1"/"$2";"} END{print "};"}' IPinfo.txt >/var/named/liantong.acl
部署智能DNS
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
电信 192.168.1.0/24 ----- acl ---- zone ---- A www.uplooking.com1.1.1.1
联通 192.168.2.0/24 ----- acl ---- zone ---- A www.uplooking.com 2.2.2.2
其它<海外> 192.168.3.0/24----- acl ---- zone ---- A www.uplooking.com 3.3.3.3
----DNS的ACL与DNS视图
1) 配置子接口
[root@node1 ~]# ifconfig eth0:0 192.168.1.254 up
[root@node1 ~]# ifconfig eth0:1 192.168.2.254 up
[root@node1 ~]# ifconfig eth0:3 192.168.3.254 up
2) 安装软件
[root@node1 ~]# rpm -q bind
3) 定义acl列表与视图
[root@node1 ~]# vim /etc/named.conf
acl dx-zone1 {
192.168.1.0/24;
};
acl lt-zone1 {
192.168.2.0/24;
};
acl others {
192.168.3.0/24;
};
options {
listen-on port 53 { 127.0.0.1;192.168.1.254; 192.168.2.254; 192.168.3.254; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
view 电信 {
match-clients { dx-zone1; };
allow-query { dx-zone1; };
zone "." IN {
type hint;
file "named.ca";
};
zone "uplooking.com" IN{
type master;
file"uplooking.com.zone.dx";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view 联通 {
match-clients { lt-zone1; };
allow-query { lt-zone1; };
zone "." IN {
type hint;
file "named.ca";
};
zone "uplooking.com" IN{
type master;
file"uplooking.com.zone.lt";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view 其它 {
match-clients { others; };
allow-query { others; };
zone "." IN {
type hint;
file "named.ca";
};
zone "uplooking.com" IN{
type master;
file "uplooking.com.zone.others";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
记住 清空该文件中的区域注册的域名 vim /etc/named.rfc1912.zones
4)定义A记录
[root@node1 named]# vim uplooking.com.zone.dx
$TTL 1D
@ IN SOA dns.gz.uplooking.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.uplooking.com.
dns A 192.168.1.254
www A 1.1.1.1
[root@node1 named]# chgrp named uplooking.com.zone.dx
[root@node1 named]# cp -a uplooking.com.zone.dx uplooking.com.zone.lt
[root@node1 named]# sed -i 's/192.168.1.254/192.168.2.254/'uplooking.com.zone.lt
[root@node1 named]# sed -i 's/1.1.1.1/2.2.2.2/' uplooking.com.zone.lt
[root@node1 named]# cp -a uplooking.com.zone.dx uplooking.com.zone.others
[root@node1 named]# sed -i 's/192.168.1.254/192.168.3.254/' uplooking.com.zone.others
[root@node1 named]# sed -i's/1.1.1.1/3.3.3.3/' uplooking.com.zone.others
[root@node1 named]# service named restart
---测试
[root@node3 ~]# ifconfig eth0:0 192.168.1.100 up
[root@node3 ~]# ifconfig eth0:1 192.168.2.100 up
[root@node3 ~]# ifconfig eth0:2 192.168.3.100 up
[root@node3 ~]# echo "nameserver 192.168.1.254" > /etc/resolv.conf
[root@node3 ~]# host www.uplooking.com
www.uplooking.com has address 1.1.1.1
[root@node3 ~]# echo "nameserver 192.168.2.254" > /etc/resolv.conf
[root@node3 ~]# host www.uplooking.com
www.uplooking.com has address 2.2.2.2
[root@node3 ~]# echo "nameserver 192.168.3.254" > /etc/resolv.conf
[root@node3 ~]# host www.uplooking.com
www.uplooking.com has address 3.3.3.3
+++++++++++DNS主从+++++++++++++++++++++
Master 192.168.0.1
slave1 192.168.0.2
master ---
allow-transfer {slave1-ip; };
salve ---
zone "uplooking.com"{
type slave;
file"/var/named/slaves/uplooking.com.dx";
transfer-source 自己slave1的IP地址; -指定同步区域文件的源IP地址
masters { master-ip;};
}
主从 只同步 电信视图 联通试图
----------Master 192.168.0.1 -----------------------
[root@node1 ~]# vim /etc/named.conf
view 电信 {
match-clients { dx-zone1; };
allow-query { dx-zone1; };
allow-transfer { 192.168.1.253; };
};
view 联通 {
match-clients { lt-zone1; };
allow-query { lt-zone1; };
allow-transfer { 192.168.2.253; };
}
[root@node1 ~]# service named restart
-------------slave1 192.168.0.2 --------------------
[root@node2 ~]# ifconfig eth0:0 192.168.1.253 up
[root@node2 ~]# ifconfig eth0:1 192.168.2.253 up
[root@node2 ~]# ifconfig eth0:2 192.168.3.253 up
[root@node2 ~]# rpm -q bind
bind-9.8.2-0.10.rc1.el6.x86_64
[root@node2 ~]# cat /etc/named.conf
acl dx-zone1 {
192.168.1.0/24;
};
acl lt-zone1 {
192.168.2.0/24;
};
acl others {
192.168.3.0/24;
};
options {
listen-on port 53 { 127.0.0.1;192.168.1.253; 192.168.2.253; 192.168.3.253; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
view 电信 {
match-clients { dx-zone1; };
allow-query { dx-zone1; };
zone "." IN {
type hint;
file "named.ca";
};
zone "uplooking.com" IN{
type slave;
transfer-source 192.168.1.253;
masters { 192.168.1.254; };
file"/var/named/slaves/uplooking.com.zone.dx";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view 联通 {
match-clients { lt-zone1; };
allow-query { lt-zone1; };
zone "." IN {
type hint;
file "named.ca";
};
zone "uplooking.com" IN{
type slave;
file"/var/named/slaves/uplooking.com.zone.lt";
transfer-srouce 192.168.2.253;
masters { 192.168.2.254; };
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
删除之前的区域注册域名与配置文件
[root@node2 ~]# sed -i '/bj.uplooking/,$ d' /etc/named.rfc1912.zones
[root@node2 ~]# rm -fr /var/named/*.zone
[root@node2 ~]# service named restart
[root@node2 ~]# ls /var/named/slaves/
uplooking.com.zone.dx uplooking.com.zone.lt
--测试
[root@node3 ~]# nslookup
> server 192.168.1.254
Default server: 192.168.1.254
Address: 192.168.1.254#53
> www.uplooking.com
Server: 192.168.1.254
Address: 192.168.1.254#53
Name: www.uplooking.com
Address: 1.1.1.1
> server 192.168.1.253
Default server: 192.168.1.253
Address: 192.168.1.253#53
> www.uplooking.com
Server: 192.168.1.253
Address: 192.168.1.253#53
Name: www.uplooking.com
Address: 1.1.1.1
----主从同步 通过序列号的改变定义更新
0 ; serial --虚拟号
1D ; refresh --1天更新一次
如何实现1天之后 同步A记录
[root@node1 named]# vim /var/named/uplooking.com.zone.dx
18 ; serial
vip A 11.11.11.11
---修改slave的时间 同步数据
[root@node2 slaves]# date -s "20160515 18:00"
[root@node2 slaves]# service named restart
[root@node2 slaves]# ll
总用量 8
-rw-r--r--. 1 named named 359 5月 15 18:00 uplooking.com.zone.dx
-rw-r--r--. 1 named named 339 5月 15 18:00 uplooking.com.zone.lt
[root@node2 slaves]# cat uplooking.com.zone.dx |grep vip
vip A 11.11.11.11
----文件有效期限 86400秒 =1天
-----------给DNS 定义禁锢模式
--master
[root@node1 ~]# yum -y install bind-chroot
---硬连接
[root@node1 ~]# ll -di /var/named/uplooking.com.zone.dx
262450 -rw-r-----. 1 root named 221 5月 14 16:40/var/named/uplooking.com.zone.dx
[root@node1 ~]# ll -di /var/named/chroot/var/named/uplooking.com.zone.dx
262450 -rw-r-----. 1 root named 221 5月 14 16:40 /var/named/chroot/var/named/uplooking.com.zone.dx
/var/named/chroot/etc/named.conf
---slave 安装禁锢模式
[root@node2 ~]# yum -y install bind-chroot
[root@node2 ~]# rpm -ql bind-chroot
/var/named/chroot
/var/named/chroot/dev
/var/named/chroot/dev/null
/var/named/chroot/dev/random
/var/named/chroot/dev/zero
/var/named/chroot/etc
/var/named/chroot/etc/localtime
/var/named/chroot/etc/named
/var/named/chroot/etc/named.conf
/var/named/chroot/etc/pki
/var/named/chroot/etc/pki/dnssec-keys
/var/named/chroot/usr
/var/named/chroot/usr/lib64
/var/named/chroot/usr/lib64/bind
/var/named/chroot/var
/var/named/chroot/var/log
/var/named/chroot/var/named
/var/named/chroot/var/run
/var/named/chroot/var/run/named
/var/named/chroot/var/tmp
----将所有named的文件硬连接到/var/named/chroot目录下
任务 部署cacti监控系统
1 使用CactiEZ-10.1-x86_64.iso 安装Cacti监控系统
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
cacti
官方站点:http://www.cacti.net
Cacti 在英文中的意思是仙人掌的意思,Cacti是一套基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具,使用PHP开发,它是由一些PHP页面组成软件,主要针对企业的大量网络设备、服务器主机提供性能监测服务,可提供对CPU负载、内存占用、运行进程数、磁盘空间、网卡流量等各种数据信息的监测,cacti注重的是状态监控,报警和服务恢复功能比较差。
RRDTool
Round Robin Database Tool,轮询数据库工具
RRDtool工具由MRTG的原作者开发,使用rrd数据库保存信息,使用Cacti监测系统需要用到RRDtool工具
官方站点:http://oss.oetiker.ch/rrdtool/
工作原理
Linux+apache+php+mysql+cacti(php)+rrdtool----> SNMP
1 定时采集数据
2 通过net-snmp协议将数据传输 并存储到rrdtool的mysqld
3 需要查看某台设备的流量
4 进入数据库中,查找到设备对应的rra文件
5 rrdtool程序 对这些对应的rra进行绘图
6 将图形返回给用户
构建Cacti监测系统
监控端: 192.168.0.1
被监控端 : (Linux) 192.168.0.2
1.配置被监测端:
1> 安装软件
[root@node2 ~]# yum -y install net-snmp
2> 配置
[root@node2 ~]# vim /etc/snmp/snmpd.conf
41 com2sec notConfigUser 192.168.0.1 publicupl --指定监控端与验证暗语publicupl
62 access notConfigGroup"" any noauth exact all none none --可以采集所有数据
81 view all included .1 80
3> 启动
[root@node2 ~]# service snmpd start
[root@node2 ~]# chkconfig snmpd on
[root@node2 ~]# netstat -unlp |grep snmp
udp 0 0 0.0.0.0:161 0.0.0.0:* 3224/snmpd
2 配置监控端:
1) 安装Lamp
[root@cacti ~]# yum -y install httpd php php-mysql mysql-server mysql
[root@cacti ~]# service mysqld start
[root@cacti ~]# service httpd start
[root@cacti ~]# chkconfig httpd on
[root@cacti ~]# chkconfig mysqld on
测试页面test.php
[root@cacti ~]# vim /var/www/html/test.php
<?php
phpinfo();
?>
http://192.168.0.1/test.php
2) 安装采集数据SNMP (net-snmp-utils)
[root@cacti ~]# yum -y install net-snmp net-snmp-utils
[root@cacti ~]# vim /etc/snmp/snmpd.conf
com2sec notConfigUser 127.0.0.1 publicupl
access notConfigGroup "" any noauth exact all none none
view all included .1 80
[root@cacti ~]# service snmpd start
[root@cacti ~]# chkconfig snmpd on
3) 安装rrd-tools工具
[root@cacti ~]# yum -y install rrdtool
4) 下载与安装cacti套件
<1> 下载
[root@cacti ~]# lftp 192.168.0.254
lftp 192.168.0.254:~> cd notes/project/software/
lftp 192.168.0.254:/notes/project/software> mirror cacti/
lftp 192.168.0.254:/notes/project/software> exit
<2> 解压
[root@cacti ~]# tar xf /root/cacti/cacti-0.8.8a.tar.gz -C /var/www/html/
[root@cacti ~]# mv /var/www/html/cacti-0.8.8a/ /var/www/html/cacti
<3> 新建程序用户
[root@cacti ~]# useradd -r cactiuser
[root@cacti ~]# cd /var/www/html/cacti/
[root@cacti cacti]# chown cactiuser.cactiuser rra log -R
<4> 配置mysql
mysql> create database cactidb default charset utf8;
mysql> grant all on cactidb.* to dbuser@'localhost' identified by'123';
导入数据库模板
[root@cacti cacti]# find /var/www/html/cacti/ |grep sql$
/var/www/html/cacti/cacti.sql
[root@cacti cacti]# mysql -udbuser -p123 cactidb </var/www/html/cacti/cacti.sql
定义php如何连接数据库
[root@cacti cacti]# vim /var/www/html/cacti/include/config.php
$database_type = "mysql";
$database_default = "cactidb";
$database_hostname = "localhost";
$database_username = "dbuser";
$database_password = "123";
$database_port = "3306";
$database_ssl = false;
使用浏览器访问cacti,并作相关的配置:
firefox http://192.168.0.1/cacti
用户:admin 密码:admin 更改密码: admin
采集数据的逻辑流程:
vim /etc/php.ini 修改时间戳
946 date.timezone ='Asia/Chongqing'
[root@cacti cacti]# service httpd restart
步骤1
console --- Devices --- 将之前的监控主机删除delete ---重新添加新的监控主机
1> 添加监控主机 "本机监控"
Hostname 127.0.0.1
Downed Device Detection ping and SNMP uptime
SNMP Version Version2
SNMP Community publicupl
Associated Graph Templates 监控那些性能
1) Linux - Memory Usage Not BeingGraphed Delete Graph TemplateAssociation
2) Unix - Load Average Not Being Graphed Delete Graph Template Association
3) Unix - Logged in Users Not BeingGraphed Delete Graph TemplateAssociation
4) Unix - Processes Not BeingGraphed
Associated Data Queries
1) Unix - Get Mounted Partitions
--保存
给主机创建图形模板
*Create Graphs for this Host
步骤2
console --- Graph Trees ---- 清空默认树 --新建一个"Linux主机群" Graph Trees
|
Tree Items 添加对象
逻辑
console ---- Devices ---- "远程主机1" ---- Graph Trees --- Tree Items 添加对象
开始分析数据
/usr/bin/php /var/www/html/cacti/poller.php
[root@cacti cacti]# /usr/bin/php /var/www/html/cacti/poller.php
[root@cacti cacti]# ll /var/www/html/cacti/rra*
设置每1分钟采集一次数据:
[root@cacti ~]# crontab -u cactiuser -e
*/1 * * * * /usr/bin/php /var/www/html/cacti/poller.php &>/dev/null
+++++++++++Cacti的插件管理++++++++++++++++++++++++++
增加Cacti的插件 完成更多的监控功能
/ -->thold --- 报警器(伐值)
PA --> setting --配置
| \ -->monitor ---监控器
|
cacti
PA插件:(给插件打补丁)
[root@cacti ~]# cd /root/cacti
[root@cacti cacti]# tar xf cacti-plugin-0.8.7h-PA-v3.0.tar.gz
[root@cacti cacti]# patch -p1 -N </root/cacti/cacti-plugin-arch/cacti-plugin-0.8.7h-PA-v3.0.diff
settings/thold/monitor 三个插件
[root@cacti cacti]# cd /root/cacti
[root@cacti cacti]# tar xf settings-v0.71-1.tgz
[root@cacti cacti]# mv settings /var/www/html/cacti/plugins/
[root@cacti cacti]# tar xf thold-v0.5.0.tgz
[root@cacti cacti]# mv thold /var/www/html/cacti/plugins
[root@cacti cacti]# tar xf monitor-v1.3-1.tgz
[root@cacti cacti]# mv monitor /var/www/html/cacti/plugins
Plugin Management ---- 应用插件
console--> Settings ---> Misc ---- 勾选 Show Icon Legend
报警
短信(企业商业短信)
邮件
定义伐值 Thresholds --> 远程主机1---> 进程数
定义伐值的值
Warning High / Low Settings 一般警告
进程数 高于 110
进程数 低于 80
Alert High / Low Settings 严重警告
进程数 高于 120
进程数 低于 70
应用伐值
console--> Devices --> 远程主机1 --> *Create Graphs forthis Host ---> *Auto-createthresholds
采集数据之后 查看邮件是否报警
++++++++++++++++++++++++++++++++更换采集器 spine+++++++++++++++++++++++++++++++++
[root@cacti cacti]# cd /root/cacti
[root@cacti cacti]# tar xf cacti-spine-0.8.8a.tar.gz
[root@cacti cacti]# yum -y install mysql-devel net-snmp-devel
编译
[root@cacti cacti]# cd cacti-spine-0.8.8a
[root@cacti cacti-spine-0.8.8a]# ./configure --prefix=/var/www/html/cacti/spine--with-mysql --with-snmp=/usr
[root@cacti cacti-spine-0.8.8a]# make && make install
[root@cacti ~]# find /var/www/html/cacti/spine/
/var/www/html/cacti/spine/
/var/www/html/cacti/spine/bin
/var/www/html/cacti/spine/bin/spine
/var/www/html/cacti/spine/etc
/var/www/html/cacti/spine/etc/spine.conf.dist
定义配置文件
[root@cacti ~]# cp /var/www/html/cacti/spine/etc/spine.conf.dist/var/www/html/cacti/spine/etc/spine.conf
[root@cacti ~]# vim /var/www/html/cacti/spine/etc/spine.conf
DB_Host localhost
DB_Database cactidb
DB_User dbuser
DB_Pass 123
DB_Port 3306
启动服务
[root@cacti ~]# /var/www/html/cacti/spine/bin/spine -C/var/www/html/cacti/spine/etc/spine.conf
SPINE: Using spine config file [/var/www/html/cacti/spine/etc/spine.conf]
SPINE: Version 0.8.8a starting
SPINE: Time: 0.7812 s, Threads: 5, Hosts: 3
[root@cacti ~]# echo "/var/www/html/cacti/spine/bin/spine -C/var/www/html/cacti/spine/etc/spine.conf &>/dev/null" >>/etc/rc.local
使用WEB配置cactil轮询器使用spine:
1、控制面板-->设置-->路径-->Spine轮询器路径-->/var/www/html/cacti/spine/bin/spine
AlternatePoller Path
2、控制面板-->设置-->轮询器-->轮询器类型-->spine
[root@cacti ~]# /usr/bin/php /var/www/html/cacti/poller.php
+++++++++++++++监控不同类型的设备(主机|网络设备)++++++++++++++++++++++++
配置cacti监控windows2003
+++++++++++++++定义模板apache|mysql++++++++++++++++++++++
监测Apache服务运行状态
unzip ApacheStats_0.8.2.zip
cp ss_apache_stats.php /var/www/html/cacti/scripts/
点击“Import Templates” 导入模块中的XML文件
监控mysql的性能
1、下载和解压文件
2、把脚本复制至目录
3、从cacti的WEB页面中导入模块中的XML文件(请参照前面apache模板的导入)
4、配置并监控的Mysql数据库,首先我们需要设置一个mysql用户,他需要至少有SUPER和PROCESS两种权限。
5、把账号填入配置文件中
6、打开WEB界面监控mysql服务器
++++++++++++++++++安装cactiEZ----------------------