zabbix加入TCP连接数及状态的监控 一 监控原理: [root@99 nginx]# /bin/netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}' TIME_WAIT 50 FIN_WAIT2 2 ESTABLISHED 6 LISTEN 1 可以使用man netstat查看TCP的各种状态信息描述 ESTABLISHED socket已经建立连接 CLOSED socket没有被使用,无连接 CLOSING 服务器端和客户端都同时关闭连接 CLOSE_WAIT 等待关闭连接 TIME_WAIT 表示收到了对方的FIN报文,并发送出了ACK报文,等待2MSL后就可回到CLOSED状态 LAST_ACK 远端关闭,当前socket被动关闭后发送FIN报文,等待对方ACK报文 LISTEN 监听状态 SYN_RECV 接收到SYN报文 SYN_SENT 已经发送SYN报文 FIN_WAIT1 The socket is closed, and the connection is shutting down FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end. 二 监控脚本: tcp_conn_status.sh,放在zabbix-agent的应用服务器上/usr/local/zabbix/bin/tcp_conn_status.sh #!/bin/bash #this script is used to get tcp and udp connetion status #tcp status metric=$1 tmp_file=/tmp/tcp_status.txt /bin/netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}' > $tmp_file case $metric in closed) output=$(awk '/CLOSED/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; listen) output=$(awk '/LISTEN/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; synrecv) output=$(awk '/SYN_RECV/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; synsent) output=$(awk '/SYN_SENT/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; established) output=$(awk '/ESTABLISHED/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; timewait) output=$(awk '/TIME_WAIT/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; closing) output=$(awk '/CLOSING/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; closewait) output=$(awk '/CLOSE_WAIT/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; lastack) output=$(awk '/LAST_ACK/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; finwait1) output=$(awk '/FIN_WAIT1/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; finwait2) output=$(awk '/FIN_WAIT2/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; *) echo -e "\e[033mUsage: sh $0 [closed|closing|closewait|synrecv|synsent|finwait1|finwait2|listen|established|lastack|timewait]\e[0m" esac 三 zabbix-agent配置 1、修改tcp_conn_status.sh文件权限: chmod o+x /usr/local/zabbix/bin/tcp_conn_status.sh 2、在/usr/local/zabbix/etc目录下,创建文件tcp-status-params.conf vi /usr/local/zabbix/etc/tcp-status-params.conf 3、在tcp-status-params.conf加入以下内容: UserParameter=tcp.status[*],/usr/local/zabbix/bin/tcp_conn_status.sh $1 4、创建日志文件 # vi /tmp/tcp_status.txt # chown zabbix:zabbix tcp_status.txt # chmod 664 tcp_status.txt 5、在/usr/local/zabbix/etc/zabbix_agentd.conf加入以下配置: UserParameter=tcp.status[*],/usr/local/zabbix/bin/tcp_conn_status.sh $1 四 重启zabbix-agent服务 /etc/init.d/zabbix_agentd restart 五 添加监控模板 2.0 2014-12-04T09:41:57Z Templates {Template TCP Connection Status:tcp.status[timewait].last()}>10000 There are too many TCP TIME_WAIT status 0 4 0 TCP Status 900 200 0.0000 100.0000 1 1 0 1 0 0.0000 0.0000 0 0 0 0 0 0 C80000 0 2 0 Template TCP Connection Status tcp.status[closed] 1 0 00C800 0 2 0 Template TCP Connection Status tcp.status[closewait] 2 0 0000C8 0 2 0 Template TCP Connection Status tcp.status[closing] 3 0 C800C8 0 2 0 Template TCP Connection Status tcp.status[established] 4 0 00C8C8 0 2 0 Template TCP Connection Status tcp.status[finwait1] 5 0 C8C800 0 2 0 Template TCP Connection Status tcp.status[finwait2] 6 0 C8C8C8 0 2 0 Template TCP Connection Status tcp.status[lastack] 7 0 960000 0 2 0 Template TCP Connection Status tcp.status[listen] 8 0 009600 0 2 0 Template TCP Connection Status tcp.status[synrecv] 9 0 000096 0 2 0 Template TCP Connection Status tcp.status[synsent] 10 0 960096 0 2 0 Template TCP Connection Status tcp.status[timewait]