nagios.html
Nagios監控服務
nagios監控的主要內容:
- 本地資源:負載uptime,CPU(top,sar),磁盤(df),內存(free),io,raid級別,溫度,passwd文件的變化,本地所有文件指紋識別
- 網絡服務:端口,URL,丟包,進程數,網絡流量
- 其他設備:交換機端口流量,路由器,打印機,windows等
- 業務數據:用戶登陸失敗次數,用戶登陸網站次數,輸入驗證碼失敗次數,某個API接口流量並發,網站訂單,支付交易數量
- 監控軟件本身僅僅是一個平台,我們想監控的內容,理論上只要在服務器命令行可以獲取到就可以被監控軟件監控
nagios主要功能
- 網絡服務監控(SMTP、POP3、HTTP、NNTP、ICMP、SNMP、FTP、SSH)
- 主機資源監控(CPU load、disk usage、system logs),也包括Windows主機(使用NSClient++ plugin)
- 可以指定自己編寫的Plugin通過網絡收集數據來監控任何情況(溫度、警告……)
- 可以通過配置Nagios遠程執行插件遠程執行腳本
- 遠程監控支持SSH或SSL加通道方式進行監控
- 簡單的plugin設計允許用戶很容易的開發自己需要的檢查服務,支持很多開發語言(shell scripts、C++、Perl、ruby、Python、PHP、C#等)
- 包含很多圖形化數據Plugins(Nagiosgraph、Nagiosgrapher、PNP4Nagios等)
- 可並行服務檢查
- 能夠定義網絡主機的層次,允許逐級檢查,就是從父主機開始向下檢查
- 當服務或主機出現問題時發出通告,可通過email, pager, sms 或任意用戶自定義的plugin進行通知
- 能夠自定義事件處理機制重新激活出問題的服務或主機
- 自動日志循環
- 支持冗余監控
- 包括Web界面可以查看當前網絡狀態,通知,問題歷史,日志文件等
nagios主要組成部分
主程序Nagios+插件Nagios-plugins和一些可選的附加程序(NRPE、NSClient++、NSCA)等
- 服務器端必須安裝nagios主程序和nagios-plugins
- 客戶端必須安裝nagios-plugins
- NRPE半被動模式:工作於被監控端,用於在被監控的遠程linux主機上執行腳本插件獲取數據回傳給監控端,以實現對這些主機資源的監控,守護進程開啟端口5666
NRPE運行原理
Nagios 通過NRPE 來遠端管理服務
-
Nagios 執行安裝在它里面的check_nrpe 插件,並告訴check_nrpe 去檢測哪些服務。
-
通過SSL,check_nrpe 連接遠端機子上的NRPE daemon
-
NRPE 運行本地的各種插件去檢測本地的服務和狀態(check_disk,..etc)
-
最后,NRPE 把檢測的結果傳給主機端的check_nrpe,check_nrpe 再把結果送到Nagios狀態隊列中。
-
Nagios 依次讀取隊列中的信息,再把結果顯示出來。
nagios服務端安裝
安裝部署LAMP環境
[root@localhost ~]# yum install gcc php httpd php-gd gd gd-devel mysql* -y
ntpdate統一系統時間
[root@localhost ~]# ntpdate cn.pool.ntp.org
2 Aug 21:34:56 ntpdate[1533]: step time server 110.75.186.249 offset 2631012.350036 sec
安裝nagios的相關依賴庫文件
[root@localhost ~]# yum install -y gcc glibc glibc-common gd gd-devel xinetd openssl-devel unzip
創建安裝目錄和用戶組並且授權
(因為nagios配置文件中默認安裝目錄是/usr/local/nagios為了避免不必要的修改)
[root@localhost ~]# mkdir /usr/local/nagios
[root@localhost ~]# useradd nagios -s /sbin/nologin -M
[root@localhost ~]# chown nagios:nagios /usr/local/nagios/
[root@localhost ~]# ll -d /usr/local/nagios/
drwxr-xr-x 2 nagios nagios 4096 Jul 3 10:41 /usr/local/nagios/
編譯安裝nagios
[root@localhost ~]# tar zxvf nagios-4.2.0.tar.gz
[root@localhost nagios-4.2.0]# ./configure --prefix=/usr/local/nagios/
*** Configuration summary for nagios 4.2.0 08-01-2016 ***:
General Options:
-------------------------
Nagios executable: nagios
Nagios user/group: nagios,nagios
Command user/group: nagios,nagios
Event Broker: yes
Install ${prefix}: /usr/local/nagios
Install ${includedir}: /usr/local/nagios/include/nagios
Lock file: ${prefix}/var/nagios.lock
Check result directory: ${prefix}/var/spool/checkresults
Init directory: /etc/rc.d/init.d
Apache conf.d directory: /etc/httpd/conf.d
Mail program: /bin/mail
Host OS: linux-gnu
IOBroker Method: epoll
Web Interface Options:
------------------------
HTML URL: http://localhost/nagios/
CGI URL: http://localhost/nagios/cgi-bin/
Traceroute (used by WAP):
Review the options above for accuracy. If they look okay,
type 'make all' to compile the main program and CGIs.
[root@localhost nagios-4.2.0]# make all #此過程中報錯記得安裝unzip
*** Compile finished ***
If the main program and CGIs compiled without any errors, you
can continue with installing Nagios as follows (type 'make'
without any arguments for a list of all possible options):
make install
- This installs the main program, CGIs, and HTML files
make install-init
- This installs the init script in /etc/rc.d/init.d
make install-commandmode
- This installs and configures permissions on the
directory for holding the external command file
make install-config
- This installs *SAMPLE* config files in /usr/local/nagios/etc
You'll have to modify these sample files before you can
use Nagios. Read the HTML documentation for more info
on doing this. Pay particular attention to the docs on
object configuration files, as they determine what/how
things get monitored!
make install-webconf
- This installs the Apache config file for the Nagios
web interface
make install-exfoliation
- This installs the Exfoliation theme for the Nagios
web interface
make install-classicui
- This installs the classic theme for the Nagios
web interface
###### 整個安裝過程如下:
./configure --prefix=/usr/local/nagios/
make all
make all
make install
make install-init
make install-commandmode
make install-config
make install-webconf
檢查是否生成了對應httpd的web配置文件
[root@localhost ~]# ls -al /etc/httpd/conf.d/
total 24
drwxr-xr-x 2 root root 4096 Aug 2 21:41 .
drwxr-xr-x 4 root root 4096 Jul 3 10:37 ..
-rw-r--r-- 1 root root 1679 Aug 2 21:41 nagios.conf
-rw-r--r-- 1 root root 674 May 10 17:42 php.conf
-rw-r--r-- 1 root root 392 May 11 15:29 README
-rw-r--r-- 1 root root 299 Feb 4 02:40 welcome.conf
查看nagios.conf文件確認需要創建網站登陸用戶和密碼文件
登陸名最好設置為nagios默認的nagiosadmin,文件為htpasswd.users
[root@localhost ~]# vim /etc/httpd/conf.d/nagios.conf
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file. Customize the paths, etc. as
# needed to fit your system.
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
# Require host 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
[root@localhost ~]# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin
安裝nagios-plugin
tar zxvf nagios-plugins-2.1.2.tar.gz
cd nagios--p
cd nagios-plugins-2.1.2
./configure --prefix=/usr/local/nagios/
make && make install
啟動nagios服務和httpd服務
[root@localhost ~]# /etc/init.d/httpd start
[root@localhost ~]# /etc/init.d/nagios start
[root@localhost ~]# chkconfig httpd on
[root@localhost ~]# chkconfig nagios on
登陸網頁localhost/nagios輸入用戶名和密碼進入網站
NRPE服務安裝
編譯安裝
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd
修改守護進程
在only from處添加監控主機的IP地址
[root@localhost nrpe-2.13]# vim /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1,192.168.10.7
}
在/etc/services中添加nrpe和端口號
確認已經監聽5666端口,服務端安裝nrpe不需要添加主機ip,客戶機需要添加主機ip
[root@localhost nrpe-2.13]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@localhost nrpe-2.13]# netstat -lntup | grep 5666
tcp 0 0 :::5666 :::* LISTEN 26483/xinetd
nagios客戶端安裝配置
安裝依賴文件
[root@server2 ~]# yum install gcc openssl openssl-devel xinetd unzip -y
服務器時間同步
[root@server2 ~]# ntpdate cn.pool.ntp.org
2 Aug 22:18:37 ntpdate[1466]: step time server 120.25.108.11 offset 146310.412101 sec
創建安裝路徑和用戶
[root@server2 ~]# mkdir /usr/local/nagios
[root@server2 ~]# useradd nagios -s /sbin/nologin -M
[root@server2 ~]# chown nagios:nagios /usr/local/nagios/
[root@server2 ~]# ll -d /usr/local/nagios/
drwxr-xr-x 2 nagios nagios 4096 Aug 2 22:19 /usr/local/nagios/
安裝nagios-plugins
[root@server2 nagios-plugins-2.1.2]# tar zxvf nagios-plugins-2.1.2.tar.gz
[root@server2 nagios-plugins-2.1.2]# cd nagios-plugins-2.1.2
[root@server2 nagios-plugins-2.1.2]# ./configure --prefix=/usr/local/nagios/
[root@server2 nagios-plugins-2.1.2]# make && make install
編譯安裝NRPE
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd
修改守護進程
在only from處添加監控主機的IP地址
[root@localhost nrpe-2.13]# vim /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 192.168.10.7
}
在/etc/services中添加nrpe和端口號
確認已經監聽5666端口,服務端安裝nrpe不需要添加主機ip,客戶機需要添加主機ip
[root@localhost nrpe-2.13]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@localhost nrpe-2.13]# netstat -lntup | grep 5666
tcp 0 0 :::5666 :::* LISTEN 26483/xinetd
generated by haroopad