一、介紹:
由於生產環境中Nginx訪問日志很多,我們需要隨時監控Nginx服務器返回的狀態碼,方便我們能及時定位相關問題。
以下是按照分鍾對數據進行抓取
二、Zabbix_Agentd創建監控腳本
1) 創建腳本之前核對Nginx的日志格式;
我這里Nginx日志格式如下,使用 "" 分割日志參數。
log_format main ' $http_x_forwarded_for" "$remote_user" "[$time_local]" "$request"' ' "$status" "$body_bytes_sent" "$http_referer"' ' "$http_user_agent" "$remote_addr" "$gzip_ratio"' ' "$upstream_addr" "$request_time" "$upstream_response_time" "$http_host"'; access_log logs/access.log main;
輸出日志格式如下:
root@mycentos scripts]# cat /var/log/nginx/access.log | tail -n10
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:42 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:42 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:42 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:42 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "159.138.9.157" "-" "-" "0.000" "-" "159.138.9.157"
2) 創建日志監控腳本:
vim /usr/local/zabbix/scripts/ngx_logs.sh
#!/usr/bin/env bash # ----------------------------------- # Script name : nginx logs status code monitor # Author : xiaoyige # Contact me : xiaoyige@qq.com # Last Modified : Jun, 18th, 2020 # ----------------------------------- [ ! -d /tmp/nginx ] && mkdir /tmp/nginx LOG_PATH=/var/log/nginx/access.log #Nginx日志路徑,根據自己Nginx日志路徑進行修改 LOG_TEMP=/tmp/nginx/nginx_last_min.log #Nginx上一分鍾文件 LOG_STAT=/tmp/nginx/nginx_stat.txt #Nginx狀態碼文件 LAST_MIN=`date -d "1 minute ago" +%Y:%H:%M` #獲取上一分鍾值 tail -1000 ${LOG_PATH} | grep "${LAST_MIN}" > ${LOG_TEMP} #tail 1000行數據然后進行過濾上一分鍾,如果請求量較大則加大行數,過濾后將數據重定向到上一分鍾文件中 cat ${LOG_TEMP} | awk -F '" "' '{print $5}' | sort | uniq -c | sort -rn > ${LOG_STAT} #過濾上一分鍾文件的狀態碼並對狀態碼進行排序去重然后顯示狀態碼次數 # 備注 awk -F '" "' '{print $5}' 需要根據自己日志輸出情況具體分析, #200 Code #過濾臨時文件中狀態碼等於200的值然后打印其次數后賦值給c_200,然后重定向到/tmp/nginx/nginx_200.txt,如果其值為空,則賦值為0后重定向到/tmp/nginx/nginx_200.txt c_200=`cat ${LOG_STAT} | awk '$2==200{print $1}'`;[ -z ${c_200} ] && c_200=0;echo ${c_200} > /tmp/nginx/nginx_200.txt c_202=`cat ${LOG_STAT} | awk '$2==202{print $1}'`;[ -z ${c_202} ] && c_202=0;echo ${c_202} > /tmp/nginx/nginx_202.txt #300 Code c_301=`cat ${LOG_STAT} | awk '$2==301{print $1}'`;[ -z ${c_301} ] && c_301=0;echo ${c_301} > /tmp/nginx/nginx_301.txt c_302=`cat ${LOG_STAT} | awk '$2==302{print $1}'`;[ -z ${c_302} ] && c_302=0;echo ${c_302} > /tmp/nginx/nginx_302.txt c_304=`cat ${LOG_STAT} | awk '$2==304{print $1}'`;[ -z ${c_304} ] && c_304=0;echo ${c_304} > /tmp/nginx/nginx_304.txt #400 Code c_400=`cat ${LOG_STAT} | awk '$2==400{print $1}'`;[ -z ${c_400} ] && c_400=0;echo ${c_400} > /tmp/nginx/nginx_400.txt c_403=`cat ${LOG_STAT} | awk '$2==403{print $1}'`;[ -z ${c_403} ] && c_403=0;echo ${c_403} > /tmp/nginx/nginx_403.txt c_404=`cat ${LOG_STAT} | awk '$2==404{print $1}'`;[ -z ${c_404} ] && c_404=0;echo ${c_404} > /tmp/nginx/nginx_404.txt c_405=`cat ${LOG_STAT} | awk '$2==405{print $1}'`;[ -z ${c_405} ] && c_405=0;echo ${c_405} > /tmp/nginx/nginx_405.txt #500 Code c_502=`cat ${LOG_STAT} | awk '$2==502{print $1}'`;[ -z ${c_502} ] && c_502=0;echo ${c_502} > /tmp/nginx/nginx_502.txt c_503=`cat ${LOG_STAT} | awk '$2==503{print $1}'`;[ -z ${c_503} ] && c_503=0;echo ${c_503} > /tmp/nginx/nginx_503.txt c_504=`cat ${LOG_STAT} | awk '$2==504{print $1}'`;[ -z ${c_504} ] && c_504=0;echo ${c_504} > /tmp/nginx/nginx_504.txt #以下來定義函數方便 UserParameter 調用 function c_200 { cat /tmp/nginx/nginx_200.txt } function c_202 { cat /tmp/nginx/nginx_202.txt } function c_301 { cat /tmp/nginx/nginx_301.txt } function c_302 { cat /tmp/nginx/nginx_302.txt } function c_304 { cat /tmp/nginx/nginx_304.txt } function c_400 { cat /tmp/nginx/nginx_400.txt } function c_403 { cat /tmp/nginx/nginx_403.txt } function c_404 { cat /tmp/nginx/nginx_404.txt } function c_405 { cat /tmp/nginx/nginx_405.txt } function c_502 { cat /tmp/nginx/nginx_502.txt } function c_503 { cat /tmp/nginx/nginx_503.txt } function c_504 { cat /tmp/nginx/nginx_504.txt } $1
3) 修改權限屬性
如果你的zabbix使用zabbix用戶進啟動的按照下面進行修改權限 chown -Rf zabbix.zabbix /usr/local/zabbix/scripts/ngx_logs.sh chmod u+x /usr/local/zabbix/scripts/ngx_logs.sh 如果zabbix是使用root用戶創建的 chmod +x /usr/local/zabbix/scripts/ngx_logs.sh
創建Nginx日志鍵值
vim /etc/zabbix/zabbix_agentd.d/userparameter_ngx_logs.conf UserParameter=ngx.logs[*],/usr/local/zabbix/scripts/ngx_logs.sh $1
重啟zabbix-agent
systemctl resart zabbix-agent
4)測試數據獲取
1.本地測試數據獲取
/usr/local/zabbix/scripts/ngx_logs.sh c_200 28 /usr/local/zabbix/scripts/ngx_logs.sh c_202 0 /usr/local/zabbix/scripts/ngx_logs.sh c_301 0 /usr/local/zabbix/scripts/ngx_logs.sh c_302 2 /usr/local/zabbix/scripts/ngx_logs.sh c_304 14 /usr/local/zabbix/scripts/ngx_logs.sh c_400 0 /usr/local/zabbix/scripts/ngx_logs.sh c_403 1 /usr/local/zabbix/scripts/ngx_logs.sh c_404 0 /usr/local/zabbix/scripts/ngx_logs.sh c_405 0 /usr/local/zabbix/scripts/ngx_logs.sh c_502 0 /usr/local/zabbix/scripts/ngx_logs.sh c_503 0 /usr/local/zabbix/scripts/ngx_logs.sh c_504 0
三、Zabbix_Web創建模板及監控項
1)創建模板
主頁點擊配置 ------> 模板------>創建模板
2)創建應用集
3)創建監控項
進入模板后------->監控項-------->創建監控項
創建好后如下:
4)創建觸發器
對進程監控添加觸發器,觸發器——》創建觸發器
填入觸發器名稱,此名稱是告警出的信息——》選擇嚴重性——》添加表達式——》我這里是使用了last函數最新的值如果大於15則觸發告警,恢復表達式為last函數最新的至小於15則恢復告警。
創建好后如下:
5)創建圖形
把Nginx日志監控項放在圖形中
6)主機嵌套模板
配置——>主機——>進入需要監控Nginx性能的主機——>模板——>添加模板——>選中我們創建的模板
7)查看數據
監測——》最新數據——》選中節點——》選中應用集
通過圖形查看數據:
