Skip to content

Nagios 定义hostescalation控制报警频率

最近上海移动机房在做调整(调到现在还没搞完…都换了几次IP了),导致nagios服务器不能连通应用服务器。 然后nagios每半小时就给我发短信囧,受不了了

1.hostescalation定义格式;蓝色为可选项

define hostescalation{
  host_name host_name
  hostgroup_name hostgroup_name
  contacts contacts
  contact_groups contactgroup_name
  first_notification #
  last_notification #
  notification_interval #
  escalation_period timeperiod_name
  escalation_options [d,u,r]
    }

2.定义hostescalation将报警频率延长 vi /usr/local/nagios/etc/objects/lavida.cfg

define host{ use linux-server,host-pnp host_name lavida alias apply address 192.168.1.2 check_command check-host-alive max_check_attempts 5 check_period 24×7 contact_groups admins notification_interval 60 #正常报警频率改成60分钟 notification_period 24×7 notification_options d,u,r } #第三次到第五次报警频率为120分钟 define hostescalation{ host_name lavida first_notification 3 last_notification 5 notification_interval 120 contact_groups admins } #第6次以后为240分钟一次 define hostescalation{ host_name lavida first_notification 6 #第六次 last_notification 0 #不限次数 notification_interval 240 #4小时,也可以改小成10分钟等 contact_groups admins #可以增加组如:admins,managers }

3.检查nagios配置

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

4.重启nagios

service nagios reload

针对service的定义方法

define serviceescalation{ host_name lavida service_description Root Partition first_notification 6 last_notification 0 notification_interval 240 contact_groups admins }

参考: http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html#hostescalation http://nagios.sourceforge.net/docs/3_0/escalations.html

Posted in Nagios, 技术.

Tagged with .

rev="post-640" No comments

By C1G 2009/05/25

linux下查看nginx,apache,mysql,php的编译参数[转]

转自linuxtone.org 哈密瓜 http://bbs.linuxtone.org/thread-2776-1-1.html

有时候nginx,apache,mysql,php编译完了想看看编译参数可以用以下方法

nginx编译参数: #/usr/local/nginx/sbin/nginx -V

nginx version: nginx/0.6.32 built by gcc 4.1.2 20071124 (Red Hat 4.1.2-42) configure arguments: –user=www –group=www –prefix=/usr/local/nginx/ –with-http_stub_status_module –with-openssl=/usr/local/openssl

apache编译参数:

cat /usr/local/apache2/build/config.nice

#! /bin/sh # # Created by configure “./configure” \ “–prefix=/usr/local/apache2” \ “–with-included-apr” \ “–enable-so” \ “–enable-deflate=shared” \ “–enable-expires=shared” \ “–enable-rewrite=shared” \ “–enable-static-support” \ “–disable-userdir” \ “$@”

php编译参数:

/usr/local/php/bin/php -i |grep configure

Configure Command => ‘./configure’ ‘–prefix=/usr/local/php’ ‘–with-apxs2=/usr/local/apache2/bin/apxs’ ‘–with-config-file-path=/usr/local/php/etc’ ‘–with-mysql=/usr/local/mysql’ ‘–with-libxml-dir=/usr/local/libxml2/bin’ ‘–with-gd=/usr/local/gd2’ ‘–with-jpeg-dir’ ‘–with-png-dir’ ‘–with-bz2’ ‘–with-xmlrpc’ ‘–with-freetype-dir’ ‘–with-zlib-dir’

mysql编译参数:

cat /usr/local/mysql/bin/mysqlbug|grep configure

# This is set by configure CONFIGURE_LINE=”./configure ‘–prefix=/usr/local/mysql’ ‘–localstatedir=/var/lib/mysql’ ‘–with-comment=Source’ ‘–with-server-suffix=-Linuxtone’ ‘–with-mysqld-user=mysql’ ‘–without-debug’ ‘–with-big-tables’ ‘–with-charset=gbk’ ‘–with-collation=gbk_chinese_ci’ ‘–with-extra-charsets=all’ ‘–with-pthread’ ‘–enable-static’ ‘–enable-thread-safe-client’ ‘–with-client-ldflags=-all-static’ ‘–with-mysqld-ldflags=-all-static’ ‘–enable-assembler’ ‘–without-isam’ ‘–without-innodb’ ‘–without-ndb-debug'”

我补充下mysql_config也可以获得编译参数

Posted in Apache, Mysql, Nginx, PHP, 技术.

Tagged with , , , , .

rev="post-631" No comments

By C1G 2009/05/21

mysql 日志记录非法连接

mysql 日志简介

在phpmyadmin的状态页经常会看到”尝试失败”次数 但没有相关的日志可供查看,这里通过修改mysql参数来记录下”尝试失败”的操作。

1.修改my.conf

#默认为1,设为大于1时会记录’Access denied ‘ log-warnings =2 log = /opt/mysql/var/query_log.log

2.restart mysql 注意不是reload

/opt/mysql/bin/mysql.servier restart

3.测试非法用户访问

/opt/mysql/bin/mysql -u abc /opt/mysql/bin/mysql -u test

4.查看日志

tail /opt/mysql/var/query_log.log

或者

cat /opt/mysql/var/query_log.log|grep ‘Access denied’ Tcp port: 3306 Unix socket: /opt/mysql/mysql.sock Time Id Command Argument 090521 11:44:26 1 Connect Access denied for user ‘abc’@’localhost’ (using password: NO) 090521 11:44:51 2 Connect Access denied for user ‘test’@’localhost’ (using password: NO)

结论: 使用telnet 192.168.1.92 3306 或ie 访问192.168.1.92:3306 将不会记录在日志中; 但在phpmyadmin中看到尝试失败次数是统计在内的; 开启query_log会将所有的查询都存起来,所以慎用; 从5.1.6开始通–log-output 参数可以将query_log输出到table;

这一牛人通过改代码让query_log只输出“access denied” http://dev.mysql.com/tech-resources/articles/advanced-bazaar.html

参考 http://dev.mysql.com/doc/refman/5.1/en/server-logs.html

Posted in Mysql, 安全, 技术.

Tagged with , , .

rev="post-624" No comments

By C1G 2009/05/21

mysql 日志简介

1.The error log 错误日志

  • 记录mysql 的启动,运行,关闭,故障等日志
  • 可以mysqld启动时以–log-error[=file_name]指定,默认为数据目录下的host_name.err
  • 执行 FLUSH LOGS 命令后会给error log加上-old 后缀重命名,并创建一个新的空文件
  • 从5.1.20 开始启动时加上 –syslog 参数可以将日志输出至系统日志

执行/opt/mysql/bin/mysql.server restart 命令后的日志片段 cat /opt/mysql/var/localdev.c1gstudio.com.err

090521 11:44:20 [Note] /opt/mysql/libexec/mysqld: Normal shutdown 090521 11:44:20 [Note] Event Scheduler: Purging the queue. 0 events 090521 11:44:20 [Note] /opt/mysql/libexec/mysqld: Shutdown complete 090521 11:44:20 mysqld_safe mysqld from pid file /opt/mysql/var/localdev.c1gstudio.com.pid ended 090521 11:44:20 mysqld_safe Starting mysqld daemon with databases from /opt/mysql/var 090521 11:44:20 [Note] Plugin ‘InnoDB’ disabled by command line option 090521 11:44:20 [Note] Event Scheduler: Loaded 0 events 090521 11:44:20 [Note] /opt/mysql/libexec/mysqld: ready for connections. Version: ‘5.1.26-rc-log’ socket: ‘/opt/mysql/mysql.sock’ port: 3306 Source distribution



2.The general query log 查询日志

  • 记录mysql的连接,查询等sql
  • 可用于排错,优化sql,查看连接情况等

如何开启? 修改my.conf

log = /opt/mysql/var/query_log.log #log-warnings=2 默认1,大于1时记录“access denied”连接

mysql 日志记录非法连接

然后 重启mysql

/opt/mysql/bin/mysql.server restart

浏览phpmyadmin系统变量页面时的日志片段 cat /opt/mysql/var/query_log.log

/opt/mysql/libexec/mysqld, Version: 5.1.26-rc-log (Source distribution). started with: Tcp port: 3306 Unix socket: /opt/mysql/mysql.sock Time Id Command Argument 090521 11:38:22 1 Connect root@localhost on 1 Query SELECT VERSION() 1 Query SET NAMES utf8 1 Query SET collation_connection = ‘utf8_unicode_ci’ 1 Query SET NAMES utf8 1 Query SET collation_connection = ‘utf8_unicode_ci’ 1 Query SHOW SESSION VARIABLES LIKE ‘collation_connection’ 1 Query SHOW SESSION VARIABLES LIKE ‘character_set_connection’ 1 Query SHOW CHARACTER SET 1 Query SHOW COLLATION 1 Query SHOW DATABASES 1 Query SHOW VARIABLES LIKE ‘profiling’ 1 Query SELECT COUNT(*) FROM mysql.user 1 Query SELECT COUNT(*) FROM mysql.user 1 Init DB mysql 1 Query SHOW MASTER LOGS 1 Query SHOW GLOBAL STATUS 1 Query SHOW GLOBAL VARIABLES 1 Query SELECT UNIX_TIMESTAMP() – 5 1 Quit 090521 11:38:29 2 Connect root@localhost on 2 Query SELECT VERSION()



3.The binary log 二进制日志

  • 开启后会在数据目录下产生mysql-bin.000001等
  • 可用过主从复制,备份恢复

恢复时可用以下命令

mysqlbinlog mysql-bin.000007 mysql-bin.000008 | mysql



4.The Slow Query Log 慢查询日志

  • 可记录下大于long_query_time 参数指定时间的sql语句
  • 可用mysqldumpslow 命令来分析
    • 如何开启? 编辑my.conf long_query_time = 8 #单位秒 log-slow-queries = /opt/mysql/var/slow.log #log-queries-not-using-indexes 未使用索引 然后 重启mysql /opt/mysql/bin/mysql.server restart cat /opt/mysql/var/slow.log /opt/mysql/libexec/mysqld, Version: 5.1.26-rc-log (Source distribution). started with: Tcp port: 3306 Unix socket: /opt/mysql/mysql.sock Time Id Command Argument /opt/mysql/libexec/mysqld, Version: 5.1.26-rc-log (Source distribution). started with: Tcp port: 3306 Unix socket: /opt/mysql/mysql.sock Time Id Command Argument # Time: 090505 10:22:46 # User@Host: c1g[c1g] @ localhost [] # Query_time: 9.016973 Lock_time: 0.000332 Rows_sent: 500 Rows_examined: 1107538 use db4; SET timestamp=1241490166; SELECT distinct(c.id) FROM db4_member_p_config c,db4_member_p_f_forjobs j,db4_member_p_global g WHERE c.id = j.id AND c.uid = g.uid AND c.property = ‘1’ AND c.percent >= ’60’ AND g.education >= ‘5’ AND g.lProvince = ’25’ AND g.graduateSchool1 = ’25’ ORDER BY c.lastupdate DESC LIMIT 500; 参考 http://dev.mysql.com/doc/refman/5.1/en/server-logs.html

Posted in Mysql, 技术.

Tagged with , .

rev="post-618" No comments

By C1G 2009/05/21

web应用的安全评估工具简介

ibm appscan AppScan 是一个面向 Web 应用安全检测的自动化工具,使用它可以自动化检测 Web 应用的安全漏洞,比如跨站点脚本攻击(Cross Site Scripting Flaws)、注入式攻击(Injection Flaws)、失效的访问控制(Broken Access Control)、缓存溢出问题(Buffer Overflows)等等。这些安全漏洞大多包括在 OWASP(Open Web Application Security Project,开放式 Web 应用程序安全项目)所公布的 Web 应用安全漏洞中

IBM站点可以免费注册,然后下载相应的版本即可. 商业版大约100万台币,没错是一百万台币,折和人民币20W左右 这里说大概近50W左右 http://www.softwarelist.cn/?fsid=56&id=5302&cpath=ABAI IBM Rational AppScan Enterprise Edition 7.7.654安装程序、破解文件及注册机可升级(已测试)分七个部分,请分别下载然后放到同一文件夹中解压

http://download.csdn.net/source/840431 http://download.csdn.net/source/840498 http://download.csdn.net/source/840544 http://download.csdn.net/source/840569 http://download.csdn.net/source/840606 http://download.csdn.net/source/840643 http://download.csdn.net/source/840657

Hp Webinspect HP Application Security Center软件产品能全面分析现在构建于新一代Web 2.0技术之上的复杂web应用。HP Application Security Center软件应用范围广泛,具有快速扫描功能且能提供准确的Web应用扫描结果。 HP的工具出现误报的几率相对较大 商业版好像也要一百万,不知道啥币种 https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200%5e9570_4000_100__

Acunetix Web Vulnerability

通过网络爬虫测试你的网站安全,检测流行的攻击 ,如交叉站点脚本,sql 注入等。在被黑客攻击前扫描购物车,表格、安全区域和其他Web应用程序。 短小精干,同时速度也快,适合入门级的朋友 商业版一万四左右 http://www.lengmo.net/post/1332/

N-Stalker N-Stalker Web Application Security Scanner是N-Stalker公司研发的一个顶级的安全评估工具。通过与知名的N-Stealth HTTP Security Scanner及其35,000个web攻击签名数据库合并,以及正在申请专利的web应用程序安全评估技术组件,N-Stalker能为你的web应用程序彻底消除大量普遍的安全隐患,包括跨站点的脚本和SQL injection,缓冲溢出,篡改参数攻击等等。 商业版一万四左右 http://www.3ddown.com/soft/32913.htm

google ratproxy google 审计 XSS 的开源工具 http://code.google.com/p/ratproxy/ Ratproxy 工作流程:

1) 运行脚本后,会在本地启动一个代理服务器,默认端口是 8080 ; 2) 浏览器设置这个地址 (http://localhost:8080)为 代理地址 ; 3) 浏览要测试的 Web 页面,进行实际登录,填写表单等操作(这些动作会被代理服务器捕捉并做点”手脚”发给待检测的页面),ratproxy 会在后台记录相关的 Log ; 4) 用 ratproxy 提供的工具解析 Log 并输出 HTML 进行分析; 5) 修正比较严重的问题后,跳回到第一步,直到评估通过为止。

Posted in 安全, 技术.

Tagged with , .

rev="post-614" 2 comments

By C1G 2009/05/20

使用tcpdump 查看mysql 传输是否安全

不要通过Internet传送明文(未加密的)数据。该信息可以被有足够时间和能力来截取它并用于个人目的的任何人访问。相反,应使用加密协议,例如SSL或SSH。MySQL支持内部SSL连接,例如版本 4.0.0。可以使用SSH端口映射为通信创建加密(并压缩)的隧道。

· 学会使用tcpdump和strings工具。在大多数情况下,你可以使用下面的命令检查是否MySQL数据流未加密:

· shell> tcpdump -l -i eth0 -w – src or dst port 3306 | strings (该命令在Linux中可以工作,在其它系统中经过小小的修改后应可以工作)。 警告:如果你没有看见明文数据,并不一定说明信息实际上被加密了。如果你需要较高级别的安全,你应咨询安全专家。

Posted in Linux 命令, Mysql, 安全, 技术.

Tagged with , , .

rev="post-612" No comments

By C1G 2009/05/19

nagios 检查 mysql服务

nagios_plugin安装时正确关联mysql后会在libexec下产生check_mysql文件

/usr/local/nagios/libexec/check_mysql -h check_mysql v2034 (nagios-plugins 1.4.13) Copyright (c) 1999-2007 Nagios Plugin Development Team This program tests connections to a mysql server Usage: check_mysql [-d database] [-H host] [-P port] [-s socket] [-u user] [-p password] [-S] Options: -h, –help Print detailed help screen -V, –version Print version information -H, –hostname=ADDRESS Host name, IP Address, or unix socket (must be an absolute path) -P, –port=INTEGER Port number (default: 3306) -s, –socket=STRING Use the specified socket (has no effect if -H is used) -d, –database=STRING Check database with indicated name -u, –username=STRING Connect using the indicated username -p, –password=STRING Use the indicated password to authenticate the connection ==> IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!!

创建nagdb空数据库和naguser用户

create database nagemptydb; GRANT select ON nagemptydb.* TO naguser@localhost identified by ‘password123’; FLUSH PRIVILEGES ;

测试check_mysql

sudo -u nagios /usr/local/nagios/libexec/check_mysql -H localhost -u naguser -d nagemptydb -p password123 Uptime: 45850 Threads: 1 Questions: 493233 Slow queries: 0 Opens: 159 Flush tables: 1 Open tables: 153 Queries per second avg: 10.757

修改被子监控机nrpe.cfg增加监控命令 vi /usr/local/nagios/etc/nrpe.cfg

command[check_mysql_status]=/usr/local/nagios/libexec/check_mysql -H localhost -u naguser -d nagemptydb -p ‘password123’

重启被监控机nrpe

ps aux |grep nrpe kill $pid /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

监控机polo.cfg增加 vi /etc/local/nagios/etc/objects/polo.cfg

define service{ use local-service ; Name of service template to use host_name polo service_description mysql_status check_command check_nrpe!check_mysql_status notifications_enabled 0 }

重载入监控机nagios

service nagios reload

访问http://localhost/nagios的service detail

mysql_status Notifications for this service have been disabled PENDING N/A 0d 0h 0m 35s+ 1/4 Service check scheduled for Tue May 19 15:01:30 CST 2009

等一会

mysql_status Notifications for this service have been disabled OK 05-19-2009 15:01:30 0d 0h 1m 5s 1/4 Uptime: 46758 Threads: 1 Questions: 513579 Slow queries: 0 Opens: 160 Flush tables: 1 Open tables: 154 Queries per second avg: 10.983

Posted in Nagios, 技术.

Tagged with , , .

rev="post-602" 3 comments

By C1G 2009/05/19

tmpwatch 让 /tmp 目录下文件异常丢失

今天服务器上/tmp下的php上传目录upload又没了,不是第一次了,郁闷的很

google下后找到原因,原来是tmpwath干的好事。

cat /etc/cron.daily/tmpwatch tmpwatch 文件内容

/usr/sbin/tmpwatch -x /tmp/.X11-unix -x /tmp/.XIM-unix -x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix 240 /tmp /usr/sbin/tmpwatch 720 /var/tmp for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do if [ -d “$d” ]; then /usr/sbin/tmpwatch -f 720 $d fi done

系统每天会用tmpwatch命令检查并删除 /tmp 下超过240小时未访问过的文件和目录

tmpwatch简介

功能说明:删除暂存文件。 语  法:tmpwatch [-afqv][–test][超期时间][目录…] 补充说明:执行tmpwatch指令可删除不必要的暂存文件,您可以设置文件超期时间,单位以小时计算。 参  数:  -a或–all  删除任何类型的文件。  -f或–force  强制删除文件或目录,其效果类似rm指令的”-f”参数。  -q或–quiet  不显示指令执行过程。  -v或–verbose  详细显示指令执行过程。  -test  仅作测试,并不真的删除文件或目录。

php.ini中设置

#临时文件的上传目录 upload_tmp_dir = “/tmp/upload” #session 分采用分级目录 session.save_path = “1;/tmp/session” ; 4 bits: 0-9, a-f ; 5 bits: 0-9, a-v ; 6 bits: 0-9, a-z, A-Z, “-“, “,” session.hash_bits_per_character = 4

解决方法 -x 可以排除删除某些目录 -d 可以不删除空目录

/usr/sbin/tmpwatch -x /tmp/.X11-unix -x /tmp/.XIM-unix -x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix -x /tmp/session -x /tmp/upload 240 /tmp /usr/sbin/tmpwatch 720 /var/tmp for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do if [ -d “$d” ]; then /usr/sbin/tmpwatch -f 720 $d fi done

参考: http://haka.sharera.com/blog/BlogTopic/21687.htm

http://linux.chinaunix.net/bbs/archiver/?tid-979112.html

Posted in Linux 命令, PHP, 技术.

Tagged with .

rev="post-600" 3 comments

By C1G 2009/05/15

as4 升级默认python-2.3.4-14.4到2.6.2

RHEL 4 自带的Python有点旧了,为python-2.3.4-14.4版本的,所以决定升级到最新版本2.6.2。

rpm -qa |grep python

gnome-python2-2.6.0-3 mod_python-3.1.3-5 python-devel-2.3.4-14 libxml2-python-2.6.16-6 rpm-python-4.3.3-7_nonptl gnome-python2-bonobo-2.6.0-3 dbus-python-0.22-11.EL python-ldap-2.0.1-2 python-2.3.4-14 gnome-python2-canvas-2.6.0-3 MySQL-python-1.0.0-1.RHEL4.1

如果用

rpm -e python-2.3.4-14.4

是删除不了的,因为有程序依赖性的问题。

  1. 下载最新源代码包
wget http://www.python.org/ftp/python/2.6.2/Python-2.6.2.tar.bz2 tar jxvf Python-2.6.2.tar.bz2 cd Python-2.6.2
  1. 安装 (原始目录为/usr,以前的ptyhon可能有依赖关系,安装在新目录)
./configure –prefix=/usr/local make make install
  1. 创建链接
mv /usr/bin/python /usr/bin/python_bak (保存原来的版本) ln -s /usr/local/bin/python /usr/bin
  1. 测试效果
python

Python 2.6.2 (r262:71600, May 13 2009, 14:52:27) [GCC 3.4.6 20060404 (Red Hat 3.4.6-9)] on linux2 Type “help”, “copyright”, “credits” or “license” for more information.

参考: http://bbs2.chinaunix.net/archiver/tid-1266412.html

Posted in linux 维护优化, 技术.

Tagged with .

rev="post-588" 4 comments

By C1G 2009/05/13

Nagios 通过snmp检查网卡流量

google一下snmp的漏洞,避免下载到未打补丁的版本

Net-SNMP远程绕过认证漏洞 受影响系统: Net-SNMP net-snmp 5.4.x Net-SNMP net-snmp 5.3.x Net-SNMP net-snmp 5.2.x

不受影响系统: Net-SNMP net-snmp 5.4.1.1 Net-SNMP net-snmp 5.3.2.1 Net-SNMP net-snmp 5.2.4.1

检查有无安装snmp

rpm -qa|grep snmp

下载net-snmp http://www.net-snmp.org/download.html http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-5.4.2.1-1.f9.i386.rpm http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-devel-5.4.2.1-1.f9.i386.rpm http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-perlmods-5.4.2.1-1.f9.i386.rpm

安装snmp

rpm -ivh net-snmp-*.rpm

error: Failed dependencies: libc.so.6(GLIBC_2.4) is needed by net-snmp-5.4.2.1-1.i386 libc.so.6(GLIBC_2.7) is needed by net-snmp-5.4.2.1-1.i386 librpm-4.4.so is needed by net-snmp-5.4.2.1-1.i386 librpmio-4.4.so is needed by net-snmp-5.4.2.1-1.i386

检查glib版本

rpm -qa | grep glibc

glibc-2.3.4-2 glibc-common-2.3.4-2 glibc-kernheaders-2.4-9.1.87 glibc-devel-2.3.4-2 glibc-headers-2.3.4-2

glibc升级风险比较大,改用soure编译

先安装beecrypt

wget http://downloads.sourceforge.net/beecrypt/beecrypt-4.1.2.tar.gz tar zxvf beecrypt-4.1.2.tar.gz cd beecrypt-4.1.2 ./configure –prefix=/usr make

_bc-py.c:8:20: Python.h: No such file or directory

rpm -qa|grep python

rpm-python-4.3.3-18_nonptl gnome-python2-bonobo-2.6.0-3 python-2.3.4-14.2 libxml2-python-2.6.16-6 python-elementtree-1.2.6-4.2.1 python-sqlite-1.1.7-1.2 gnome-python2-2.6.0-3 gnome-python2-canvas-2.6.0-3 mod_python-3.1.3-5.1 dbus-python-0.22-12.EL.7 MySQL-python-1.0.0-1.RHEL4.1 python-urlgrabber-2.9.8-2

没有python-devel,升级下python https://blog.c1gstudio.com/archives/588

重新make make make install

更新动态库

ldconfig -v ln -s /lib/libelf.so.1 /usr/lib/libelf.so

安装net-snmp

wget http://nchc.dl.sourceforge.net/sourceforge/net-snmp/net-snmp-5.4.2.1.tar.gz tar zxvf net-snmp-5.4.2.1.tar.gz cd net-snmp-5.4.2.1 ./configure -enable-mfd-rewrites -with-default-snmp-version=”2″ -with-sys-contact=”admin” -with-sys-location=”China” -with-logfile=”/var/log/snmpd.log” -with-persistent-directory=”/var/net-snmp”

编译的输出

SNMP Versions Supported: 1 2c 3 Net-SNMP Version: 5.4.2.1 Building for: linux Network transport support: Callback Unix TCP UDP SNMPv3 Security Modules: usm Agent MIB code: default_modules => snmpv3mibs mibII ucd_snmp notification notification-log-mib target agent_mibs agentx disman/event disman/schedule utilities host Embedded Perl support: enabled SNMP Perl modules: building — embeddable SNMP Python modules: disabled Authentication support: MD5 SHA1 Encryption support: DES AES make

安装出错

grep: /usr/lib/libbeecrypt.la: No such file or directory /bin/sed: can’t read /usr/lib/libbeecrypt.la: No such file or directory libtool: link: `/usr/lib/libbeecrypt.la’ is not a valid libtool archive #请安装beecrypt /usr/bin/ld: cannot find -lelf collect2: ld returned 1 exit status #ln -s libelf.so.1 /usr/lib/libelf.so make install ldconfig -v

community string 网络设备在使用SNMP中都设有community string,它类似于简单的口令验证机制,用来确认是否具有可读或读写的权限。许多用户在购买设备以来,从未修改系统缺省的community string,因此非授权用户使用缺省口令就可以对重要的系统信息、设备的状态等进行修改。 将”COMMUNITY”字段改为你要设置的密码.比如”public”或privatepass. 将“localhost”改为你想哪台机器可以看到你的snmp信息,如localhost或10.10.10.10。

SNMP的版本 在SNMP协议得益于重大升级,因为在1988年推出。 不幸的是,很大比例的网络内容供应商,甚至一些网络管理系统厂商都没有利用这些改进。 许多网络元素只支持SNMPv1和SNMPv2c 。 支持SNMPv3的是最小的。 版本 描述 SNMPv1 SNMPv1 ,其中实施以社区为基础的安全 SNMPv2c SNMPv2以社区为基础的安全 SNMPv2u SNMPv2与基于用户的安全 SNMPv2 SNMPv2党为基础的安全 SNMPv3安全机制 SNMPv3安全机制,而实现基于用户的安全

配置snmp

mkdir /usr/local/etc/snmp cp EXAMPLE.conf /usr/local/etc/snmp/snmpd.conf vi usr/local/etc/snmp/snmpd.conf # sec.name source community com2sec local localhost privatepass #com2sec mynetwork NETWORK/24 public #### # Second, map the security names into group names: # sec.model sec.name #group MyRWGroup v1 local #group MyRWGroup v2c local #group MyRWGroup usm local #group MyROGroup v1 mynetwork #group MyROGroup v2c mynetwork #group MyROGroup usm mynetwork group MyROGroup v1 local group MyROGroup v2c local #### # Third, create a view for us to let the groups have rights to: # incl/excl subtree mask #view all included .1 80 view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc #### # Finally, grant the 2 groups access to the 1 view with different # write permissions: # context sec.model sec.level match read write notif access MyROGroup “” any noauth exact mib2 none none #access MyRWGroup “” any noauth exact all all none

 

#启动 /usr/local/sbin/snmpd #加入启动 echo ‘/usr/local/sbin/snmpd’ >> /etc/rc.local #查看161端口是否开启 netstat -ano|grep 161 #测试 snmpwalk -v 1 -c privatepass localhost system

SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST 2005 i686 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2612) 0:00:26.12 SNMPv2-MIB::sysContact.0 = STRING: Me SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain SNMPv2-MIB::sysLocation.0 = STRING: Right here, right now. SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance SNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance SNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup SNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB. SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching. SNMPv2-MIB::sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model. SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations SNMPv2-MIB::sysORDescr.8 = STRING: View-based Access Control Model for SNMP. SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.7 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.8 = Timeticks: (0) 0:00:00.00

snmp安装完毕

安装check_traffic脚本 下载check_traffic_v1.1.6.zip脚本 http://www.itnms.net/discuz/viewthread.php?tid=767&extra=pageD1&page=1 上传./check_traffic.sh 至/usr/local/nagios/libexec

cd /usr/local/nagios/libexec/ chown nagios:nagios ./check_traffic.sh chmod 755 ./check_traffic.sh

用 -L选项列出对应主机所有的interface,来确定你要监控的网络接口(如果能你确认接口的index值,这一步可以省略)。 通过输出,我们确认要监控的网络接口为4,对应为”Macronix MX98715-Based Ethernet Adapter (Generic) – 数据包计划程序微型端口”

./check_traffic.sh -V 2c -C privatepass -H localhost -L

List Interface for host localhost. Interface index 1 orresponding to lo Interface index 2 orresponding to eth0 Interface index 3 orresponding to eth1 Interface index 4 orresponding to sit0

按照说明,选择版本为2c(一般选择1或者2c),community为privatepass,interface为2,单位为KB/s,in流量对应warning/critical值为200/400,out流量对应warning/critical值为300/500.

sudo -u nagios ./check_traffic.sh -V 2c -C privatepass -H localhost -I 2 -w12,30 -c15,50 -K -b

Can not found data in the history data file. If it’s the first time for this plugins, that’s OK. Otherwise,please use debug mode and check the debug file.

第一次执行,因为history data file不存在,因此会由此提示,可以忽略。 如果每次执行都忽略,则要检查/var/tmp下是否有/var/tmp/checktraffic${Host}_${Interface}.hist_dat文件生成。 文件的内容是系统当前的时间,in及out当前的数值。

nagios监控本机的配置 修改/usr/local/nagios/etc/objects/commands.cfg,增下以下内容

define command{ command_name check_traffic_nv command_line $USER1$/check_traffic.sh -V 2c -C privatepass -H localhost -I $ARG1$ -w $ARG2$ -c $ARG3$ -M -b }

修改/usr/local/nagios/etc/objects/localhost.cfg,增下以下内容

define service{ use local-service,srv-pnp ; Name of service template to use host_name nagios service_description check_nv_traffic_eth0 check_command check_traffic_nv!2!12,30!15,35 notifications_enabled 0 normal_check_interval 5 ;5分钟 retry_interval 1 ;1分钟 }

  nagios监控远程机的配置

修改/usr/local/nagios/etc/objects/remotehost.cfg,增下以下内容

define service{ use local-service,srv-pnp ; Name of service template to use host_name nagios service_description check_nv_traffic_eth0 check_command check_nrpe!check_traffic_nv notifications_enabled 0 normal_check_interval 5 ;5分钟 retry_interval 1 ;1分钟 }

修改/usr/local/nagios/etc/nrpe.cfg增加以下内容

command[check_traffic_nv]=/usr/local/nagios/libexec/check_traffic_nv.sh -V 2c -C privatepass -H localhost -I 2 -w 12,30 -c 15,35 -M -b

访问http://localhost/nagios 点击Service Detail 点击check_nv_traffic_eth0服务旁的小太阳 等5分钟后就可以看到图表

which: no snmpwalk in (/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin) 如果check_nv_traffic_eth0服务报找不到snmpwalk.

ln -s /usr/local/bin/snmpwalk /usr/bin/snmpwalk

有时我作的软链接会丢失,挺奇怪的。。。

===================== 2014-09-24更新 固定网卡顺序 https://blog.c1gstudio.com/archives/1703

Posted in Nagios, 技术.

Tagged with , , .

rev="post-579" 6 comments

By C1G 2009/05/12