zabbix自定义监控进程、日志文件

zabbix自定义监控进程

在客户端安装httpd服务

[root@node1 ~]# yum -y install httpd
[root@node1 ~]# systemctl start httpd
[root@node1 ~]# ss -antl
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port    Process    
LISTEN    0         128                0.0.0.0:22               0.0.0.0:*                  
LISTEN    0         4096               0.0.0.0:10050            0.0.0.0:*                  
LISTEN    0         128                   [::]:22                  [::]:*                  
LISTEN    0         511                      *:80                     *:*                 

编写脚本(检查服务进程)

[root@node1 ~]# mkdir /scripts
[root@node1 ~]# touch /scripts/check_process.sh
[root@node1 ~]# vim /scripts/check_process.sh 
[root@node1 ~]# cat /scripts/check_process.sh 
#!/bin/bashcount=$(ps -ef |grep -Ev "grep|$0"|grep $1|wc -l)echo $count
[root@node1 ~]# chmod +x /scripts/check_httpd.sh 
[root@node1 ~]# /scripts/check_process.sh httpd
5

开启自定义监控功能

[root@node1 ~]# cd /usr/local/etc/
[root@node1 etc]# ls
zabbix_agentd.conf  zabbix_agentd.conf.d
[root@node1 etc]# vim zabbix_agentd.conf
UnsafeUserParameters=1   /修改0为1
UserParameter=check_process[*],/scripts/check_process.sh $1   /添加此行
重启服务
[root@node1 ~]# systemctl restart zabbix_agentd
[root@node1 ~]# ss -antl
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port    Process    
LISTEN    0         128                0.0.0.0:22               0.0.0.0:*                  
LISTEN    0         4096               0.0.0.0:10050            0.0.0.0:*                  
LISTEN    0         128                   [::]:22                  [::]:*                  
LISTEN    0         511                      *:80                     *:*                 

在服务端上查看

[root@zabbix ~]# zabbix_get -s 192.168.159.147 -k check_process["httpd"]
5
[root@zabbix ~]# zabbix_get -s 192.168.159.147 -k check_process["ssh"]
5

增加监控项

查看可以成功获取到

添加触发器

将httpd服务停止查看是否会告警

[root@node1 ~]# systemctl stop httpd

zabbix自定义监控日志文件

上传log.py脚本

[root@node1 scripts]# ls
check_process.sh  log.py
[root@node1 scripts]# cat log.py 
#!/usr/bin/env python3
import sys
import redef prePos(seekfile):global curpostry:cf = open(seekfile)except IOError:curpos = 0return curposexcept FileNotFoundError:curpos = 0return curposelse:try:curpos = int(cf.readline().strip())except ValueError:curpos = 0cf.close()return curposcf.close()return curposdef lastPos(filename):with open(filename) as lfile:if lfile.readline():lfile.seek(0,2)else:return 0lastPos = lfile.tell()return lastPosdef getSeekFile():try:seekfile = sys.argv[2]except IndexError:seekfile = '/tmp/logseek'return seekfiledef getKey():try:tagKey = str(sys.argv[3])except IndexError:tagKey = 'Error'return tagKeydef getResult(filename,seekfile,tagkey):destPos = prePos(seekfile)curPos = lastPos(filename)if curPos < destPos:curpos = 0try:f = open(filename)except IOError:print('Could not open file: %s' % filename)except FileNotFoundError:print('Could not open file: %s' % filename)else:f.seek(destPos)while curPos != 0 and f.tell() < curPos:rresult = f.readline().strip()global resultif re.search(tagkey, rresult):result = 1breakelse:result = 0with open(seekfile,'w') as sf:sf.write(str(curPos))finally:f.close()return resultif __name__ == "__main__":result = 0curpos = 0tagkey = getKey()seekfile = getSeekFile()result = getResult(sys.argv[1],seekfile,tagkey)print(result)[root@node1 scripts]# chmod +x log.py 
[root@node1 scripts]# ll
total 8
-rwxr-xr-x. 1 root root   76 Jan  8 14:21 check_process.sh
-rwxr-xr-x. 1 root root 1854 Jan  8 15:10 log.py

需要有python3，没有就需要去装

[root@node1 scripts]# python -V
Python 3.9.18

监控httpd的错误日志

[root@node1 ~]# ls /var/log/httpd/
access_log  error_log
[root@node1 ~]# python /scripts/log.py /var/log/httpd/error_log 
0

测试

[root@node1 ~]# cd /var/log/httpd/
[root@node1 httpd]# ls
access_log  error_log
[root@node1 httpd]# echo "Error" >> error_log
发现结果是1
[root@node1 ~]# python /scripts/log.py /var/log/httpd/error_log 
1

修改配置文件

[root@node1 httpd]# rm -rf /tmp/logseek (下次查看时同时需要删除，否则无法生成新的)
[root@node1 httpd]# cd /usr/local/etc/
[root@node1 etc]# ls
zabbix_agentd.conf  zabbix_agentd.conf.d
[root@node1 etc]# vim zabbix_agentd.conf
UserParameter=check_logs[*],/scripts/log.py $1 $2 $3   /添加此行
重启服务
[root@node1 etc]# systemctl restart zabbix_agentd

给zabbix用户设置权限

[root@node1 etc]# cd /var/log/httpd/
[root@node1 httpd]# ls
access_log  error_log
[root@node1 httpd]# ll
total 4
-rw-r--r--. 1 root root    0 Jan  8 14:09 access_log
-rw-r--r--. 1 root root 2889 Jan  8 15:22 error_log
[root@node1 httpd]# setfacl -m u:zabbix:rx /var/log/httpd/
[root@node1 httpd]# getfacl /var/log/httpd/
getfacl: Removing leading '/' from absolute path names
# file: var/log/httpd/
# owner: root
# group: root
user::rwx
user:zabbix:r-x
group::---
mask::r-x
other::---

在服务端查看

[root@zabbix ~]# zabbix_get -s 192.168.159.147 -k check_logs["/var/log/httpd/error_log"]
1

添加监控项

添加触发器

手动添加错误查看效果

[root@node1 ~]# echo "Error" >> /var/log/httpd/error_log