Nagios是一款企业级开源免费的监控工具,其关注点在于保证服务的正常运行,并且在服务发生问题时提供报警机制。

1. 实验环境

Nagios服务端:10.20.2.233

Nagios监控端:web1(10.20.2.2.235) 、 web2(10.20.2.236)

2. Nagios服务端部署

1) 安装nagios依赖软件包

通过yum方式快速安装Nagios所需的依赖软件包

yum -y install gd gd-devel openssl openssl-devel httpd php gcc glibc glibc-common make net-snmp wget

2) 创建nagios账户与组

配置时使用--with-nagios-user和--with-nagios-group指定以该账号的身份运行Nagios。

useradd nagios

3) ×××地址

Nagios:

http://superb-sea2.dl.sourceforge.net/project/nagios/nagios-4.x/nagios-4.2.1/nagios-4.2.1.tar.gz

Nagios-plugin:

https://nagios-plugins.org/download/nagios-plugins-2.1.2.tar.gz

Nrpe:

http://pilotfiber.dl.sourceforge.net/project/nagios/nrpe-3.x/nrpe-3.0.1.tar.gz

4) Nagios的安装

tar -zxf nagios-4.2.1.tar.gz -C /usr/local
cd /usr/local
cd nagios-4.2.1/
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make all
make install                    #安装主程序,CGI以及HTML文件
make install-init                 #安装启动脚本/etc/init.d/nagios
make install-commandmode       #安装与配置目录权限
make install-config              #安装配置文件模板
# 由于nagios最终将以web的形式进行管理与监控,安装过程中使用make install-webconf命令将生成Apache附加配置文件/etc/httpd/conf.d/nagios.conf
make install-webconf

5) Nagios插件安装

tar -zxf nagios-plugins-2.1.2.tar.gz -C /usr/local
cd /usr/local/nagios-plugins-2.1.2/
./configure --prefix=/usr/local/nagios
make
make install
tar -zxf nrpe-3.0.1.tar.gz  -C /usr/local/
cd /usr/local
cd nrpe-3.0.1/
./configure --prefix=/usr/local/nagios
make all
make install-plugin
make install-daemon
make install-daemon-config
chown nagios:nagios -R /usr/local/nagios

6) 禁用selinux并关闭防火墙

setenforce 0
service iptables stop

7) 创建web访问账户

htpasswd -c /usr/local/etc/htpasswd.users tomcat

8) 启动nagios

/etc/init.d/httpd start
/etc/init.d/nagios start

9) 修改nagios配置文件

主配置文件:nagios.cfg

主配置文件中使用cfg_file配置项加载其他配置文件,为了方便管理,将两台监控主机创建不同的配置文件,10.20.2.235配置文件名为web1.cfg,10.20.2.236配置文件名为web2.cfg

vi /usr/local/nagios/etc/nagios.cfg 
 
cfg_file=/usr/local/nagios/etc/objects/commands.cfg
cfg_file=/usr/local/nagios/etc/objects/contacts.cfg
cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg
cfg_file=/usr/local/nagios/etc/objects/templates.cfg
 
# Definitions for monitoring the local (Linux) host
cfg_file=/usr/local/nagios/etc/objects/localhost.cfg
 
#下面两个配置文件需要手动创建出来,用于监控两台web服务器
cfg_file=/usr/local/nagios/etc/web1.cfg
cfg_file=/usr/local/nagios/etc/web2.cfg
……

修改CGI配置文件(cgi.cfg),需要将访问web页面的账号加入进来

vi /usr/local/nagios/etc/cgi.cfg
 
use_authentication=1
authorized_for_system_information=nagiosadmin,tomcat
authorized_for_configuration_information=nagiosadmin,tomcat
authorized_for_system_commands=nagiosadmin,tomcat
authorized_for_all_services=nagiosadmin,tomcat
authorized_for_all_hosts=nagiosadmin,tomcat
authorized_for_all_service_commands=nagiosadmin,tomcat
authorized_for_all_host_commands=nagiosadmin,tomcat
……

修改命令配置文件(commands.cfg),该文件定义具体的命令实现方式,如发送报警邮件具体使用什么工具、邮件内容格式定义。

vi /usr/local/nagios/etc/objects/commands.cfg
 
……
define command{
        command_name    check-host-alive
        command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
        }
……
#以下内容需要手动添加,用于进行远程主机监控,需要安装nrpe软件包
define command{
        command_name    check_nrpe
        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
        }

 

修改nrpe配置文件(nrpe.cfg),用于监控远程主机所需要的命令

vi /usr/local/nagios/etc/nrpe.cfg
 
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
#下面一行为手动添加
command[check_disk]=/usr/local/nagios/libexec/check_disk -w 20% -c 10%
……

修改监控主机配置文件(localhost.cfg),该文件用于设置如何监控本机服务器资源。

vi /usr/local/nagios/etc/objects/localhost.cfg
……
define host{
        use                     linux-server            ; Name of host template to use
                                                        ; This host definition will inherit all variables that are defined
                                                        ; in (or inherited by) the linux-server host template definition.
        host_name               localhost
        alias                   localhost
        address                 127.0.0.1
        }
 
……
define hostgroup{
        hostgroup_name  linux-servers ; The name of the hostgroup
        alias           Linux Servers ; Long name of the group
        members         localhost     ; Comma separated list of hosts that belong to this group
        }
……

 

创建远程监控配置文件web1.cfg与web2.cfg,用于监控远程服务器系统资源与服务,可以使用localhost.cfg作为参考模板。下面列出web1.cfg的所有内容,web2.cfg 只需要参考web1.cfg的内容修改主机名称、IP地址以及主机名称即可。

define host{
        use                     linux-server            ; Name of host template to use
                                                        ; This host definition will inherit all variables that are defined
                                                        ; in (or inherited by) the linux-server host template definition.
        host_name               web1
        alias                   test.com
        address                 10.20.2.235
        }
define hostgroup{
        hostgroup_name  webs ; The name of the hostgroup
        alias           Linux Servers ; Long name of the group
        members         web1     ; Comma separated list of hosts that belong to this group
        }
define service{
        use                             generic-service         ; Name of service template to use
        host_name                       web1
        service_description             PING
        check_command                   check_ping!100.0,20%!500.0,60%
        notifications_enabled           1
        }
define service{
        use                             generic-service         ; Name of service template to use
        host_name                       web1
        service_description             Sys_Load
        check_command                   check_nrpe!check_load
        notifications_enabled           1
        }
 
define service{
        use                             generic-service         ; Name of service template to use
        host_name                       web1
        service_description             Current Users
        check_command                   check_nrpe!check_users
        notifications_enabled           1
        }
define service{
        use                             generic-service         ; Name of service template to use
        host_name                       web1
        service_description             Total Processes
        check_command                   check_nrpe!check_total_procs
        notifications_enabled           1
        }
define service{
        use                             generic-service         ; Name of service template to use
        host_name                       web1
        service_description             SSH
        check_command                   check_ssh
        notifications_enabled           1
        }
define service{
        use                             generic-service         ; Name of service template to use
        host_name                       web1
        service_description             HTTP
        check_command                   check_http
        notifications_enabled           1
        }

10) 重新加载nagios配置

其他配置文件不需修改,可以直接使用,重启nagios,重新加载所有的配置

/etc/init.d/nagios restart

3. Nagios监控端部署

下面以web1为例,web2与web1操作一致

1) yum安装nagios插件需依赖的软件包

yum -y install openssl openssl-devel

2) 创建nagios用户和组

useradd -s /sbin/nologin nagios

3) 安装Nagios-plugin

tar -zxf nagios-plugins-2.1.2.tar.gz -C /usr/local
cd /usr/local/
cd nagios-plugins-2.1.2/
./configure 
make
make install

4) 安装Nrpe

tar -zxf nrpe-3.0.1.tar.gz -C /usr/local
cd /usr/local/nrpe-3.0.1/
./configure 
make all
make install-plugin
make install-daemon
make isntall-daemon-config
chown -R nagios:nagios /usr/local/nagios

 

5) 修改nrpe配置文件

cp /usr/local/nrpe-3.0.1/sample-config/nrpe.cfg /usr/local/nagios/etc/
vi /usr/local/nagios/etc/nrpe.cfg
……
allowed_hosts=127.0.0.1,10.20.2.233
……
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
#下面一行为手动添加
command[check_disk]=/usr/local/nagios/libexec/check_disk -w 20% -c 10%

6) 禁用selinux并关闭防火墙

setenforce 0
service iptables stop

 

7) 启动nrpe

/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

4. 验证并进行监控

1) 验证监控端的nrpe

管理员在Nagios服务端通过check_nrpe检测被监控端相关的性能参数,单独使用check_nrpe可以检测被监控端的nrpe版本号

[root@test etc]# /usr/local/nagios/libexec/check_nrpe -H 10.20.2.235
NRPE v3.0.1
[root@test etc]# /usr/local/nagios/libexec/check_nrpe -H 10.20.2.236
NRPE v3.0.1
[root@test etc]# /usr/local/nagios/libexec/check_nrpe -H 10.20.2.237
connect to address 10.20.2.237 port 5666: Connection refused
connect to host 10.20.2.237 port 5666: Connection refused

2) 访问web页面进行监控

以上信息已经能够检测到被监控端的nrpe,此时可以通过浏览器进行访问:

http://10.20.2.233/nagios

wKiom1fTgE6hCu6WAALSMVKsWG0151.jpg

wKioL1fTgFLwLlGGAAM6xhW0YcQ377.jpg

wKioL1fTgFKydG79AAGorhBmVnU074.jpg