1)统计80端口连接数
netstat -nat|grep -i "80"|wc -l
一、监控原理
1)netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}' (不好用,线上服务器执行时间过长)
[user@k8s4 ~]$ netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}'
LISTEN 12
ESTABLISHED 12
FIN_WAIT2 9
TIME_WAIT 43
可以使用man netstat查看TCP的各种状态信息描述
ESTABLISHED socket已经建立连接
CLOSED socket没有被使用,无连接
CLOSING 服务器端和客户端都同时关闭连接
CLOSE_WAIT 等待关闭连接
TIME_WAIT 表示收到了对方的FIN报文,并发送出了ACK报文,等待2MSL后就可回到CLOSED状态
LAST_ACK 远端关闭,当前socket被动关闭后发送FIN报文,等待对方ACK报文
LISTEN 监听状态
SYN_RECV 接收到SYN报文
SYN_SENT 已经发送SYN报文
FIN_WAIT1 The socket is closed, and the connection is shutting down
FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end.
LISTEN - 侦听来自远方TCP端口的连接请求;
SYN-SENT -在发送连接请求后等待匹配的连接请求;
SYN-RECEIVED - 在收到和发送一个连接请求后等待对连接请求的确认;
ESTABLISHED- 代表一个打开的连接,数据可以传送给用户;
FIN-WAIT-1 - 等待远程TCP的连接中断请求,或先前的连接中断请求的确认;
FIN-WAIT-2 - 从远程TCP等待连接中断请求;
CLOSE-WAIT - 等待从本地用户发来的连接中断请求;
CLOSING -等待远程TCP对连接中断的确认;
LAST-ACK - 等待原来发向远程TCP的连接中断请求的确认;
TIME-WAIT -等待足够的时间以确保远程TCP接收到连接中断请求的确认;
CLOSED - 没有任何连接状态;
TCP连接过程是状态的转换,促使发生状态转换的是用户调用:
View Code
2)在需要被监控的zabbix-agent端添加脚本编写
mkdir -p /usr/local/zabbix-agent/scripts/ # 添加脚本文件。执行结果返回的是 数字类型
mkdir -p /etc/zabbix/zabbix_agentd.d/ # 存放 zabbix的agent 的key
添加脚本文件
[user@k8s4 ~]$ vim /usr/local/zabbix-agent/scripts/tcp_conn_status.sh
[user@k8s4 ~]$ cat /usr/local/zabbix-agent/scripts/tcp_conn_status.sh
#!/bin/bash
#this script is used to get tcp and udp connetion status
#tcp status
metric=$1
tmp_file=/etc/zabbix/tcp_status.txt
/bin/netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}' > $tmp_file
case $metric in
closed)
output=$(awk '/CLOSED/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
listen)
output=$(awk '/LISTEN/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
synrecv)
output=$(awk '/SYN_RECV/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
synsent)
output=$(awk '/SYN_SENT/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
established)
output=$(awk '/ESTABLISHED/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
timewait)
output=$(awk '/TIME_WAIT/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
closing)
output=$(awk '/CLOSING/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
closewait)
output=$(awk '/CLOSE_WAIT/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
lastack)
output=$(awk '/LAST_ACK/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
finwait1)
output=$(awk '/FIN_WAIT1/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
finwait2)
output=$(awk '/FIN_WAIT2/{print $2}' $tmp_file)
if [ "$output" == "" ];then
echo 0
else
echo $output
fi
;;
*)
echo -e "\e[033mUsage: sh $0 [closed|closing|closewait|synrecv|synsent|finwait1|finwait2|listen|established|lastack|timewait]\e[0m"
esac
tcp_conn_status.sh
赋予脚本执行权限
chmod o+x /usr/local/zabbix-agent/scripts/tcp_conn_status.sh
3)添加监控的key值
agent的配置文件 /etc/zabbix/zabbix_agentd.conf
中定义了其他key的包含目录 Include=/etc/zabbix/zabbix_agentd.d/,
接着在 /etc/zabbix/zabbix_agentd.d/ 目录新建一个文件 tcp-status-params.conf, 内容如下
vim /etc/zabbix/zabbix_agentd.d/tcp-status-params.conf
[user@k8s4 ~]$ cat /etc/zabbix/zabbix_agentd.d/tcp-status-params.conf
UserParameter=tcp.status[*],/usr/local/zabbix-agent/scripts/tcp_conn_status.sh $1
tcp-status-params.conf
如果脚本文件中需要写入文件内容,需要给该脚本加入写入权限。
chmod o+w /etc/zabbix/tcp_status.txt # tcp_status.txt 该文件对所有用户均有写入的权限
4)先在zabbix_agent 进行本地脚本测试(任意普通用户执行)
[user@k8s4 ~]$ /bin/bash /usr/local/zabbix-agent/scripts/tcp_conn_status.sh listen
12
注意: /bin/bash /usr/local/zabbix-agent/scripts/tcp_conn_status.sh established 这是查看建立的socket连接
重启agent
service zabbix-agent restart
5)再在服务端进行zabbix_get进行测试连接
[root@zabbix ~]# /usr/local/zabbix/bin/zabbix_get -s 192.168.10.20 -p 10050 -k "tcp.status[listen]"
12
二、zabbix服务端在图形界面添加监控项
1)添加监控项
2)添加图形
三、另一高效的执行监控方法ss
ss监控原理:
1)写入监控脚本
vim /usr/local/zabbix-agent/scripts/tcp_socket.sh (其实该脚本并没有用)
#!/bin/bash
function SYNRECV {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'SYN-RECV' | awk '{print $2}'
}
function ESTAB {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'ESTAB' | awk '{print $2}'
}
function FINWAIT1 {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'FIN-WAIT-1' | awk '{print $2}'
}
function FINWAIT2 {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'FIN-WAIT-2' | awk '{print $2}'
}
function TIMEWAIT {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'TIME-WAIT' | awk '{print $2}'
}
function LASTACK {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'LAST-ACK' | awk '{print $2}'
}
function LISTEN {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'LISTEN' | awk '{print $2}'
}
function CLOSED {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'CLOSED' | awk '{print $2}'
}
function SYN_SENT {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'SYN_SENT' | awk '{print $2}'
}
function CLOSE_WAIT {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'CLOSE_WAIT' | awk '{print $2}'
}
function CLOSING {
/usr/sbin/ss -ant | awk '{++s[$1]} END {for(k in s) print k,s[k]}' | grep 'CLOSING' | awk '{print $2}'
}
case $1 in
SYNRECV)
SYNRECV
;;
ESTAB)
ESTAB
;;
FINWAIT1)
FINWAIT1
;;
FINWAIT2)
FINWAIT2
;;
TIMEWAIT)
TIMEWAIT
;;
LASTACK)
LASTACK
;;
LISTEN)
LISTEN
;;
CLOSED)
CLOSED
;;
SYN_SENT)
SYN_SENT
;;
CLOSE_WAIT)
CLOSE_WAIT
;;
CLOSING)
CLOSING
;;
*)
exit 1
;;
esac
tcp_socket.sh
执行检测
[root@nredis scripts]# /bin/bash /usr/local/zabbix-agent/scripts/tcp_socket.sh ESTAB
75024
2)添加监控的key
UserParameter=tcp.status[*], /usr/sbin/ss -ant | grep -c $1 # 真正有用的程序
# UserParameter=tcp.status[*], /data/app/zabbix/etc/zabbix_agentd.conf.d/tcpstatus.sh $1
可传入的参数为
[SYNRECV,ESTAB,FINWAIT1,FINWAIT2,TIME-WAIT,LASTACK,LISTEN,CLOSED,SYN_SENT,CLOSE_WAIT,CLOSING]
SYN_RECV表示正在等待处理的请求数;
ESTABLISHED表示正常数据传输状态;
TIME_WAIT表示处理完毕,等待超时结束的请求数。