标签:下载次数 service gateway nagios 监控主机 防火墙
监控平台之-nagios安装配置
小贝比尔IT技术交流网-小贝比尔
提醒:内存1G 硬盘15G(硬盘最好不要低于15G,不然安装期间会出问题)
Selinux和防火墙先关闭,安装成功后再配置
1.关闭selinux vim/etc/sysconfig/selinu更改:SELINUX=enforcing 为 SELINUX=disabled
1.png (22.12 KB, 下载次数: 0)
2.关闭iptables service iptables stop
监控主机ip:192.168.0.90
Mask:255.255.255.0
Gateway:192.168.0.1
DNS:192.168.0.52
被监控主机:apps01.semi.htche.com (192.168.0.56)
web01.semi.htche.com (192.168.0.58)
res01.semi.htche.com (192.168.0.57)
db01.semi.htche.com(192.168.0.55)
准备:# yum update
# yum install vim-y
# Yum install wget -y
Nagios服务端安装(192.168.0.90)
基础支持套件:gcc glibc glibc-common gd gd-develxinetd openssl-devel
# yum install -y gcc glibc glibc-common gd gd-devel xinetdopenssl-devel
创建nagios用户和用户组
# useradd -s /sbin/nologinnagios
# mkdir /usr/local/nagios
# chown -R nagios:nagios/usr/local/nagios
编译安装Nagios
# cd /usr/src/
#wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.4.3.tar.gz
#tar -zxvf nagios-3.4.3.tar.gz
#cd nagios
#./configure --prefix=/usr/local/nagios
#make all
# make install
# make install-init
# make install-commandmode
# make install-config
# chkconfig --add nagios
# chkconfig --level 35 nagios on
# chkconfig --list nagios
1.4 验证程序是否被正确安装
切换目录到安装路径(这里是/usr/local/nagios),看是否存在etc、bin、sbin、share、var 这五个目录,如果存在则可以表明程序被正确的安装到系统了。Nagios 各个目录用途说明如下:
安装Nagios插件
#cd /usr/src
# wget http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz
# tar -zxvf nagios-plugins-2.0.3.tar.gz
# cd nagios-plugins-2.0.3
# ./configure --prefix=/usr/local/nagios
# make && make install
1.6 安装与配置Apache和Php (cd /usr/src)
a.Apache
# cd /usr/src
# wget http://archive.apache.org/dist/httpd/httpd-2.2.23.tar.gz
# tar -zxvfhttpd-2.2.23.tar.gz
# cd httpd-2.2.23
# ./configure--prefix=/usr/local/apache2
# make && makeinstall
b.Php
# cd ..
# wget http://museum.php.net/php5/php-5.4.10.tar.gz
# yum install mysql-devel-y
# yuminstall libxml2* -y
# exportLDFLAGS=-L/usr/lib64/mysql
# mkdir /usr/lib/mysql
# cp /usr/lib64/mysql/*/usr/lib/mysql/
# tar -zxvf php-5.4.10.tar.gz
# cd php-5.4.10
#./configure --prefix=/usr/local/php --with- apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr
# make && make install
c.配置apache
#vim /usr/local/apache2/conf/httpd.conf
找到:
#ServerName www.example.com:80
修改为:
ServerNamelocalhost:80
找到:
User daemon Group daemon
修改为
User nagios Group nagios
然后找到
<IfModule dir_module> DirectoryIndex index.html </IfModule>修改为 <IfModule dir_module> DirectoryIndex index.html index.php AddType application/x-httpd-php .php</IfModule>
为了安全起见,一般情况下要让nagios 的web 监控页面必须经过授权才能访问,这需要增加验证配置,即在httpd.conf 文件最后添加如下信息:
#setting for nagios ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" <Directory "/usr/local/nagios/sbin"> AuthType Basic Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthName "Nagios Access" AuthUserFile /usr/local/nagios/etc/htpasswd //用于此目录访问身份验证的文件 Require valid-user </Directory> Alias /nagios "/usr/local/nagios/share" <Directory "/usr/local/nagios/share"> AuthType Basic Options None AllowOverride None Order allow,deny Allow from all AuthName "nagios Access" AuthUserFile /usr/local/nagios/etc/htpasswd Require valid-user </Directory>
d. 创建apache目录验证文件
在上面的配置中,指定了目录验证文件htpasswd,下面要创建这个文件:
#/usr/local/apache2/bin/htpasswd -c /usr/local/nagios/etc/htpasswd nagiosadmin \\这里创建的就是登陆nagios认证的用户,密码要在这里赋予
这样就在/usr/local/nagios/etc 目录下创建了一个htpasswd 验证文件,当通过http://monitor.semi.htche.com/nagios/ 访问时就需要输入用户名和密码了。
e. 查看认证文件的内容
# cat/usr/local/nagios/etc/htpasswd
f. 启动apache 服务
#/usr/local/apache2/bin/apachectl start
g. 启动nagios 服务
# /etc/init.d/nagiosstart
*此时可能会报错,错误提示如下图:
解决办法:
# vim/etc/passwd
修改:nagios:x:500:500::/home/nagios:/sbin/nologin 为
nagios:x:500:500::/home/nagios:/bin/bash
2.png (16.72 KB, 下载次数: 0)
然后重启
3.png (3.1 KB, 下载次数: 0)
到这里nagios 的安装也就基本完成了,你可以通过web来访问了。
4.png (22.29 KB, 下载次数: 0)
5.png (91.31 KB, 下载次数: 0)
二.配置Nagios
1.配置主配置文件
vim /usr/local/nagios/etc/nagios.cfg
增加如下几行:
cfg_file=/usr/local/nagios/etc/objects/hosts.cfgcfg_dir=/usr/local/nagios/etc/servicescfg_file=/usr/local/nagios/etc/objects/contactgroups.cfgcfg_file=/usr/local/nagios/etc/objects/hostgroups.cfg
2.添加监控主机
hosts.cfg 此文件默认不存在,定义此文件用于编辑被监控主机。
vim /usr/local/nagios/etc/objects/hosts.cfg define hostgroup{ hostgroup_name semi-servers #主机组名称,可以随意指定。 alias semi members res01.semi.htche.com #主机组成员} define host{ use linux-server host_name res01.semi.htche.com alias res01 address 192.168.0.57} define host{ use linux-server host_name apps01.semi.htche.com alias apps01 address 192.168.0.56} define host{ use linux-server host_name web01.semi.htche.com alias web01 address 192.168.0.58} define host{ use linux-server host_name db01.semi.htche.com alias db01 address 192.168.0.55}
3.添加监控端口命令:
vim /usr/local/nagios/etc/objects/commands.cfg
添加端口,模板如下:
# check port9080
definecommand{
command_name 9080
command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p 9080$ARG2$
}
# check port7369
definecommand{
command_name 7369
command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p 7369$ARG2$
}
若要添加其他端口,按模板添加即可;
4.添加监控服务
services 这个目录不存在,定义此目录为了编辑需要监控的所有服务。
mkdir/usr/local/nagios/etc/services
为了便于以后管理,我在services目录下分别创建了需要监控主机的文件,分别为: apps01.semi. cfg res01.semi. cfg
db01.semi. cfg web01.semi. cfg
以编辑db01.semi.htche.com.cfg 为例,其他大同小异。
vim /usr/local/nagios/etc/services/db01.semi.cfg
#Definea service to check is dead or alive
defineservice{
use local-service
host_name db01.semi.htche.com
service_description check-host-alive
check_command check-host-alive
}
#Define a service to "ping" the local machine
defineservice{
use local-service ; Name of service template to use
host_name db01.semi.htche.com
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}
#Define a service to check the disk space of the root partition
#on the local machine. Warning if <20% free, critical if
#< 10% free space on partition.
defineservice{
use local-service ; Name of service template to use
host_name db01.semi.htche.com
service_description Root Partition
check_command check_local_disk!20%!10%!/
}
#Define a service to check the number of currently logged in
#users on the local machine. Warning if> 20 users, critical
#if > 50 users.
defineservice{
use local-service ; Name of service template to use
host_name db.semi.htche.com
service_description Current Users
check_command check_local_users!20!50
}
#Define a service to check the number of currently running procs
#on the local machine. Warning if >250 processes, critical if
#> 400 users.
defineservice{
use local-service ; Name of service template to use
host_name db.semi.htche.com
service_description Total Processes
check_command check_local_procs!250!400!RSZDT
}
#Define a service to check the load on the local machine.
defineservice{
use local-service ; Name of service template to use
host_name db.semi.htche.com
service_description Current Load
check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0
}
#Define a service to check the swap usage the local machine.
#Critical if less than 10% of swap is free, warning if less than 20% is free
defineservice{
use local-service ; Name of service template to use
host_name db.semi.htche.com
service_description Swap Usage
check_command check_local_swap!20!10
}
#Define a service to check SSH on the local machine.
#Disable notifications for this service by default, as not all users may haveSSH enabled.
defineservice{
use local-service ; Name of service template to use
host_name db.semi.htche.com
service_description SSH
check_command check_ssh
notifications_enabled 0
}
#Define a service to check HTTP on the local machine.
#Disable notifications for this service by default, as not all users may haveHTTP enabled.
defineservice{
use local-service ; Name of service template to use
host_name db.semi.htche.com
service_description HTTP
check_command check_http
notifications_enabled 0
}
#services
defineservice{
use local-service
host_name db.semi.htche.com
service_description shop-goods
check_command 5080
is_volatile 0
check_period 24x7
max_check_attempts 2
normal_check_interval 1
retry_check_interval 1
contact_groups admins
notification_options w,u,c,r
notification_interval 960
notification_period 24x7
}
defineservice{
use local-service
host_name db.semi.htche.com
service_description shop-order
check_command 6080
is_volatile 0
check_period 24x7
max_check_attempts 2
normal_check_interval 1
retry_check_interval 1
contact_groups admins
notification_options w,u,c,r
notification_interval 960
notification_period 24x7
}
defineservice{
use local-service
host_name db.semi.htche.com
service_description shop-search
check_command 7080
is_volatile 0
check_period 24x7
max_check_attempts 2
normal_check_interval 1
retry_check_interval 1
contact_groups admins
notification_options w,u,c,r
notification_interval 960
notification_period 24x7
}
defineservice{
use local-service
host_name db.semi.htche.com
service_description htche-ams
check_command 9080
is_volatile 0
check_period 24x7
max_check_attempts 2
normal_check_interval 1
retry_check_interval 1
contact_groups admins
notification_options w,u,c,r
notification_interval 960
notification_period 24x7
}
defineservice{
use local-service
host_name db.semi.htche.com
service_description htche-scheduler
check_command 7369
is_volatile 0
check_period 24x7
max_check_attempts 2
normal_check_interval 1
retry_check_interval 1
contact_groups admins
notification_options w,u,c,r
notification_interval 960
notification_period 24x7
}
#mem
defineservice{
use local-service
host_name db01.semi.htche.com
service_description check_mem
check_command check_nrpe!check_memory!80,10!100,40
}
5.为便于以后添加,需新建文件:
touch/usr/local/nagios/etc/objects/contactgroups.cfg
touch/usr/local/nagios/etc/objects/hostgroups.cfg
6.完成后,重启nagios,看效果。
6.png (9.76 KB, 下载次数: 0)
效果:
添加的hosts主机:
7.png (46.89 KB, 下载次数: 0)
添加的apps01.semi.htche.com上的服务:
8.png (129.33 KB, 下载次数: 0)
因为刚添加,还在监听等待··········
稍等片刻······
9.png (137.76 KB, 下载次数: 0)
监控结果已经出来了
三.利用NRPE监控远程Linux上的“本地信息”
1.1 在被监控机(db01.semi.htche.com)上
a. 增加用户&设定密码
# useraddnagios
# passwd nagios
b. 安装Nagios 插件
#cd /usr/src
#wget http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz
# tar -zxvf nagios-plugins-2.0.3.tar.gz# cd nagios-plugins-2.0.3
#./configure --prefix=/usr/local/nagios (若出现:configure: error: no acceptable C compiler found in $PATH报错,请执行yum install gcc –y 安装gcc套件)
# make && make installc. 安装NRPEcd /usr/src# wget http://prdownloads.sourceforge.n ... os/nrpe-2.13.tar.gz# tar -zxvf nrpe-2.13.tar.gz# cd nrpe-2.13# ./configure (若出现:checking for SSL headers... configure: error: Cannot find ssl headers报错,请执行yum -y install openssl-devel)# make all
接下来安装NPRE插件,daemon和示例配置文件。
c.1 安装check_nrpe 这个插件
# makeinstall-plugin
监控机需要安装check_nrpe 这个插件,被监控机并不需要,我们在这里安装它只是为了测试目的。
c.2 安装deamon
# makeinstall-daemon
c.3 安装配置文件
# makeinstall-daemon-config
按照安装文档的说明,是将NRPEdeamon作为xinetd下的一个服务运行的。在这样的情况下xinetd就必须要先安装好,不过一般系统已经默认安装了。
d. 安装xinted 脚本
#yum installxinetd -y
# makeinstall-xinetd
可以看到创建了这个文件/etc/xinetd.d/nrpe。
编辑这个脚本:
vim /etc/xinetd.d/nrpe
在only_from 后增加监控主机的IP地址。
10.png (18.8 KB, 下载次数: 0)
记得要有逗号,而且逗号后边不能有空格。
编辑/etc/services 文件,增加NRPE服务
11.png (20.41 KB, 下载次数: 0)
重启xinted 服务
# servicexinetd restart
12.png (4.12 KB, 下载次数: 0)
# /usr/local/nagios/bin/nrpe-c /usr/local/nagios/etc/nrpe.cfg -d
查看NRPE 是否已经启动netstat -an |grep 5666
可以看到5666端口已经在监听了。
e. 测试NRPE是否则正常工作
使用上面在被监控机上安装的check_nrpe这个插件测试NRPE 是否工作正常。
# /usr/local/nagios/libexec/check_nrpe-H localhost
会返回当前NRPE的版本
13.png (3.74 KB, 下载次数: 0)
这一步完成后会在/usr/local/nagios/下生成三个目录include、libexec和share。
修改目录权限
# chown Nagios:nagios /usr/local/nagios# chown -R Nagios:nagios /usr/local/nagios/libexec
1.2 在监控机(monitor.semi.htche.com)上
a.安装NRPEcd /usr/src# wget http://prdownloads.sourceforge.n ... os/nrpe-2.13.tar.gz# tar -zxvf nrpe-2.13.tar.gz# cd nrpe-2.13# ./configure (若出现:checking for SSL headers... configure: error: Cannot find ssl headers报错,请执行yum -y install openssl-devel)# make all
#make install-plugin
b. nagios服务器配置
#vim /usr/local/nagios/etc/objects/commands.cfg
加入
#nrpe
definecommand{
command_name check_nrpe
command_line $USER1$/check_nrpe -H$HOSTADDRESS$ -c $ARG1$
}
只运行这一步就行了,因为只需要check_nrpe插件。
四.Nagios邮件报警的配置
1.1 安装sendmail 组件
首先要确保sendmail 相关组件的完整安装,我们可以使用如下的命令来完成sendmail 的安装:
# yuminstall -y sendmail*
然后重新启动sendmail服务:
# servicesendmail restart
然后发送测试邮件,验证sendmail的可用性:
# yuminstall mail -y
# echo"Hello World" | mail hanchaochao@htche.net
14.png (18.42 KB, 下载次数: 0)
1.2 邮件报警的配置
# vim /usr/local/nagios/etc/objects/contacts.cfg
15.png (127.54 KB, 下载次数: 0)
配置完毕
本文出自 “小贝比尔IT交流” 博客,谢绝转载!
标签:下载次数 service gateway nagios 监控主机 防火墙
原文地址:http://xiaobeibier.blog.51cto.com/6296011/1665672