摘要:
1、如何监控12种状态假如:有人给服务器发ddos攻击,tcp什么状态会特别多这个值比较大的时候监控所以需要监控tcp状态1、12种状态查看[root@linux-node1~]#netstat-ant状态查看12种状态[root@linux-node1~]#mannetstatStateThestateofthesocket.Sincetherearenostatesinrawmodeandus
1、如何监控12种状态
假如:有人给服务器发ddos攻击,tcp什么状态会特别多
这个值比较大的时候监控
所以需要监控tcp状态
1、12种状态查看
[root@linux-node1 ~]# netstat -ant
状态查看 12种状态
[root@linux-node1 ~]# man netstat State The state of the socket. Since there are no states in raw mode and usually no states used inUDP and UDPLite, this column may be left blank. Normally thiscan be one of several values: ESTABLISHED The socket has an established connection. SYN_SENT The socket isactively attempting to establish a connection. SYN_RECV A connection request has been received fromthe network. FIN_WAIT1 The socket is closed, and the connection isshutting down. FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown fromthe remote end. TIME_WAIT The socket is waiting after close to handle packets still inthe network. CLOSE The socket isnot being used. CLOSE_WAIT The remote end has shut down, waiting forthe socket to close. LAST_ACK The remote end has shut down, and the socket is closed. Waiting foracknowledgement. LISTEN The socket is listening for incoming connections. Such sockets are not included in the out‐ put unless you specify the --listening (-l) or --all (-a) option. CLOSING Both sockets are shut down but we still don't have all our data sent. UNKNOWN The state of the socket is unknown.
查看tcp状态的次数
[root@linux-node1 ~]# netstat -ant |grep -c UNKNOWN 0[root@linux-node1 ~]# netstat -ant |grep -c LISTEN 12
2、命令行,配置
参考mysql的配置
[root@linux-node2 ~]# cd /etc/zabbix/zabbix_agentd.d/[root@linux-node2 /etc/zabbix/zabbix_agentd.d]# tail -1userparameter_mysql.conf UserParameter=mysql.version,mysql -V
Conf文件
[root@linux-node2 /etc/zabbix/zabbix_agentd.d]# vim TCP_Status.conf [root@linux-node2 /etc/zabbix/zabbix_agentd.d]# cat TCP_Status.conf UserParameter=TCP_Status[*],netstat -ant |grep -c $1
重启agent
[root@linux-node2 /etc/zabbix/zabbix_agentd.d]# systemctl restart zabbix-agent
zabbixServer上Test
[root@linux-node1 /etc/zabbix/zabbix_agentd.d]# zabbix_get -s 192.168.194.132 -k TCP_Status[TIME_WAIT] 4[root@linux-node1 /etc/zabbix/zabbix_agentd.d]# zabbix_get -s 192.168.194.132 -k TCP_Status[LISTEN] 7# 不存在为0 [root@linux-node1 /etc/zabbix/zabbix_agentd.d]# zabbix_get -s 192.168.194.132 -k TCP_Status[fdafas] 0
有时候zabbix执行,没有权限
方法1 Sudo 方法2 suid
2、zabbix界面添加
1、自定义模板
2、创建item
其他的直接clone这个
4个状态
3、创建主机
4、最新数据
刷新下
[root@linux-node1 /etc/zabbix/zabbix_agentd.d]# zabbix_server -R config_cache_reload zabbix_server [71979]: command sent successfully
