摘要
TCP的連接狀態(tài)對于我們web服務器來說是至關重要的,尤其是并發(fā)量ESTAB孽鸡;或者是syn_recv值蹂午,假如這個值比較大的話我們可以認為是不是受到了攻擊,或是是time_wait值比較高的話梭灿,我們要考慮看我們內(nèi)核是否需要調優(yōu)画侣,太高的time_wait值的話會占用太多端口,要是端口少的話后果不堪設想堡妒。
監(jiān)控原理
1配乱、TCP連接可以使用命令獲取:
# netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}'
LISTEN 11
CLOSE_WAIT 2
ESTABLISHED 69
TIME_WAIT 33
2皮迟、TCP 11種狀態(tài)圖
3搬泥、TCP狀態(tài)描述
可以使用man netstat查看TCP的各種狀態(tài)信息描述:
LISTEN - 偵聽來自遠方TCP端口的連接請求忿檩;
SYN-SENT -在發(fā)送連接請求后等待匹配的連接請求;
SYN-RECEIVED - 在收到和發(fā)送一個連接請求后等待對連接請求的確認;
ESTABLISHED- 代表一個打開的連接,數(shù)據(jù)可以傳送給用戶理盆;
FIN-WAIT-1 - 等待遠程TCP的連接中斷請求,或先前的連接中斷請求的確認烦磁;
FIN-WAIT-2 - 從遠程TCP等待連接中斷請求陨晶;
CLOSE-WAIT - 等待從本地用戶發(fā)來的連接中斷請求的烁;
CLOSING -等待遠程TCP對連接中斷的確認;
LAST-ACK - 等待原來發(fā)向遠程TCP的連接中斷請求的確認;
TIME-WAIT -等待足夠的時間以確保遠程TCP接收到連接中斷請求的確認咧虎;
CLOSED - 沒有任何連接狀態(tài)茁彭;
監(jiān)控實現(xiàn)方法
?1击罪、將status_TCP.conf文件放置到/etc/zabbix/zabbix_agentd.d目錄。(附件為監(jiān)控文件)
? 2、將腳本tcp_status.sh放置到目錄/etc/zabbix/scripts下娃弓,如果目錄不存在,則創(chuàng)建目錄;賦予腳本執(zhí)行權限及添加執(zhí)行權限和tcp_status的屬主和屬組裙盾。
????????*# mkdir /etc/zabbix/scripts
????????*# chmod +x /etc/zabbix/scripts/tcp_status.sh
????????*# chown zabbix:zabbix /etc/zabbix/scripts/tcp_status.sh
????3鲤拿、因為腳本是把tcp的一些信息存放在/tmp/下,為了zabbix可以讀取到我們設置zabbix可以讀的權限:
????????*# touch /tmp/tcp_status.txt
????????*# chown zabbix:zabbix /tmp/tcp_status.txt
????4、重啟zabbix agent?
????????*# service zabbix-agent restart
????5、在zabbix server中導入模板(zabbix版本>=3.0,版本低于3.0可能無法導入):Template_TCP_Status_templates.xml
????6、檢驗KEY:
????????*# zabbix_get -s 127.0.0.1??-k tcp.status[established]
????????????270
????????*# zabbix_get -s 127.0.0.1??-k tcp.status[lastack]
????????????0
????????*# zabbix_get -s 127.0.0.1??-k tcp.status[listen]
????????????11
????????可查看server端日志:
????????*# tailf /var/log/zabbix/zabbix_server.log
?????????????21178:20171124:174831.855 item "Zabbix server:tcp.status[closed]" became supported
?????????????21185:20171124:174832.855 item "Zabbix server:tcp.status[closewait]" became supported
?????????????21178:20171124:174833.860 item "Zabbix server:tcp.status[closing]" became supported
?????????????21185:20171124:174834.861 item "Zabbix server:tcp.status[established]" became supported
????????????21178:20171124:174835.865 item "Zabbix server:tcp.status[finwait1]" became supported
?????????????21185:20171124:174836.866 item "Zabbix server:tcp.status[finwait2]" became supported
?????????????21178:20171124:174837.871 item "Zabbix server:tcp.status[lastack]" became supported
?????????????21185:20171124:174838.873 item "Zabbix server:tcp.status[listen]" became supported
?????????????21178:20171124:174839.877 item "Zabbix server:tcp.status[synrecv]" became supported
?????????????21185:20171124:174840.878 item "Zabbix server:tcp.status[synsent]" became supported
?????????????21178:20171124:174841.882 item "Zabbix server:tcp.status[timewait]" became supported
腳本地址:https://github.com/cuitxubin/Zabbix_Monitor_TCP
參考文檔
1塑径、http://www.xuliangwei.com/xubusi/637.html
2晓勇、http://blog.csdn.net/reblue520/article/details/52274354
3描融、https://www.abcdocker.com/abcdocker/2652