zabbix6.0+timescaledb+企微/钉钉告警
安装组件一、postgres(TimescaleDB)二、zabbix_server三、zabbix_nginx四、zabbix_java_gateway五、zabbix_snmptraps六、zabbix_web_service七、zabbix_agent2方法一rpm安装方法二docker方法三二进制部置zabbix-agent2八、使用Node_exporter作为zabbix的客户端九、g
zabbix-api https://blog.csdn.net/weixin_36485376/article/details/89603642
zabbix6.0安装组件
- docker (略)
- timescaledb 时序数据库
- zabbix_server
- zabbix-web-nginx
一、postgres(TimescaleDB)
mkdir /data/zabbix/timescaledb -p && cd /data/zabbix/timescaledb
cat > start.sh << 'EOF'
#!/bin/bash
docker rm -f timescaledb
cd `dirname $0`
docker run -d \
--name timescaledb \
--restart always \
-p 5432:5432 \
-v /etc/localtime:/etc/localtime:ro \
-v `pwd`/data:/var/lib/postgresql/data:rw \
-e POSTGRES_USER=zabbix \
-e POSTGRES_PASSWORD=Timescaledb@2022 \
-e POSTGRES_DB=zabbix \
-e ENABLE_TIMESCALEDB=true \
timescale/timescaledb:2.7.0-pg14
EOF
bash start.sh
timescaledb 内存和CPU优化
docker exec -it timescaledb bash
timescaledb-tune --memory="2GB" --cpus=2 --yes --quiet
Using postgresql.conf at this path:
/var/lib/postgresql/data/postgresql.conf
Writing backup to:
/tmp/timescaledb_tune.backup202304071240
Recommendations based on 2.00 GB of available memory and 2 CPUs for PostgreSQL 13
success: all settings tuned, no changes needed
Saving changes to: /var/lib/postgresql/data/postgresql.conf
二、zabbix_server
mkdir /data/zabbix/zabbix_server -p && cd /data/zabbix/zabbix_server
cat > start.sh << 'EOF'
#!/bin/bash
docker rm -f zabbix_server
cd `dirname $0`
docker run -d \
--name zabbix_server \
--restart always \
--net host \
--add-host=timescaledb:192.168.11.101 \
-v /etc/localtime:/etc/localtime:ro \
-v `pwd`/data/alertscripts:/usr/lib/zabbix/alertscripts:ro \
-v `pwd`/data/externalscripts:/usr/lib/zabbix/externalscripts:ro \
-v `pwd`/data/export:/var/lib/zabbix/export:rw \
-v `pwd`/data/modules:/var/lib/zabbix/modules:ro \
-v `pwd`/data/enc:/var/lib/zabbix/enc:ro \
-v `pwd`/data/ssh_keys:/var/lib/zabbix/ssh_keys:ro \
-v `pwd`/data/mibs:/var/lib/zabbix/mibs:ro \
-v `pwd`/data/snmptraps:/var/lib/zabbix/snmptraps:ro \
-e ENABLE_TIMESCALEDB=true \
-e DB_SERVER_HOST=timescaledb \
-e POSTGRES_USER=zabbix \
-e POSTGRES_PASSWORD=Timescaledb@2022 \
-e POSTGRES_DB=zabbix \
-e ZBX_JAVAGATEWAY_ENABLE=true \
-e ZBX_STARTJAVAPOLLERS=5 \
-e ZBX_ENABLE_SNMP_TRAPS=true \
-e ZBX_TIMEOUT=30 \
zabbix/zabbix-server-pgsql:6.0-alpine-latest
EOF
bash start.sh
三、zabbix_nginx
mkdir /data/zabbix/nginx -p && cd /data/zabbix/nginx
cat > start.sh << 'EOF'
#!/bin/bash
docker rm -f zabbix_nginx
cd `dirname $0`
docker run -d \
--name zabbix_nginx \
--restart always \
-p 8080:8080 \
-p 443:443 \
--add-host=timescaledb:192.168.11.101 \
--add-host=zabbix-server:192.168.11.101 \
-v /etc/localtime:/etc/localtime:ro \
-v `pwd`/data/ssl:/etc/ssl/nginx:ro \
-v `pwd`/data/modules/:/usr/share/zabbix/modules/:ro \
-e ZBX_SERVER_HOST=zabbix-server \
-e DB_SERVER_HOST=timescaledb \
-e POSTGRES_USER=zabbix \
-e POSTGRES_PASSWORD=Timescaledb@2022 \
-e POSTGRES_DB=zabbix \
zabbix/zabbix-web-nginx-pgsql:6.0-alpine-latest
EOF
bash start.sh
四、zabbix_java_gateway
mkdir /data/zabbix/zabbix_java_gateway -p && cd /data/zabbix/zabbix_java_gateway
cat > start.sh << 'EOF'
#!/bin/bash
docker rm -f zabbix_java_gateway
cd `dirname $0`
docker run -d \
--name zabbix_java_gateway \
--restart always \
--add-host=zabbix-server:192.168.11.101 \
-p 10052:10052 \
-v /etc/localtime:/etc/localtime:ro \
zabbix/zabbix-java-gateway:6.0-alpine-latest
EOF
bash start.sh
五、zabbix_snmptraps
mkdir /data/zabbix/zabbix_snmptraps -p && cd /data/zabbix/zabbix_snmptraps
cat > start.sh << 'EOF'
#!/bin/bash
docker rm -f zabbix_snmptraps
cd `dirname $0`
docker run -d \
--name zabbix_snmptraps \
--restart always \
--add-host=zabbix-server:192.168.11.101 \
-p "162:1162/udp" \
-v /etc/localtime:/etc/localtime:ro \
-v /data/zabbix_server/data/snmptraps:/var/lib/zabbix/snmptraps:rw \
zabbix/zabbix-snmptraps:6.0-alpine-latest
EOF
bash start.sh
六、zabbix_web_service
mkdir /data/zabbix/zabbix_web_service -p && cd /data/zabbix/zabbix_web_service
cat > start.sh << 'EOF'
#!/bin/bash
docker rm -f zabbix_web_service
cd `dirname $0`
docker run -d \
--name zabbix_web_service \
--restart always \
-p 10053:10053 \
--cap-add=SYS_ADMIN \
--add-host=zabbix-server:192.168.11.101 \
-v /etc/localtime:/etc/localtime:ro \
-e ZBX_LISTENPORT=10053 \
-e ZBX_ALLOWEDIP=zabbix-server \
zabbix/zabbix-web-service:6.0-alpine-latest
EOF
#ZBX_ALLOWEDIP有多个值时用“逗号”隔开
bash start.sh
七、zabbix_agent2
方法一 rpm安装
#下载zabbix-agent2
wget --no-check-certificate https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-agent2-6.0.5-1.el7.x86_64.rpm
wget --no-check-certificate https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-get-6.0.5-1.el7.x86_64.rpm
wget --no-check-certificate https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-sender-6.0.5-1.el7.x86_64.rpm
rpm -ivh *.rpm
cat > /etc/zabbix/zabbix_agent2.conf << 'EOF'
PidFile=/var/run/zabbix/zabbix_agent2.pid
LogFile=/var/log/zabbix/zabbix_agent2.log
LogFileSize=0
Server=192.168.11.101
ServerActive=192.168.11.101:10051
Hostname=192.168.11.101
Include=/etc/zabbix/zabbix_agent2.d/*.conf
ControlSocket=/tmp/agent.sock
EOF
systemctl enable zabbix-agent2
systemctl start zabbix-agent2
systemctl status zabbix-agent2
方法二 docker
mkdir /data/zabbix/zabbix_agent2/conf -p && cd /data/zabbix/zabbix_agent2
cat > /data/zabbix/zabbix_agent2/conf/zabbix_agent2.conf << 'EOF'
PidFile=/var/run/zabbix/zabbix_agent2.pid
LogFile=/var/log/zabbix/zabbix_agent2.log
LogFileSize=0
Server=192.168.11.101
ServerActive=192.168.11.101:10051
Hostname=192.168.11.101
Include=/etc/zabbix/zabbix_agent2.d/*.conf
ControlSocket=/tmp/agent.sock
EOF
cat > start.sh << 'EOF'
#!/bin/bash
docker rm -f zabbix_agent2
cd `dirname $0`
docker run -d \
--name zabbix_agent2 \
--restart always \
--net host \
--privileged \
-v /etc/localtime:/etc/localtime:ro \
-v `pwd`/conf/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro \
-v `pwd`/conf/zabbix_agent2.conf:/etc/zabbix/zabbix_agent2.conf \
zabbix/zabbix-agent2:6.0-centos-latest
EOF
bash start.sh
方法三 二进制部置zabbix-agent2
#提取zabbix-agent2二进制文件
groupadd zabbix
useradd zabbix -g zabbix
#安装依赖pcre2
yum install pcre2 -y
wget --no-check-certificate https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-agent2-6.0.5-1.el7.x86_64.rpm
wget --no-check-certificate https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-get-6.0.5-1.el7.x86_64.rpm
wget --no-check-certificate https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-sender-6.0.5-1.el7.x86_64.rpm
rpm2cpio https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-agent2-6.0.5-1.el7.x86_64.rpm |cpio -idv ./usr/sbin/zabbix_agent2
mkdir -p /data/zabbix_agent2/{sbin,log,zabbix_agent2.d}
mv ./usr/sbin/zabbix_agent2 /data/zabbix_agent2/sbin/
chown-R zabbix.zabbix /data/zabbix_agent2
cat > /etc/systemd/system/zabbix-agent2.service << 'EOF'
[Unit]
Description=Zabbix Agent 2
After=syslog.target
After=network.target
[Service]
Environment="CONFFILE=/data/zabbix_agent2/zabbix_agent2.conf"
EnvironmentFile=-/etc/sysconfig/zabbix-agent2
Type=simple
Restart=on-failure
PIDFile=/data/zabbix_agent2/zabbix_agent2.pid
KillMode=control-group
ExecStart=/data/zabbix_agent2/sbin/zabbix_agent2 -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s
User=zabbix
Group=zabbix
[Install]
WantedBy=multi-user.target
EOF
cat > /data/zabbix_agent2/zabbix_agent2.conf << 'EOF'
PidFile=/data/zabbix_agent2/zabbix_agent2.pid
LogFile=/data/zabbix_agent2/log/zabbix_agent2.log
LogFileSize=0
Server=192.168.11.100
ServerActive=192.168.11.100:10051
Hostname=192.168.11.100
Include=/data/zabbix_agent2/zabbix_agent2.d/*.conf
ControlSocket=/tmp/agent.sock
EOF
systemctl daemon-reload
systemctl enable zabbix-agent2
systemctl start zabbix-agent2
systemctl status zabbix-agent2
八、使用Node_exporter作为zabbix的客户端
mkdir /data/node_exporter/ -p
cat >/data/node_exporter/start.sh<< 'EOF'
docker run -d \
--name node_exporter \
--restart=always \
--pid="host" \
--net=host \
-v "/proc:/host/proc:ro" \
-v "/sys:/host/sys:ro" \
-v "/:/rootfs:ro" \
-v /etc/localtime:/etc/localtime:ro \
prom/node-exporter \
--path.procfs=/host/proc \
--path.rootfs=/rootfs \
--path.sysfs=/host/sys \
--collector.filesystem.ignored-mount-points='^/(sys|proc|dev|host|etc)($$|/)'
EOF
bash /data/node_exporter/start.sh
九、grafana与zabbix集成
mkdir /data/zabbix/grafana/data -p
chown 472 /data/zabbix/grafana/data
#启动脚本
cat > /data/zabbix/grafana/start.sh << 'EOF'
docker rm -f zabbix_grafana
cd `dirname $0`
docker run -d \
--name zabbix_grafana \
--restart=always \
--user 472 \
-p 3000:3000 \
-e "GF_SECURITY_ADMIN_PASSWORD=Grafana@2O22" \
-e "GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource,grafana-piechart-panel,alexanderzobnin-zabbix-app" \
-v `pwd`/data:/var/lib/grafana \
-v /etc/localtime:/etc/localtime:ro \
grafana/grafana:8.5.6
EOF
bash /data/zabbix/grafana/start.sh
URL: http://192.168.11.101:8080/api_jsonrpc.php
grafana 图表
grafana_id: 5363
grafana_id: 5456
自定义图
十一、 企业微信告警
配置警报媒介类型
1、管理–>警报媒介类型–>新建wx_webhook
(脚本的三个参数都是zabbix内置变量,分别为:报警收件人:{ALERT.SENDTO}、报警标题:{ALERT.SUBJECT}、报警内容:{ALERT.MESSAGE})
名称: qiwei_robot
类型:脚本
脚本名称:wx_webhook.py
脚本参数
参数 :
名称 值
Message {ALERT.MESSAGE}
Subject {ALERT.SUBJECT}
To {ALERT.SENDTO}
Token 2fe963bf-7a37-4ab4-90d1-55569ff533e3 # 群聊机器人webhook地址的key
脚本:( zabbix5.4可用)
```python
var Wechat = {
token: null,
to: null,
message: null,
parse_mode: null,
sendMessage: function() {
var params = {
msgtype: "markdown",
chat_id: Wechat.to,
markdown: {
content:Wechat.message
},
disable_web_page_preview: true,
disable_notification: false
},
data,
response,
request = new CurlHttpRequest(),
url = 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=' + Wechat.token;
if (Wechat.parse_mode !== null) {
params['parse_mode'] = Wechat.parse_mode;
}
request.AddHeader('Content-Type: application/json');
data = JSON.stringify(params);
// Remove replace() function if you want to see the exposed token in the log file.
Zabbix.Log(4, '[Wechat Webhook] URL: ' + url.replace(Wechat.token, '<TOKEN>'));
Zabbix.Log(4, '[Wechat Webhook] params: ' + data);
response = request.Post(url, data);
Zabbix.Log(4, '[Wechat Webhook] HTTP code: ' + request.Status());
Zabbix.Log(4, '[Wechat Webhook] response: ' + response);
try {
response = JSON.parse(response);
}
catch (error) {
response = null;
Zabbix.Log(4, '[Wechat Webhook] response parse error');
}
if (request.Status() !== 200 || response.errcode !== 0 || response.errmsg !== 'ok') {
if (typeof response.errmsg === 'string') {
throw response.errmsg;
}
else {
throw 'Unknown error. Check debug log for more information.'
}
}
}
}
try {
var params = JSON.parse(value);
if (typeof params.Token === 'undefined') {
throw 'Incorrect value is given for parameter "Token": parameter is missing';
}
Wechat.token = params.Token;
if (['Markdown', 'HTML', 'MarkdownV2'].indexOf(params.ParseMode) !== -1) {
Wechat.parse_mode = params.ParseMode;
}
Wechat.to = params.To;
Wechat.message = params.Subject + '\n' + params.Message;
Wechat.sendMessage();
return 'OK';
}
catch (error) {
Zabbix.Log(4, '[Wechat Webhook] notification failed: ' + error);
throw 'Sending failed: ' + error + '.';
}
脚本:( zabbix6.2可用) 主要是CurlHttpRequest变更为HttpRequest引起
var Wechat = {
token: null,
to: null,
message: null,
parse_mode: null,
sendMessage: function() {
var params = {
msgtype: "markdown",
chat_id: Wechat.to,
markdown: {
content:Wechat.message
},
disable_web_page_preview: true,
disable_notification: false
},
data,
response,
request = new HttpRequest(),
url = 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=' + Wechat.token;
if (Wechat.parse_mode !== null) {
params['parse_mode'] = Wechat.parse_mode;
}
request.addHeader('Content-Type: application/json');
data = JSON.stringify(params);
// Remove replace() function if you want to see the exposed token in the log file.
Zabbix.log(4, '[Wechat Webhook] URL: ' + url.replace(Wechat.token, '<TOKEN>'));
Zabbix.log(4, '[Wechat Webhook] params: ' + data);
response = request.post(url, data);
Zabbix.log(4, '[Wechat Webhook] HTTP code: ' + request.getStatus());
Zabbix.log(4, '[Wechat Webhook] response: ' + response);
try {
response = JSON.parse(response);
}
catch (error) {
response = null;
Zabbix.log(4, '[Wechat Webhook] response parse error');
}
if (request.getStatus() !== 200 || response.errcode !== 0 || response.errmsg !== 'ok') {
if (typeof response.errmsg === 'string') {
throw response.errmsg;
}
else {
throw 'Unknown error. Check debug log for more information.'
}
}
}
}
try {
var params = JSON.parse(value);
if (typeof params.Token === 'undefined') {
throw 'Incorrect value is given for parameter "Token": parameter is missing';
}
Wechat.token = params.Token;
if (['Markdown', 'HTML', 'MarkdownV2'].indexOf(params.ParseMode) !== -1) {
Wechat.parse_mode = params.ParseMode;
}
Wechat.to = params.To;
Wechat.message = params.Subject + '\n' + params.Message;
Wechat.sendMessage();
return 'OK';
}
catch (error) {
Zabbix.log(4, '[Wechat Webhook] notification failed: ' + error);
throw 'Sending failed: ' + error + '.';
}
2、配置Message templates
报警媒介类型–>Message type
问题模板
message type: 问题
主题:告警通知
消息:
当前状态:<font color="warning">{TRIGGER.STATUS}</font>
告警IP:{HOST.IP}
所属群组:{TRIGGER.HOSTGROUP.NAME}
告警等级:<font color="warning">{TRIGGER.SEVERITY}</font>
告警信息:{TRIGGER.NAME}
当前详情:{ITEM.NAME} <font color="warning">{ITEM.VALUE}</font>
告警时间:{EVENT.DATE} {EVENT.TIME}
问题恢复模板
message type: promeble recovery
主题:恢复通知
消息:
当前状态:<font color="info">{TRIGGER.STATUS}</font>
告警IP:{HOST.IP}
所属群组:{TRIGGER.HOSTGROUP.NAME}
告警信息:{TRIGGER.NAME}
当前详情:{ITEM.NAME} <font color="info">{ITEM.VALUE}</font>
恢复时间:{EVENT.RECOVERY.DATE} {EVENT.RECOVERY.TIME}
持续时间:{EVENT.AGE}
二、设置action,使警报生效
配置–>动作–>trigger actions–>创建动作
1、动作–>名称:wx_webhook
条件:触发器示警度 大于等于 警告
2、操作–>
默认操作步骤持续时间: 1h
操作
步骤: 1 - 3 #以持续时间为间隔发送3次,条件为没有确认
步骤持续时间: 60s #60秒内不重复发送告警
发送消息给用户: Admin
发送消息给用户群组: Zabbix administrators
仅送到:wx_webhook
条件: Event is not acknowledged
三、对用户配置告警策略
管理–>用户–>Admin(选择用户)–>报警媒介–>添加
类型:wx_webhook (自定义名称)
收件人: 通信员 (随便)
当启用时: 1-7,00:00-24:00 (默认就好)
4、验证
十二、使用elasticsearch存放历史数据
https://blog.csdn.net/peyte1/article/details/84941560
十三、zabbix监控tcp scoket 状态
tcp_status脚本
cat > /etc/zabbix/zabbix_agent2.d/tcp_status.sh << 'EOF'
#!/bin/bash
#用ss生成scoket的状态文件,
tcp_check_interval(){
INTERVAL_TIME=$1
timestamp=`date +%s`
filepath=/dev/shm/tcp_conn.txt
if [ ! -f $filepath ];then
touch $filepath
fi
if [ -f $filepath ];then
filetimestamp=`stat -c %Y $filepath`
timecha=$[$timestamp - $filetimestamp]
if [ $timecha -gt $INTERVAL_TIME ];then
ss -ant| awk 'NR>1 {++s[$1]} END {for(k in s) print k,s[k]}' > /dev/shm/tcp_conn.txt
fi
fi
echo $INTERVAL_TIME
}
#读取scoket的状态文件
tcp_conn_status(){
TCP_STAT=$1
TCP_NUM=$(grep "$TCP_STAT" /dev/shm/tcp_conn.txt|cut -d ' ' -f2)
if [ -z $TCP_NUM ];then
TCP_NUM=0
fi
echo $TCP_NUM
}
main(){
case $1 in
tcp_check_interval)
tcp_check_interval $2;
;;
tcp_status)
tcp_conn_status $2;
;;
esac
}
main $1 $2
EOF
cat > /etc/zabbix/zabbix_agent2.d/tcp_status.conf << 'EOF'
UserParameter=tcp_status[*],/bin/bash /etc/zabbix/zabbix_agent2.d/tcp_status.sh $1 $2
EOF
配置模板
触发器
名称: ESTAB连接数超过告警值4w
严重性: 严重
问题表现形式: last(/gw_pro_tcp_status_jiankong/tcp_status[“tcp_status”,“ESTAB”])>40000
恢复表达式: last(/gw_pro_tcp_status_jiankong/tcp_status[“tcp_status”,“ESTAB”])<=40000
十四、web场景监控
1、配置–》》模板–》》创建模板–》》模板
模版名称: gw_healthcheck
可见的名称: 服务自检_healthcheck
群组:Templates
2、配置–》》模板–》》创建模板–》》宏
宏: {$SMARTGATE_PORT}
ֵ值: 80
描述: 网关服务器端口
配置–》》模板–》》gw_healthcheck(选择刚刚创建的模板)–》Web 场景–》创建Web场景–》场景
名称:gw_self_healthcheck
更新间隔:30s
尝试次数: 2
客户端: Zabbix
配置–》》模板–》》gw_healthcheck(选择刚刚创建的模板)–》Web 场景–》创建Web场景–》步骤–》添加
名称: gw_self_healthcheck
URL: http://{HOST.CONN}:{$SMARTGATE_PORT}/dail_healthcheck
超时:15s
要求的字串:返回成功
要求的状态码:200
触发器
表达式:count(/gw_healthcheck/web.test.rspcode[gw_self_healthcheck,gw_self_healthcheck],2m,“200”)<2 and last(/gw_healthcheck/web.test.rspcode[gw_self_healthcheck,gw_self_healthcheck])<>200
十五、zabbix LLD
参考:https://www.cnblogs.com/smail-bao/p/6043726.html --初级
https://blog.csdn.net/u013272009/article/details/90486079–高级
十六、zabbix基于ansible的自动化集成
https://github.com/smejdil/import-default-zabbix-templates --自动加载模板 (支持xml和json格式)
注意:ansible 使用python3版本
#安装依赖
yum install python3-pip git lrzsz -y
pip3 install zabbix-api
cd /tmp/
git clone https://github.com/smejdil/import-default-zabbix-templates
cd import-default-zabbix-templates
#ansbile-galaxy只支持ansible 2.9以上版本
#ansible-galaxy collection install -r requirements.yml
#下载ansible-galaxy模块:https://galaxy.ansible.com/community/zabbix
#本地文件安装
#wget https://galaxy.ansible.com/download/community-zabbix-1.5.1.tar.gz
#ansible-galaxy collection install ./community-zabbix-1.5.1.tar.gz
ansible-galaxy collection install community.zabbix:1.5.1
export ZABBIX_USER=Admin
export ZABBIX_PASSWORD=zabbix
export ZABBIX_VERISON="6.0.5"
mkdir /tmp/zabbix/templates/app/gateway -p #把模板放到目录下,支持xml和json格式的模板
cd /tmp/
tar cvzf zabbix-templates-${ZABBIX_VERISON}.tar.gz zabbix/templates/
cd /tmp/import-default-zabbix-templates
vi /tmp/import-default-zabbix-templates/vars/vars.yml
#修改vars/vars.yml下的变量
server_url: http://192.168.11.101:8080 #修改此值为zabbix的真实IP
validate_certs: no
cd /tmp/import-default-zabbix-templates
bash -x import-zabbix-templates.sh
十七、zabbix_proxy
#zabbix_porxy与zabbix部署在不同的服务器上
mkdir /data/zabbix/zabbix_proxy -p && cd /data/zabbix/zabbix_proxy
cat > start.sh << 'EOF'
#!/bin/bash
docker rm -f zabbix_proxy
cd `dirname $0`
docker run -d \
--name zabbix_proxy \
--restart always \
-p 10061:10051 \
--add-host=zabbix-server:192.168.11.101 \
-v /etc/localtime:/etc/localtime:ro \
-v `pwd`/data/externalscripts:/usr/lib/zabbix/externalscripts:ro \
-v `pwd`/data/modules:/var/lib/zabbix/modules:ro \
-v `pwd`/data/enc:/var/lib/zabbix/enc:ro \
-v `pwd`/data/ssh_keys:/var/lib/zabbix/ssh_keys:ro \
-v `pwd`/data/mibs:/var/lib/zabbix/mibs:ro \
-v `pwd`/data/snmptraps:/var/lib/zabbix/snmptraps:rw \
-e ZBX_HOSTNAME=zabbix-proxy-sqlite3 \
-e ZBX_PROXYMODE=0 \
-e ZBX_SERVER_HOST=zabbix-server \
-e ZBX_SERVER_PORT=10051 \
-e ZBX_TIMEOUT=30 \
zabbix/zabbix-proxy-sqlite3:alpine-6.0-latest
EOF
bash start.sh
配置代理:
管理–》》agent代理程序–》》创建代理
agent代理程序名称:zabbix-proxy-sqlite3 #与zabbix_proxy的配置ZBX_HOSTNAME对应一致
十八、psk加密
#生成psk密码
openssl rand -hex 32 > /etc/zabbix/zabbix_agent2.d/zabbix.psk
#配置zabbix-agent2
vi /etc/zabbix/zabbix-agent2.conf
TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=PSK 001
TLSPSKFile=/etc/zabbix/zabbix_agent2.d/zabbix.psk
#配置服务器上的”主机加密项“
配置成功后会出现以下提示
十九、证书有效期监控
有多个域名监控,就建多个hosts
添加宏 {$CERT.WEBSITE.HOSTNAME} https://www.21cn.com
二十、钉钉告警(webhook)
参考: https://blog.csdn.net/lyace2010/article/details/124744970
zabbix(6.2)
var Ding = {
url: null, //带access_token的URL
at_all: true, //是否@所有人
title: null, //标题
message: null, //消息内容
user_info: null, //@的用户
proxy: null, //代理
sendMessage: function(){
// 提交数据
var params = {
msgtype: 'markdown',
markdown: {
title: Ding.title,
text: Ding.message
},
at: {
atMobiles: [
Ding.user_info,
],
isAtAll: Ding.at_all
}
},
data, //格式化后的提交数据
response, //响应对象
request = new HttpRequest(); //新建http请求
if(Ding.proxy){ //判断代理
request.setProxy(Ding.proxy);
}
request.addHeader('Content-Type: application/json; charset=UTF-8'); //添加http头
// 格式化数据
data = JSON.stringify(params);
Zabbix.log(4, "url: " + Ding.url);
Zabbix.log(4, "params: " + data);
response = request.post(Ding.url, data); //发送请求
Zabbix.log(4, "http code: " + request.getStatus());
// 格式化响应
try{
response = JSON.parse(response);
}catch(error){
response = null;
}
// 判断http响应是否为200 钉钉服务器响应是否无错误
if(request.getStatus() !== 200 || response.errcode !== 0){
if(typeof response.errmsg === "string"){
Zabbix.log(4, "error: " + JSON.stringify(response));
throw JSON.stringify(response);
}else{
throw "unknown error.";
}
}
},
};
try{
var params = JSON.parse(value); //格式化脚本参数
if(typeof params.URL === "undefined"){ //验证URL参数
throw 'parameter "URL" is missing';
}
if(typeof params.To === "undefined"){ //验证To参数
throw 'parameter "To" is missing';
}
if(typeof params.Message === "undefined"){ //验证Message参数
throw 'parameter "Message" is missing';
}
if(typeof params.Subject === "undefined"){ //验证Subject参数
throw 'parameter "Message" is missing';
}
// 验证All参数 判断是否@所有人
if(params.All){
Ding.at_all = true;
}else{
Ding.at_all = false;
}
// 验证代理 是否添加代理
if(params.HTTPProxy){
Ding.proxy = params.HTTPProxy;
}
// 参数赋值
Ding.url = params.URL;
Ding.message = params.Message;
Ding.user_info = params.To;
Ding.title = params.Subject;
// 发送请求
Ding.sendMessage();
return "OK";
}catch(error){
Zabbix.log(4, "sending failed: " + error);
throw "sending failed: " + error + ".";
}
更多推荐
所有评论(0)