Zabbix monitors linux traffic change rate

Monitoring Software: zabbix
Demand Analysis: according to the system monitoring, alarms are generated when the CPU usage exceeds 80%, and the traffic curve reaches the threshold. However, the traffic fluctuates greatly in a short period of time, there must be a problem. At present, it depends mainly on people, and there must be a lag. If a rule can be set, the alarm will be triggered based on the percentage of traffic changes in a short time, this allows you to detect business exceptions or attacks in advance.

1. Obtain the traffic script

#!/bin/bash#while true;doLN=`ifstat -T 1 1 | sed -n '3p' | awk '{print $(NF-1)}'`OUT=`ifstat -T 1 1 | sed -n '3p' | awk '{print $NF}'`#     echo $LN,$OUTecho "$LN+$OUT" | bc > /usr/local/zabbix/net.if/totalnet.txtdone

Ifstats are used to obtain the current traffic and saved to totalnet.txt for future reference.

Analyze a variety of traffic acquisition tools, and finally select ifstat, because it does not distinguish the network card, is universal, then the data is easier to process)

Supplement: This script must be executed in the background and the ifstat tool must be installed.

Ii. Traffic processing script

#!/bin/bash#                                                                                n=`cat /usr/local/zabbix/net.if/totalnet.txt`# echo $n                                                                                old1=`cat /usr/local/zabbix/net.if/1.txt`old2=`cat /usr/local/zabbix/net.if/2.txt`old3=`cat /usr/local/zabbix/net.if/3.txt`old4=`cat /usr/local/zabbix/net.if/4.txt`                                                                                # echo $n,$old1,$old2,$old3,$old4P1=`echo "scale=2;$n/$old1*100" | bc |awk -F. '{print $1}'`P2=`echo "scale=2;$n/$old2*100" | bc |awk -F. '{print $1}'`P3=`echo "scale=2;$n/$old3*100" | bc |awk -F. '{print $1}'`                                                                                # echo $P1,$P2,$P3echo $n > /usr/local/zabbix/net.if/1.txtecho $old1 > /usr/local/zabbix/net.if/2.txtecho $old2 > /usr/local/zabbix/net.if/3.txtecho $old3 > /usr/local/zabbix/net.if/4.txtif [[ $P1 -gt $1 && $P2 -gt $1 && $P3 -gt $1 ]];then    echo 1 elif [[ $P1 -lt $2 && $P2 -lt $2 && $P3 -lt $2 ]];then    echo 1else    echo 0fi

This script extracts data from total.net and compares it with the previous three data. If the ratio is not within the expected range, 1 is returned; otherwise, 0 is returned, in the script, $1 $2 is the expected fluctuation range, which can be specified during zabbix Project Creation as needed. In the trigger definition, the trigger condition can be defined based on the return value.

If you have any shortcomings, I hope you can add them.

This article is from the linuxgfc blog. For more information, contact the author!