Nginx tcp stream monitoring for zabbix application Series

Nginx tcp stream monitoring for zabbix application Series
Nginx tcp stream monitoring for zabbix application Series

1. Implementation ideas

• Native support

• Obtain by analyzing logs

• Obtain from Analysis Network

2. native support and Log AnalysisNginx's support for monitoring

• Nginx provides the status module. Currently, only http-related information can be obtained. tcp and udp-related status information is not implemented in the current stable version 1.10.3.
• Log records are not implemented in stable versions, and later versions are supported after checking nginx documentation: [The ngx_stream_log_module module (1.11.4) writes session logs in the specified format.] http://nginx.org/en/docs/stream/ngx_stream_log_module.html

3. Analyze the network for monitoring

• About the connection status in the nentstat Tool

State       The state of the socket. Since there are no states in raw mode and usu‐       ally no states used in UDP and UDPLite, this column may be left  blank.       Normally this can be one of several values:       ESTABLISHED              The socket has an established connection.       SYN_SENT              The socket is actively attempting to establish a connection.       SYN_RECV              A connection request has been received from the network.       FIN_WAIT1              The socket is closed, and the connection is shutting down.       FIN_WAIT2              Connection  is  closed, and the socket is waiting for a shutdown              from the remote end.       TIME_WAIT              The socket is waiting after close to handle packets still in the              network.       CLOSE  The socket is not being used.       CLOSE_WAIT              The remote end has shut down, waiting for the socket to close.       LAST_ACK              The  remote end has shut down, and the socket is closed. Waiting              for acknowledgement.       LISTEN The socket is listening for incoming connections.  Such  sockets              are  not included in the output unless you specify the --listen‐              ing (-l) or --all (-a) option.       CLOSING              Both sockets are shut down but we still don't have all our  data              sent.       UNKNOWN              The state of the socket is unknown. 

• Introduction to the connection status in the ss network tool replacing netstat in centos7 [ss STATE-FILTER] https://www.systutorials.com/docs/linux/man/8-ss/

STATE-FILTER allows to construct arbitrary set of states to match. Its syntax is sequence of keywords state and exclude followed by identifier of state.Available identifiers are:All standard TCP states: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.all - for all the statesconnected - all the states except for listen and closedsynchronized - all the connected states except for syn-sentbucket - states, which are maintained as minisockets, i.e. time-wait and syn-recvbig - opposite to bucket

• Ss running content example

State      Recv-Q Send-Q      Local Address:Port          Peer Address:PortFIN-WAIT-1 0      1               10.0.1.11:59001         117.61.1.199:20060ESTAB      0      0               10.0.1.11:http          117.61.3.172:38306ESTAB      0      0               10.0.1.11:http        117.61.129.104:15315

4. Script

#!/bin/sh# nginx tcp stream  stats# default two ports 59001 & 59002# c: client to nginx# s: nginx to backend serverfunction c59001 {  ss -t -o state all '( sport = :59001 )' |tail -n +2 |wc -l}function s59001 {  ss -t -o state all '( dport = :59001 )' |tail -n +2 |wc -l}function c59003 {  ss -t -o state all '( sport = :59003 )' |tail -n +2 |wc -l}function s59003 {  ss -t -o state all '( dport = :59003 )' |tail -n +2 |wc -l}function client {  ss -t -o state all '( sport = :http or sport = :https or sport = :59001 or sport = :59003 )' |tail -n +2 |wc -l}function server {  ss -t -o state all |tail -n +2|awk '{print $5}' |grep ^10.0 |wc -l}function all {  client  server}# Run the requested function$1

• Remarks

  The script introduces tcp. Replace the ss parameter-n with-u to count the udp stream.

  The preceding script calculates the total number of connections (including the state of time wait). if you count the number of established connections (established), replace the ss Command in the script with a similar one.

  Ss-o state established '(sport =: 59001 or sport =: 59003 )'

  There are two reasons for replacing netstat with ss in the script: one is that the performance of ss is much higher than that of netstat, especially in the case of a large number of connections (tens of thousands); centos7 has prioritized the installation and use of ss (in the iproute package ), the netstat tool is not installed for the minimum installation :(

5. zabbix settings

• Agent settings

  Save the script to/etc/zabbix/scripts

  vi /etc/zabbix/scripts/nginx-stream.sh

  Set nginxStream. conf save to/etc/zabbixAgentd. d/

  # cat nginx_stream.conf  UserParameter=c59001,/etc/zabbix/scripts/nginx-stream.sh c59001 UserParameter=c59003,/etc/zabbix/scripts/nginx-stream.sh c59003 UserParameter=s59001,/etc/zabbix/scripts/nginx-stream.sh s59001 UserParameter=s59003,/etc/zabbix/scripts/nginx-stream.sh s59003

  Restart zabbixSystemctl restart zabbix-agentTest

  [root@nginx02 ~]# zabbix_agentd -t c59001c59001                                        [t|148][root@nginx02 ~]# zabbix_agentd -t c59003c59003                                        [t|96]

  The agent has been working perfectly!

• Server Settings

  Create template-Create Project (c59001, c59003, s59001, s59003)-set trigger (optional) link host-Create Image-create screen and so on skipped

  The server test is as follows:

  [root@ops01 ~]# zabbix_get -s 10.0.1.12 -k c5900395[root@ops01 ~]# zabbix_get -s 10.0.1.12 -k s59003269 

  6. Graphic Display after setting