Zabbix remote command execution and zabbix Command Execution

Zabbix remote command execution and zabbix Command Execution

Originally published in cu:

When the Zabbix trigger reaches the threshold, an action is executed to send an alarm message or execute a remote command.

This document describes how to configure zabbix to run remote commands.

I. Environment

Server: CentOS-7-x86_64-1511-based;

Zabbix: zabbix-3.0.1server/agent.

Ii. Precautions

Important Notes:

Iii. Example

The following is a simple example:

The monitoring server has no more than two online users in real time. When the threshold value is exceeded, an alarm is triggered and a command is executed to force 3rd logged-on users to go offline so that the monitoring item falls below the threshold value.

1. Set Trigger

Configuration --> Templates --> select "Triggers" of the "Template OS Linux" Template --> Create trigger

# Custom trigger name, which can be macro

Name: User login number gt 2 on {HOST. NAME}

 

Expression: {Template OS Linux: system. users. num. last ()}> 2

# Click "Add" next to "Expression", and use Item + Function of zabbix to set the threshold value, as shown below:

 

# Custom Level

Severity: Warning

You can set other default values and click "Add.

2. Remote Command Switch

# The agent does not support remote command execution by default. You need to open this parameter in the agent configuration file; # agent. the conf file path is modified according to the actual situation. Here is the custom path after compilation and installation. For details, see http://www.cnblogs.com/netonline/p/7406598.html#agent.conf. [Root @ localhost ~] # Sed-I's | # EnableRemoteCommands = 0 | EnableRemoteCommands = 1 | G'/usr/local/zabbix/etc/zabbix_agentd.conf [root @ localhost ~] # Service zabbix_agentd restart

3. Set Action

Configuration --> Actions --> Create action

Action

In the Action option, define Name: Limit the number of online users no more than 2

# You can customize the action name. The default value can be used for the rest of the action options, as shown below:

Conditions

Add a new condition judgment in the Conditions option to make the judgment more targeted, such:

New condition: Trigger severity = Warning

New condition: Trigger name like User login number gt 2

# Trigger name corresponds to the trigger name defined in step 1, as follows:

Operations

In the Operations option, add a New "Action operation" and click "New ",

Operation type: Select "Remote Command"

Target list: Add target as "Current host" # agent on the local machine

Type: Select "Custom script"

Execute on: Select "Zabbix agent" and run the command "sudo/root/test. sh"

#The account for executing commands is zabbix, which is not the root account. If you do not use the sudo command, the command will not take effect after execution,

# In addition, you have tried to use a specific command instead of a script. The result is that the command is executed but it does not take effect, because there is no specific failure log, and the cause cannot be analyzed.

# Use the default values for the remaining parts. Click "Add", as shown below:

4. Remote Command Script

# Edit the Command Script according to the path of the Command Script defined in step 3. [root @ localhost ~] # Vim test. sh #! /Bin/bashPATH =/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin :~ /Binexport PATH # Here we simply think that the tty Number of the 3rd logins is pts/2 pkill-kill-t pts/2 [root @ localhost ~] # Chmod 764 test. sh

5. Configure sudo

# Grant the zabbix account sudo the permission to run commands without a password. For security purposes, you can define the last "ALL" as a specific command; # Or in Step 4, change the script owner to zabbix and have the execution permission. However, note that the directory where the script is placed has the executable or even write permission for the zabbix account, in this way, the script in step 3 does not require sudo to grant permissions [root @ localhost ~] # Export dozabbix ALL = NOPASSWD: ALL

6. Verify

Remotely log on to the host with 3rd tty servers. If you do not perform any other operations under CLI, trigger the trigger threshold and trigger command actions to force 3rd logon users to go offline.

As you can see, when the threshold value of an online user is exceeded, the trigger is in the "PROBLEM" status and lasts for about 1 minute, that is, it is restored to the "OK" status, it indicates that the script command to force 3rd users to deprecate has been executed and executed successfully.

From the historical data of "Number of logged in users" Item, we can also see that when trigger is triggered, 3rd login users will be taken offline.

Under the 3rd tty logon, you can see that the connection is interrupted by the host itself (the local time is displayed, which is different from the host time ).