snmp+mrtg實現對區域網內的linuxServer的監控(zt)
上回看了platinum的"mrtg能做些什麼"貼子,很受啟發,於是也試著做了一個。但當時對 snmpd不是很熟,所以沒有做成功,後來仔細看了一下snmd的有關文章和RH中的/etc/snmp/snmpd.conf檔案,發現用snmp+ mrtg可以很好的實現對區域網內伺服器狀態的監控。
現在就以用snmp+mrtg監控一臺區域網內的redhat機器(IP:192.168.13.103)的網路卡、記憶體、CPU、DISKIO為例子,談一下如何實現。基本的法辦就是用一臺redhat監控機器(IP:192.168.13.105),透過snmpwalk命令去抓目標伺服器的狀態資料,然後用mrtg畫出圖來。
1、首先我們要把目標snmpd.conf檔案的配好。這是用snmpwalk命令一抓取資料的關健。下面是目標機器(IP: 192.168.13.103)上的/etc/snmp/snmpd.conf檔案部份內容,紅色的部份是我對snmpd.conf所做的改動。
[root@wy1 root]# cat /etc/snmp/snmpd.conf
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser default public #定義community名稱為 public,對映到安全名 notConfigUser。
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser #定義安全使用者名稱notConfigUser對映到notConfigGroup組。
group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights to: #定義一個view,來決定notConfigUser可以操作的範圍。
# Make at least snmpwalk -v 1 localhost -c public system fast again. #定義可檢視的snmp的範圍。
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view all included .1
####
# Finally, grant the group read-only access to the systemview view. #給notConfigGroup組所定義view名 all 以只讀許可權。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none#access notConfigGroup "" any noauth exact mib2 none none
# -----------------------------------------------------------------------------
# Here is a commented out example configuration that allows less
# restrictive access.
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
## sec.name source community
#com2sec local localhost COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY
## group.name sec.model sec.name
#group MyRWGroup any local
#group MyROGroup any mynetwork
#
#group MyRWGroup any otherv3user
#...
## incl/excl subtree mask
#view all included .1 80
## -or just the mib2 tree-
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
## context sec.model sec.level prefix read write notif
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all
其實配製一個snmpd.conf檔案不算太難,
(1)首選是定義一個共同體名(community),這裡是public,及可以訪問這個public的使用者名稱(sec name),這裡是notConfigUser。Public相當於使用者notConfigUser的密碼:)
# sec.name source community
com2sec notConfigUser default public
(2)定義一個組名(groupName)這裡是notConfigGroup,及組的安全級別,把notConfigGroup這個使用者加到這個組中。
groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
(3)定義一個可操作的範圍(view)名, 這裡是all,範圍是 .1
# name incl/excl subtree mask(optional)
view all included .1
(4)定義notConfigUser這個組在all這個view範圍內可做的操作,這時定義了notConfigUser組的成員可對.1這個範圍做只讀操作。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none
ok,這樣我們的snmpd.conf檔案就基本配成了,用service snmpd restart重啟snmpd服務。現在我們做一個測試,在監控機上打下面的命令:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public system
SNMPv2-MIB::sysDescr.0 = STRING: Linux wy1 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (7565377) 21:00:53.77
SNMPv2-MIB::sysContact.0 = STRING: Root (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: wy1
SNMPv2-MIB::sysLocation.0 = STRING: wy1.wuying.com (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (10) 0:00:00.10
``````````````````````
“Linux wy1 2.4.20-8smp”作業系統的資訊已經出來了:)
現在我們在目標機上來寫一些指令碼來顯標MEM、CPU、DiskIO
MEM資料的抓取指令碼:
[root@wy1 root]# cat mfree.sh
#!/bin/sh
/usr/bin/free -m | grep Mem |awk '{print $4}'
/usr/bin/free -m | grep Mem |awk '{print $2}'
[root@wy1 root]# sh mfree.sh (上面一個資料是記憶體使用量,下面的是記憶體總量,M)
442
1006
CPU資料的抓取指令碼
[root@wy1 root]# cat cpustat.sh
#!/bin/sh
idle=`sar -u 1 3 | grep Average | awk '{print $6}'`
used=`echo "101 - $idle" | bc -l -s`
echo $used
echo $idle
DiskIO資料的抓取指令碼
[root@wy1 root]# cat iostat.sh (顯示硬碟IO,k/s)
#!/bin/sh
used1=`sar -d 1 3 | tail -1 | awk '{print $4}'`
used2=`echo "$used1 / 2" | bc -l`
echo $used2
echo $used2
好現在我們已經能得到這資料了,怎麼才能讓監控主機透過snmpd得到這些資料呢?可以在目標主機的/etc/snmp/snmpd.conf檔案下面加個這些行:
exec .1.3.6.1.4.1.2021.53 mfree /bin/sh /root/mfree.sh
exec .1.3.6.1.4.1.2021.54 cpustat /bin/sh /root/cpustat.sh
exec .1.3.6.1.4.1.2021.55 iostat /bin/sh /root/iostat.sh
service snmpd restart 重啟目標主機上的snmpd服務。
這樣在監控主機上執行:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.53
UCD-SNMP-MIB::ucdavis.53.1.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.53.2.1 = STRING: "mfree"
UCD-SNMP-MIB::ucdavis.53.3.1 = STRING: "/bin/sh /root/mfree.sh"
UCD-SNMP-MIB::ucdavis.53.100.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.53.101.1 = STRING: "442"
UCD-SNMP-MIB::ucdavis.53.101.2 = STRING: "1006"
UCD-SNMP-MIB::ucdavis.53.102.1 = INTEGER: 0
其中UCD-SNMP-MIB::ucdavis.53.101.1 = STRING: "442" 中的442就是mfree.sh輸出的第一個資料,1006是mfree.sh輸出的第二個資料。OK,再做一下加工:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.53 | grep 53.101 | awk -F" '{print $2}'
443
1006
好,我們已經透過snmpd從監控主機上得到了目標主機上記憶體使用的這兩個資料了:),其它的兩個指令碼也一樣:
CPU使用、空閒。
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.54 | grep 54.101 | awk -F" '{print $2}'
1.17
99.83
DISK IO 狀態:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.55 | grep 55.101 | awk -F" '{print $2}'
43.00000000000000000000
43.00000000000000000000
最後是編輯監控主機上的mrtg.cfg檔案,在Target[xxxx]中加入上面的命令,下面是我的mrtg.cfg檔案,前面的兩個 Target是我用/usr/bin/cfgmaker --global 'WorkDir: /home/httpd/mrtg/net' --global 'Options[_]:growright,bits' --ifref=ip public@192.168.13.103 命令生成的,後面的是我跟據platinum 的"mrtg能做些什麼"的貼子內的mrtg.cfg檔案改的。(在精華里,大家可以看一下)。
[root@wy1 root]# cat /home/httpd/mrtg/103/mrtg.cfg
# Created by
# /usr/bin/cfgmaker --global 'WorkDir: /home/httpd/mrtg/net' --global 'Options[_]:growright,bits' --ifref=ip public@192.168.13.103
### Global Config Options
# for UNIX
# WorkDir: /home/http/mrtg
# or for NT
# WorkDir: c:mrtgdata
### Global Defaults
# to get bits instead of bytes and graphs growing to the right
# Options[_]: growright, bits
WorkDir: /home/httpd/mrtg/103
Options[_]:growright,bits
Language: chinese
######################################################################
# System: wy1
# Description: Linux wy1 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686
# Contact: Root (configure /etc/snmp/snmp.local.conf)
# Location: wy1.wuying.com (edit /etc/snmp/snmpd.conf)
######################################################################
### Interface 2 >> Descr: 'eth0' | Name: '' | Ip: '192.168.13.103' | Eth: '00-06-5b-19-9d-ea' ###
Target[192.168.13.103_192.168.13.103]: /192.168.13.103:public@192.168.13.103:
SetEnv[192.168.13.103_192.168.13.103]: MRTG_INT_IP="192.168.13.103" MRTG_INT_DESCR="eth0"
MaxBytes[192.168.13.103_192.168.13.103]: 1250000
Xsize[192.168.13.103_192.168.13.103]: 300
Ysize[192.168.13.103_192.168.13.103]: 100
#kmg[192.168.13.103_192.168.13.103]: K/s,M/s
#kilo[192.168.13.103_192.168.13.103]: 1024
Title[192.168.13.103_192.168.13.103]: Traffic for eth0 192.168.13.103 -- wy1
PageTop[192.168.13.103_192.168.13.103]:
#Options[192.168.13.103_192.168.13.103]: growright,gauge,nopercent
### Interface 3 >> Descr: 'eth1' | Name: '' | Ip: '172.16.0.188' | Eth: '00-06-5b-19-9d-e9' ###
Target[192.168.13.103_172.16.0.188]: /172.16.0.188:public@192.168.13.103:
SetEnv[192.168.13.103_172.16.0.188]: MRTG_INT_IP="172.16.0.188" MRTG_INT_DESCR="eth1"
Xsize[192.168.13.103_172.16.0.188]: 300
Ysize[192.168.13.103_172.16.0.188]: 100
MaxBytes[192.168.13.103_172.16.0.188]: 1250000
#ShortLegend[192.168.13.103_172.16.0.188]:
#kmg[192.168.13.103_172.16.0.188]: b/s,Kb/s
#kilo[192.168.13.103_172.16.0.188]: 1024
Title[192.168.13.103_172.16.0.188]: Traffic for eth1 172.16.0.188 -- wy1
PageTop[192.168.13.103_172.16.0.188]:
#Options[192.168.13.103_172.16.0.188]: growright,gauge,nopercent
###MEM status
Target[wy1_mem]:`snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.53 | grep 53.101 | awk -F" '{print $2}'`
#Targey[wy1_mem]: memTotalReal.0&memAvailReal.0:holdata@holdata.3322.org
Xsize[wy1_mem]: 300
Ysize[wy1_mem]: 100
Ytics[wy1_mem]: 7
MaxBytes[wy1_mem]: 1006
Title[wy1_mem]:Memory State of WY1 IP 192.168.13.103 Server
PageTop[wy1_mem]:
ShortLegend[wy1_mem]: MB
kmg[wy1_mem]: MB
kilo[wy1_mem]:1024
YLegend[wy1_mem]: Memory Usage
Legend1[wy1_mem]: 可用記憶體
Legend2[wy1_mem]: 總記憶體量
Legend3[wy1_mem]: 可用記憶體
Legend4[wy1_mem]: 總記憶體量
LegendI[wy1_mem]: 可用記憶體
LegendO[wy1_mem]: 總記憶體量
Options[wy1_mem]: growright,gauge,nopercent
###cpu status
Target[wy1_CPU]:`snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.54 | grep 54.101 | awk -F" '{print $2}'`
#Targey[wy1_CPU]: memTotalReal.0&memAvailReal.0:holdata@holdata.3322.org
Xsize[wy1_CPU]: 300
Ysize[wy1_CPU]: 100
Ytics[wy1_CPU]: 7
MaxBytes[wy1_CPU]: 100
Title[wy1_CPU]:CPU State of WY1 IP 192.168.13.103 Server
PageTop[wy1_CPU]:
ShortLegend[wy1_CPU]:
kmg[wy1_CPU]: %
#kilo[wy1_CPU]:1024
YLegend[wy1_CPU]: CPU Usage
Legend1[wy1_CPU]: 已用CPU:
Legend2[wy1_CPU]: 可用CPU:
LegendI[wy1_CPU]: 已用CPU:
LegendO[wy1_CPU]: 可用CPU:
Options[wy1_CPU]: growright,gauge,nopercent
###iostat
###cpu status
Target[wy1_IO]:`snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.55 | grep 55.101 | awk -F" '{print $2}'`
#Targey[wy1_IO]: memTotalReal.0&memAvailReal.0:holdata@holdata.3322.org
Xsize[wy1_IO]: 300
Ysize[wy1_IO]: 100
Ytics[wy1_IO]: 7
MaxBytes[wy1_IO]: 10000
Title[wy1_IO]: DISK IO State of WY1 IP 192.168.13.103 Server
PageTop[wy1_IO]:
ShortLegend[wy1_IO]:
kmg[wy1_IO]: K/s,M/s
kilo[wy1_IO]:1024
YLegend[wy1_IO]: DISK IO SPEED
Legend1[wy1_IO]: IO速度:
Legend2[wy1_IO]: IO速度:
LegendI[wy1_IO]: IO速度:
LegendO[wy1_IO]: IO速度:
Options[wy1_IO]: growright,gauge,nopercent
用indexmaker -o /home/httpd/mrtg/103/index.html /home/httpd/mrtg/103/mrtg.cfg 生成網頁,在crontab 中加入*/5 * * * * mrtg /home/httpd/mrtg/103/mrtg.cfg
OK,這樣我們就能透過mrtg生成的圖來監控我們linux的機器的狀態了。在IE中打入http: //192.168.13.105/mrtg/103,mrtg的監控網頁就出來啦(/home/httpd/是我appache的主目錄)。當然我們也能用snmpwalk命令來得到安裝有snmp服務的win2000機器的狀態的資料:
如:
[root@wy1 103]# snmpwalk -v 1 192.168.1.5 -c public HOST-RESOURCES-MIB::hrStorage
HOST-RESOURCES-MIB::hrMemorySize.0 = INTEGER: 3800424 KBytes
HOST-RESOURCES-MIB::hrStorageIndex.1 = INTEGER: 1
HOST-RESOURCES-MIB::hrStorageIndex.2 = INTEGER: 2
HOST-RESOURCES-MIB::hrStorageIndex.3 = INTEGER: 3
HOST-RESOURCES-MIB::hrStorageIndex.4 = INTEGER: 4
HOST-RESOURCES-MIB::hrStorageIndex.5 = INTEGER: 5
HOST-RESOURCES-MIB::hrStorageIndex.6 = INTEGER: 6
HOST-RESOURCES-MIB::hrStorageType.1 = OID: HOST-RESOURCES-TYPES::hrStorageRemovableDisk
HOST-RESOURCES-MIB::hrStorageType.2 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk
HOST-RESOURCES-MIB::hrStorageType.3 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk
HOST-RESOURCES-MIB::hrStorageType.4 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk
HOST-RESOURCES-MIB::hrStorageType.5 = OID: HOST-RESOURCES-TYPES::hrStorageCompactDisc
HOST-RESOURCES-MIB::hrStorageType.6 = OID: HOST-RESOURCES-TYPES::hrStorageVirtualMemory
HOST-RESOURCES-MIB::hrStorageDescr.1 = STRING: A:
HOST-RESOURCES-MIB::hrStorageDescr.2 = STRING: C: Label: Serial Number 581e89fe
HOST-RESOURCES-MIB::hrStorageDescr.3 = STRING: D: Label:New Volume Serial Number 1cde6e55
HOST-RESOURCES-MIB::hrStorageDescr.4 = STRING: E: Label:DATA_BAK Serial Number 30d29147
HOST-RESOURCES-MIB::hrStorageDescr.5 = STRING: F:
HOST-RESOURCES-MIB::hrStorageDescr.6 = STRING: Virtual Memory
HOST-RESOURCES-MIB::hrStorageAllocationUnits.1 = INTEGER: 0 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.2 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.3 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.4 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.5 = INTEGER: 0 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.6 = INTEGER: 65536 Bytes
HOST-RESOURCES-MIB::hrStorageSize.1 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageSize.2 = INTEGER: 2050287
HOST-RESOURCES-MIB::hrStorageSize.3 = INTEGER: 15703529
HOST-RESOURCES-MIB::hrStorageSize.4 = INTEGER: 53263499
HOST-RESOURCES-MIB::hrStorageSize.5 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageSize.6 = INTEGER: 89444
HOST-RESOURCES-MIB::hrStorageUsed.1 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.2 = INTEGER: 1233681
HOST-RESOURCES-MIB::hrStorageUsed.3 = INTEGER: 591593
HOST-RESOURCES-MIB::hrStorageUsed.4 = INTEGER: 23583930
HOST-RESOURCES-MIB::hrStorageUsed.5 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.6 = INTEGER: 50611
HOST-RESOURCES-MIB::hrStorageAllocationFailures.1 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.2 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.3 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.4 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.5 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.6 = Counter32: 0
上面顯示的是192.168.1.5這臺win2000SERVER的磁碟資訊,可以看到磁碟機代號、每個分割槽的空間總量、使用量等。其它的相應建值還有:
Diskused: HOST-RESOURCES-MIB::hrStorageUsed
CPU: HOST-RESOURCES-MIB::hrProcessorLoad
RUN Proc: HOST-RESOURCES-MIB::hrSWRunName
SYS Uptime: HOST-RESOURCES-MIB::hrSystemUptime SNMPv2-MIB::sysUpTime
SYS Date: HOST-RESOURCES-MIB::hrSystemDate
SYS Device: HOST-RESOURCES-MIB::hrDeviceDescr
SYS Descr: SNMPv2-MIB::sysDescr
SYS Name: SNMPv2-MIB::sysName
netcard speed: IF-MIB::ifSpeed
netcard physcal address: IF-MIB::ifPhysAddress
這樣我們就可以用一臺linux主機透過snmp+mrtg來監控多臺區域網內的linux/win2000SERVER了:)。
現在我最關心的是如何讓snmp包穿過防火牆,(我用snmpwalk試了一下,抓不到公司在IDC防火牆後的SERVER的snmp資料)。不然,我就可以用snmp去監控公司在IDC防火牆後的SERVER的狀態了。聽說perl能實現,但不知用什麼樣的方法來實現?
現在就以用snmp+mrtg監控一臺區域網內的redhat機器(IP:192.168.13.103)的網路卡、記憶體、CPU、DISKIO為例子,談一下如何實現。基本的法辦就是用一臺redhat監控機器(IP:192.168.13.105),透過snmpwalk命令去抓目標伺服器的狀態資料,然後用mrtg畫出圖來。
1、首先我們要把目標snmpd.conf檔案的配好。這是用snmpwalk命令一抓取資料的關健。下面是目標機器(IP: 192.168.13.103)上的/etc/snmp/snmpd.conf檔案部份內容,紅色的部份是我對snmpd.conf所做的改動。
[root@wy1 root]# cat /etc/snmp/snmpd.conf
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser default public #定義community名稱為 public,對映到安全名 notConfigUser。
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser #定義安全使用者名稱notConfigUser對映到notConfigGroup組。
group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights to: #定義一個view,來決定notConfigUser可以操作的範圍。
# Make at least snmpwalk -v 1 localhost -c public system fast again. #定義可檢視的snmp的範圍。
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view all included .1
####
# Finally, grant the group read-only access to the systemview view. #給notConfigGroup組所定義view名 all 以只讀許可權。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none#access notConfigGroup "" any noauth exact mib2 none none
# -----------------------------------------------------------------------------
# Here is a commented out example configuration that allows less
# restrictive access.
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
## sec.name source community
#com2sec local localhost COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY
## group.name sec.model sec.name
#group MyRWGroup any local
#group MyROGroup any mynetwork
#
#group MyRWGroup any otherv3user
#...
## incl/excl subtree mask
#view all included .1 80
## -or just the mib2 tree-
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
## context sec.model sec.level prefix read write notif
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all
其實配製一個snmpd.conf檔案不算太難,
(1)首選是定義一個共同體名(community),這裡是public,及可以訪問這個public的使用者名稱(sec name),這裡是notConfigUser。Public相當於使用者notConfigUser的密碼:)
# sec.name source community
com2sec notConfigUser default public
(2)定義一個組名(groupName)這裡是notConfigGroup,及組的安全級別,把notConfigGroup這個使用者加到這個組中。
groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
(3)定義一個可操作的範圍(view)名, 這裡是all,範圍是 .1
# name incl/excl subtree mask(optional)
view all included .1
(4)定義notConfigUser這個組在all這個view範圍內可做的操作,這時定義了notConfigUser組的成員可對.1這個範圍做只讀操作。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none
ok,這樣我們的snmpd.conf檔案就基本配成了,用service snmpd restart重啟snmpd服務。現在我們做一個測試,在監控機上打下面的命令:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public system
SNMPv2-MIB::sysDescr.0 = STRING: Linux wy1 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (7565377) 21:00:53.77
SNMPv2-MIB::sysContact.0 = STRING: Root (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: wy1
SNMPv2-MIB::sysLocation.0 = STRING: wy1.wuying.com (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (10) 0:00:00.10
``````````````````````
“Linux wy1 2.4.20-8smp”作業系統的資訊已經出來了:)
現在我們在目標機上來寫一些指令碼來顯標MEM、CPU、DiskIO
MEM資料的抓取指令碼:
[root@wy1 root]# cat mfree.sh
#!/bin/sh
/usr/bin/free -m | grep Mem |awk '{print $4}'
/usr/bin/free -m | grep Mem |awk '{print $2}'
[root@wy1 root]# sh mfree.sh (上面一個資料是記憶體使用量,下面的是記憶體總量,M)
442
1006
CPU資料的抓取指令碼
[root@wy1 root]# cat cpustat.sh
#!/bin/sh
idle=`sar -u 1 3 | grep Average | awk '{print $6}'`
used=`echo "101 - $idle" | bc -l -s`
echo $used
echo $idle
DiskIO資料的抓取指令碼
[root@wy1 root]# cat iostat.sh (顯示硬碟IO,k/s)
#!/bin/sh
used1=`sar -d 1 3 | tail -1 | awk '{print $4}'`
used2=`echo "$used1 / 2" | bc -l`
echo $used2
echo $used2
好現在我們已經能得到這資料了,怎麼才能讓監控主機透過snmpd得到這些資料呢?可以在目標主機的/etc/snmp/snmpd.conf檔案下面加個這些行:
exec .1.3.6.1.4.1.2021.53 mfree /bin/sh /root/mfree.sh
exec .1.3.6.1.4.1.2021.54 cpustat /bin/sh /root/cpustat.sh
exec .1.3.6.1.4.1.2021.55 iostat /bin/sh /root/iostat.sh
service snmpd restart 重啟目標主機上的snmpd服務。
這樣在監控主機上執行:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.53
UCD-SNMP-MIB::ucdavis.53.1.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.53.2.1 = STRING: "mfree"
UCD-SNMP-MIB::ucdavis.53.3.1 = STRING: "/bin/sh /root/mfree.sh"
UCD-SNMP-MIB::ucdavis.53.100.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.53.101.1 = STRING: "442"
UCD-SNMP-MIB::ucdavis.53.101.2 = STRING: "1006"
UCD-SNMP-MIB::ucdavis.53.102.1 = INTEGER: 0
其中UCD-SNMP-MIB::ucdavis.53.101.1 = STRING: "442" 中的442就是mfree.sh輸出的第一個資料,1006是mfree.sh輸出的第二個資料。OK,再做一下加工:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.53 | grep 53.101 | awk -F" '{print $2}'
443
1006
好,我們已經透過snmpd從監控主機上得到了目標主機上記憶體使用的這兩個資料了:),其它的兩個指令碼也一樣:
CPU使用、空閒。
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.54 | grep 54.101 | awk -F" '{print $2}'
1.17
99.83
DISK IO 狀態:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.55 | grep 55.101 | awk -F" '{print $2}'
43.00000000000000000000
43.00000000000000000000
最後是編輯監控主機上的mrtg.cfg檔案,在Target[xxxx]中加入上面的命令,下面是我的mrtg.cfg檔案,前面的兩個 Target是我用/usr/bin/cfgmaker --global 'WorkDir: /home/httpd/mrtg/net' --global 'Options[_]:growright,bits' --ifref=ip public@192.168.13.103 命令生成的,後面的是我跟據platinum 的"mrtg能做些什麼"的貼子內的mrtg.cfg檔案改的。(在精華里,大家可以看一下)。
[root@wy1 root]# cat /home/httpd/mrtg/103/mrtg.cfg
# Created by
# /usr/bin/cfgmaker --global 'WorkDir: /home/httpd/mrtg/net' --global 'Options[_]:growright,bits' --ifref=ip public@192.168.13.103
### Global Config Options
# for UNIX
# WorkDir: /home/http/mrtg
# or for NT
# WorkDir: c:mrtgdata
### Global Defaults
# to get bits instead of bytes and graphs growing to the right
# Options[_]: growright, bits
WorkDir: /home/httpd/mrtg/103
Options[_]:growright,bits
Language: chinese
######################################################################
# System: wy1
# Description: Linux wy1 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686
# Contact: Root (configure /etc/snmp/snmp.local.conf)
# Location: wy1.wuying.com (edit /etc/snmp/snmpd.conf)
######################################################################
### Interface 2 >> Descr: 'eth0' | Name: '' | Ip: '192.168.13.103' | Eth: '00-06-5b-19-9d-ea' ###
Target[192.168.13.103_192.168.13.103]: /192.168.13.103:public@192.168.13.103:
SetEnv[192.168.13.103_192.168.13.103]: MRTG_INT_IP="192.168.13.103" MRTG_INT_DESCR="eth0"
MaxBytes[192.168.13.103_192.168.13.103]: 1250000
Xsize[192.168.13.103_192.168.13.103]: 300
Ysize[192.168.13.103_192.168.13.103]: 100
#kmg[192.168.13.103_192.168.13.103]: K/s,M/s
#kilo[192.168.13.103_192.168.13.103]: 1024
Title[192.168.13.103_192.168.13.103]: Traffic for eth0 192.168.13.103 -- wy1
PageTop[192.168.13.103_192.168.13.103]:
Traffic for eth0 192.168.13.103 -- wy1
#Options[192.168.13.103_192.168.13.103]: growright,gauge,nopercent
### Interface 3 >> Descr: 'eth1' | Name: '' | Ip: '172.16.0.188' | Eth: '00-06-5b-19-9d-e9' ###
Target[192.168.13.103_172.16.0.188]: /172.16.0.188:public@192.168.13.103:
SetEnv[192.168.13.103_172.16.0.188]: MRTG_INT_IP="172.16.0.188" MRTG_INT_DESCR="eth1"
Xsize[192.168.13.103_172.16.0.188]: 300
Ysize[192.168.13.103_172.16.0.188]: 100
MaxBytes[192.168.13.103_172.16.0.188]: 1250000
#ShortLegend[192.168.13.103_172.16.0.188]:
#kmg[192.168.13.103_172.16.0.188]: b/s,Kb/s
#kilo[192.168.13.103_172.16.0.188]: 1024
Title[192.168.13.103_172.16.0.188]: Traffic for eth1 172.16.0.188 -- wy1
PageTop[192.168.13.103_172.16.0.188]:
Traffic for eth1 172.16.0.188 -- wy1
#Options[192.168.13.103_172.16.0.188]: growright,gauge,nopercent
###MEM status
Target[wy1_mem]:`snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.53 | grep 53.101 | awk -F" '{print $2}'`
#Targey[wy1_mem]: memTotalReal.0&memAvailReal.0:holdata@holdata.3322.org
Xsize[wy1_mem]: 300
Ysize[wy1_mem]: 100
Ytics[wy1_mem]: 7
MaxBytes[wy1_mem]: 1006
Title[wy1_mem]:Memory State of WY1 IP 192.168.13.103 Server
PageTop[wy1_mem]:
Memory State of WY1 IP 192.168.13.103 Server
ShortLegend[wy1_mem]: MB
kmg[wy1_mem]: MB
kilo[wy1_mem]:1024
YLegend[wy1_mem]: Memory Usage
Legend1[wy1_mem]: 可用記憶體
Legend2[wy1_mem]: 總記憶體量
Legend3[wy1_mem]: 可用記憶體
Legend4[wy1_mem]: 總記憶體量
LegendI[wy1_mem]: 可用記憶體
LegendO[wy1_mem]: 總記憶體量
Options[wy1_mem]: growright,gauge,nopercent
###cpu status
Target[wy1_CPU]:`snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.54 | grep 54.101 | awk -F" '{print $2}'`
#Targey[wy1_CPU]: memTotalReal.0&memAvailReal.0:holdata@holdata.3322.org
Xsize[wy1_CPU]: 300
Ysize[wy1_CPU]: 100
Ytics[wy1_CPU]: 7
MaxBytes[wy1_CPU]: 100
Title[wy1_CPU]:CPU State of WY1 IP 192.168.13.103 Server
PageTop[wy1_CPU]:
CPU State of WY1 IP 192.168.13.103 Server
ShortLegend[wy1_CPU]:
kmg[wy1_CPU]: %
#kilo[wy1_CPU]:1024
YLegend[wy1_CPU]: CPU Usage
Legend1[wy1_CPU]: 已用CPU:
Legend2[wy1_CPU]: 可用CPU:
LegendI[wy1_CPU]: 已用CPU:
LegendO[wy1_CPU]: 可用CPU:
Options[wy1_CPU]: growright,gauge,nopercent
###iostat
###cpu status
Target[wy1_IO]:`snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.55 | grep 55.101 | awk -F" '{print $2}'`
#Targey[wy1_IO]: memTotalReal.0&memAvailReal.0:holdata@holdata.3322.org
Xsize[wy1_IO]: 300
Ysize[wy1_IO]: 100
Ytics[wy1_IO]: 7
MaxBytes[wy1_IO]: 10000
Title[wy1_IO]: DISK IO State of WY1 IP 192.168.13.103 Server
PageTop[wy1_IO]:
DISK IO State of WY1 IP 192.168.13.103 Server
ShortLegend[wy1_IO]:
kmg[wy1_IO]: K/s,M/s
kilo[wy1_IO]:1024
YLegend[wy1_IO]: DISK IO SPEED
Legend1[wy1_IO]: IO速度:
Legend2[wy1_IO]: IO速度:
LegendI[wy1_IO]: IO速度:
LegendO[wy1_IO]: IO速度:
Options[wy1_IO]: growright,gauge,nopercent
用indexmaker -o /home/httpd/mrtg/103/index.html /home/httpd/mrtg/103/mrtg.cfg 生成網頁,在crontab 中加入*/5 * * * * mrtg /home/httpd/mrtg/103/mrtg.cfg
OK,這樣我們就能透過mrtg生成的圖來監控我們linux的機器的狀態了。在IE中打入http: //192.168.13.105/mrtg/103,mrtg的監控網頁就出來啦(/home/httpd/是我appache的主目錄)。當然我們也能用snmpwalk命令來得到安裝有snmp服務的win2000機器的狀態的資料:
如:
[root@wy1 103]# snmpwalk -v 1 192.168.1.5 -c public HOST-RESOURCES-MIB::hrStorage
HOST-RESOURCES-MIB::hrMemorySize.0 = INTEGER: 3800424 KBytes
HOST-RESOURCES-MIB::hrStorageIndex.1 = INTEGER: 1
HOST-RESOURCES-MIB::hrStorageIndex.2 = INTEGER: 2
HOST-RESOURCES-MIB::hrStorageIndex.3 = INTEGER: 3
HOST-RESOURCES-MIB::hrStorageIndex.4 = INTEGER: 4
HOST-RESOURCES-MIB::hrStorageIndex.5 = INTEGER: 5
HOST-RESOURCES-MIB::hrStorageIndex.6 = INTEGER: 6
HOST-RESOURCES-MIB::hrStorageType.1 = OID: HOST-RESOURCES-TYPES::hrStorageRemovableDisk
HOST-RESOURCES-MIB::hrStorageType.2 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk
HOST-RESOURCES-MIB::hrStorageType.3 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk
HOST-RESOURCES-MIB::hrStorageType.4 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk
HOST-RESOURCES-MIB::hrStorageType.5 = OID: HOST-RESOURCES-TYPES::hrStorageCompactDisc
HOST-RESOURCES-MIB::hrStorageType.6 = OID: HOST-RESOURCES-TYPES::hrStorageVirtualMemory
HOST-RESOURCES-MIB::hrStorageDescr.1 = STRING: A:
HOST-RESOURCES-MIB::hrStorageDescr.2 = STRING: C: Label: Serial Number 581e89fe
HOST-RESOURCES-MIB::hrStorageDescr.3 = STRING: D: Label:New Volume Serial Number 1cde6e55
HOST-RESOURCES-MIB::hrStorageDescr.4 = STRING: E: Label:DATA_BAK Serial Number 30d29147
HOST-RESOURCES-MIB::hrStorageDescr.5 = STRING: F:
HOST-RESOURCES-MIB::hrStorageDescr.6 = STRING: Virtual Memory
HOST-RESOURCES-MIB::hrStorageAllocationUnits.1 = INTEGER: 0 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.2 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.3 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.4 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.5 = INTEGER: 0 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.6 = INTEGER: 65536 Bytes
HOST-RESOURCES-MIB::hrStorageSize.1 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageSize.2 = INTEGER: 2050287
HOST-RESOURCES-MIB::hrStorageSize.3 = INTEGER: 15703529
HOST-RESOURCES-MIB::hrStorageSize.4 = INTEGER: 53263499
HOST-RESOURCES-MIB::hrStorageSize.5 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageSize.6 = INTEGER: 89444
HOST-RESOURCES-MIB::hrStorageUsed.1 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.2 = INTEGER: 1233681
HOST-RESOURCES-MIB::hrStorageUsed.3 = INTEGER: 591593
HOST-RESOURCES-MIB::hrStorageUsed.4 = INTEGER: 23583930
HOST-RESOURCES-MIB::hrStorageUsed.5 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.6 = INTEGER: 50611
HOST-RESOURCES-MIB::hrStorageAllocationFailures.1 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.2 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.3 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.4 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.5 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.6 = Counter32: 0
上面顯示的是192.168.1.5這臺win2000SERVER的磁碟資訊,可以看到磁碟機代號、每個分割槽的空間總量、使用量等。其它的相應建值還有:
Diskused: HOST-RESOURCES-MIB::hrStorageUsed
CPU: HOST-RESOURCES-MIB::hrProcessorLoad
RUN Proc: HOST-RESOURCES-MIB::hrSWRunName
SYS Uptime: HOST-RESOURCES-MIB::hrSystemUptime SNMPv2-MIB::sysUpTime
SYS Date: HOST-RESOURCES-MIB::hrSystemDate
SYS Device: HOST-RESOURCES-MIB::hrDeviceDescr
SYS Descr: SNMPv2-MIB::sysDescr
SYS Name: SNMPv2-MIB::sysName
netcard speed: IF-MIB::ifSpeed
netcard physcal address: IF-MIB::ifPhysAddress
這樣我們就可以用一臺linux主機透過snmp+mrtg來監控多臺區域網內的linux/win2000SERVER了:)。
現在我最關心的是如何讓snmp包穿過防火牆,(我用snmpwalk試了一下,抓不到公司在IDC防火牆後的SERVER的snmp資料)。不然,我就可以用snmp去監控公司在IDC防火牆後的SERVER的狀態了。聽說perl能實現,但不知用什麼樣的方法來實現?
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/312079/viewspace-245714/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 使用樹莓派搭建區域網監控樹莓派
- 教你如何使用樹莓派搭建區域網監控樹莓派
- TiDB監控實現--存活監控TiDB
- Java實現ZooKeeper的zNode監控Java
- 簡單的區域網內通訊
- 使用IntersectionObserver 實現:自動監聽元素是否進入了裝置的可視區域之內Server
- Linux下如何實現區域網內網路裝置相互通訊Linux內網
- OpenTelemetry 實戰:gRPC 監控的實現原理RPC
- 藉助sIoT可以通過手機app實現區域網內的裝置操控。APP
- 網路卡流量監控指令碼,python實現指令碼Python
- 企業網盤實現區域網共享
- 國內免費的網站監控工具測評網站
- Docker容器的自動化監控實現Docker
- 10-SpringBoot 工程的健康監控實現Spring Boot
- 遠端影片監控實現的條件
- 如何實現一個IOS網路監控元件iOS元件
- 技術分享 | Linux 環境下針對程式維度的監控實現Linux
- 【CTF】msf和impacket聯合拿域控內網滲透-拿域控內網
- 一種對雲主機進行效能監控的監控系統及其監控方法
- upptime:使用GitHub Actions監控你的網站健康監控Github網站
- 區域網的管理
- 如何進行網站的真實使用者監控(RUM)?怎麼進入監控網站網站
- 網站安全監控的方法講解,網站安全監控技術網站
- OpManager:網路監控的利器
- 網站內容監控工具:Website Watchman for Mac網站WebMac
- 基於Vue實現圖片在指定區域內移動Vue
- 鬥魚 Juno 監控中心的設計與實現
- 基於 ZooKeeper 實現爬蟲叢集的監控爬蟲
- 基於 IntersectionObserver 實現一個元件的曝光監控Server元件
- 監聽發現區域網dropbox客戶端broadcast-dropbox-listener客戶端AST
- 工地遠端監控怎樣實現異地組網
- 網站監控網站劫持,網站監控網站劫持有哪些需要注意的網站
- Prometheus+Grafana實現服務效能監控:windows主機監控、Spring Boot監控、Spring Cloud Alibaba Seata監控PrometheusGrafanaWindowsSpring BootCloud
- Padavan安裝使用ZeroTier實現組建虛擬區域網的方法
- GO實現資料夾監控Go
- Ubuntu18.04 安裝opensips,實現區域網內sip語音視訊通話Ubuntu
- 如何監控docker容器內的服務程式Docker
- beef區域網內模擬攻擊
- 在監控中注視:監控題材遊戲的社交呈現遊戲