snmp+mrtg實現對區域網內的linuxServer的監控(zt)

tonykorn97發表於2007-07-06
LinuxServer
上回看了platinum的"mrtg能做些什麼"貼子,很受啟發,於是也試著做了一個。但當時對 snmpd不是很熟,所以沒有做成功,後來仔細看了一下snmd的有關文章和RH中的/etc/snmp/snmpd.conf檔案,發現用snmp+ mrtg可以很好的實現對區域網內伺服器狀態的監控。

現在就以用snmp+mrtg監控一臺區域網內的redhat機器(IP:192.168.13.103)的網路卡、記憶體、CPU、DISKIO為例子,談一下如何實現。基本的法辦就是用一臺redhat監控機器(IP:192.168.13.105),透過snmpwalk命令去抓目標伺服器的狀態資料,然後用mrtg畫出圖來。
1、首先我們要把目標snmpd.conf檔案的配好。這是用snmpwalk命令一抓取資料的關健。下面是目標機器(IP: 192.168.13.103)上的/etc/snmp/snmpd.conf檔案部份內容,紅色的部份是我對snmpd.conf所做的改動。
[root@wy1 root]# cat /etc/snmp/snmpd.conf

####
# First, map the community name "public" into a "security name"

# sec.name source community
com2sec notConfigUser default public #定義community名稱為 public,對映到安全名 notConfigUser。

####
# Second, map the security name into a group name:

# groupName securityModel securityName
group notConfigGroup v1 notConfigUser #定義安全使用者名稱notConfigUser對映到notConfigGroup組。
group notConfigGroup v2c notConfigUser

####
# Third, create a view for us to let the group have rights to: #定義一個view,來決定notConfigUser可以操作的範圍。


# Make at least snmpwalk -v 1 localhost -c public system fast again. #定義可檢視的snmp的範圍。
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view all included .1
####
# Finally, grant the group read-only access to the systemview view. #給notConfigGroup組所定義view名 all 以只讀許可權。

# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none#access notConfigGroup "" any noauth exact mib2 none none

# -----------------------------------------------------------------------------

# Here is a commented out example configuration that allows less
# restrictive access.

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

## sec.name source community
#com2sec local localhost COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY

## group.name sec.model sec.name
#group MyRWGroup any local
#group MyROGroup any mynetwork
#
#group MyRWGroup any otherv3user
#...

## incl/excl subtree mask
#view all included .1 80

## -or just the mib2 tree-

#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc


## context sec.model sec.level prefix read write notif
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all


其實配製一個snmpd.conf檔案不算太難,
(1)首選是定義一個共同體名(community),這裡是public,及可以訪問這個public的使用者名稱(sec name),這裡是notConfigUser。Public相當於使用者notConfigUser的密碼:)
# sec.name source community
com2sec notConfigUser default public
(2)定義一個組名(groupName)這裡是notConfigGroup,及組的安全級別,把notConfigGroup這個使用者加到這個組中。
groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
(3)定義一個可操作的範圍(view)名, 這裡是all,範圍是 .1
# name incl/excl subtree mask(optional)
view all included .1
(4)定義notConfigUser這個組在all這個view範圍內可做的操作,這時定義了notConfigUser組的成員可對.1這個範圍做只讀操作。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none none

ok,這樣我們的snmpd.conf檔案就基本配成了,用service snmpd restart重啟snmpd服務。現在我們做一個測試,在監控機上打下面的命令:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public system
SNMPv2-MIB::sysDescr.0 = STRING: Linux wy1 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (7565377) 21:00:53.77
SNMPv2-MIB::sysContact.0 = STRING: Root (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: wy1
SNMPv2-MIB::sysLocation.0 = STRING: wy1.wuying.com (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (10) 0:00:00.10
``````````````````````
“Linux wy1 2.4.20-8smp”作業系統的資訊已經出來了:)
現在我們在目標機上來寫一些指令碼來顯標MEM、CPU、DiskIO
MEM資料的抓取指令碼:
[root@wy1 root]# cat mfree.sh
#!/bin/sh
/usr/bin/free -m | grep Mem |awk '{print $4}'
/usr/bin/free -m | grep Mem |awk '{print $2}'
[root@wy1 root]# sh mfree.sh (上面一個資料是記憶體使用量,下面的是記憶體總量,M)
442
1006
CPU資料的抓取指令碼
[root@wy1 root]# cat cpustat.sh
#!/bin/sh
idle=`sar -u 1 3 | grep Average | awk '{print $6}'`
used=`echo "101 - $idle" | bc -l -s`
echo $used
echo $idle
DiskIO資料的抓取指令碼
[root@wy1 root]# cat iostat.sh (顯示硬碟IO,k/s)
#!/bin/sh
used1=`sar -d 1 3 | tail -1 | awk '{print $4}'`
used2=`echo "$used1 / 2" | bc -l`
echo $used2
echo $used2

好現在我們已經能得到這資料了,怎麼才能讓監控主機透過snmpd得到這些資料呢?可以在目標主機的/etc/snmp/snmpd.conf檔案下面加個這些行:
exec .1.3.6.1.4.1.2021.53 mfree /bin/sh /root/mfree.sh
exec .1.3.6.1.4.1.2021.54 cpustat /bin/sh /root/cpustat.sh
exec .1.3.6.1.4.1.2021.55 iostat /bin/sh /root/iostat.sh
service snmpd restart 重啟目標主機上的snmpd服務。
這樣在監控主機上執行:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.53
UCD-SNMP-MIB::ucdavis.53.1.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.53.2.1 = STRING: "mfree"
UCD-SNMP-MIB::ucdavis.53.3.1 = STRING: "/bin/sh /root/mfree.sh"
UCD-SNMP-MIB::ucdavis.53.100.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.53.101.1 = STRING: "442"
UCD-SNMP-MIB::ucdavis.53.101.2 = STRING: "1006"
UCD-SNMP-MIB::ucdavis.53.102.1 = INTEGER: 0
其中UCD-SNMP-MIB::ucdavis.53.101.1 = STRING: "442" 中的442就是mfree.sh輸出的第一個資料,1006是mfree.sh輸出的第二個資料。OK,再做一下加工:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.53 | grep 53.101 | awk -F" '{print $2}'
443
1006
好,我們已經透過snmpd從監控主機上得到了目標主機上記憶體使用的這兩個資料了:),其它的兩個指令碼也一樣:
CPU使用、空閒。
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.54 | grep 54.101 | awk -F" '{print $2}'
1.17
99.83
DISK IO 狀態:
[root@wy2 root]# snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.55 | grep 55.101 | awk -F" '{print $2}'
43.00000000000000000000
43.00000000000000000000

最後是編輯監控主機上的mrtg.cfg檔案,在Target[xxxx]中加入上面的命令,下面是我的mrtg.cfg檔案,前面的兩個 Target是我用/usr/bin/cfgmaker --global 'WorkDir: /home/httpd/mrtg/net' --global 'Options[_]:growright,bits' --ifref=ip public@192.168.13.103 命令生成的,後面的是我跟據platinum 的"mrtg能做些什麼"的貼子內的mrtg.cfg檔案改的。(在精華里,大家可以看一下)。
[root@wy1 root]# cat /home/httpd/mrtg/103/mrtg.cfg
# Created by
# /usr/bin/cfgmaker --global 'WorkDir: /home/httpd/mrtg/net' --global 'Options[_]:growright,bits' --ifref=ip public@192.168.13.103


### Global Config Options

# for UNIX
# WorkDir: /home/http/mrtg

# or for NT
# WorkDir: c:mrtgdata

### Global Defaults

# to get bits instead of bytes and graphs growing to the right
# Options[_]: growright, bits

WorkDir: /home/httpd/mrtg/103
Options[_]:growright,bits
Language: chinese
######################################################################
# System: wy1
# Description: Linux wy1 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686
# Contact: Root (configure /etc/snmp/snmp.local.conf)
# Location: wy1.wuying.com (edit /etc/snmp/snmpd.conf)
######################################################################


### Interface 2 >> Descr: 'eth0' | Name: '' | Ip: '192.168.13.103' | Eth: '00-06-5b-19-9d-ea' ###

Target[192.168.13.103_192.168.13.103]: /192.168.13.103:public@192.168.13.103:
SetEnv[192.168.13.103_192.168.13.103]: MRTG_INT_IP="192.168.13.103" MRTG_INT_DESCR="eth0"
MaxBytes[192.168.13.103_192.168.13.103]: 1250000
Xsize[192.168.13.103_192.168.13.103]: 300
Ysize[192.168.13.103_192.168.13.103]: 100
#kmg[192.168.13.103_192.168.13.103]: K/s,M/s
#kilo[192.168.13.103_192.168.13.103]: 1024
Title[192.168.13.103_192.168.13.103]: Traffic for eth0 192.168.13.103 -- wy1
PageTop[192.168.13.103_192.168.13.103]:

Traffic for eth0 192.168.13.103 -- wy1


#Options[192.168.13.103_192.168.13.103]: growright,gauge,nopercent

### Interface 3 >> Descr: 'eth1' | Name: '' | Ip: '172.16.0.188' | Eth: '00-06-5b-19-9d-e9' ###

Target[192.168.13.103_172.16.0.188]: /172.16.0.188:public@192.168.13.103:
SetEnv[192.168.13.103_172.16.0.188]: MRTG_INT_IP="172.16.0.188" MRTG_INT_DESCR="eth1"
Xsize[192.168.13.103_172.16.0.188]: 300
Ysize[192.168.13.103_172.16.0.188]: 100
MaxBytes[192.168.13.103_172.16.0.188]: 1250000
#ShortLegend[192.168.13.103_172.16.0.188]:
#kmg[192.168.13.103_172.16.0.188]: b/s,Kb/s
#kilo[192.168.13.103_172.16.0.188]: 1024
Title[192.168.13.103_172.16.0.188]: Traffic for eth1 172.16.0.188 -- wy1
PageTop[192.168.13.103_172.16.0.188]:

Traffic for eth1 172.16.0.188 -- wy1


#Options[192.168.13.103_172.16.0.188]: growright,gauge,nopercent

###MEM status

Target[wy1_mem]:`snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.53 | grep 53.101 | awk -F" '{print $2}'`
#Targey[wy1_mem]: memTotalReal.0&memAvailReal.0:holdata@holdata.3322.org
Xsize[wy1_mem]: 300
Ysize[wy1_mem]: 100
Ytics[wy1_mem]: 7
MaxBytes[wy1_mem]: 1006
Title[wy1_mem]:Memory State of WY1 IP 192.168.13.103 Server
PageTop[wy1_mem]:

Memory State of WY1 IP 192.168.13.103 Server


ShortLegend[wy1_mem]: MB
kmg[wy1_mem]: MB
kilo[wy1_mem]:1024
YLegend[wy1_mem]: Memory Usage
Legend1[wy1_mem]: 可用記憶體
Legend2[wy1_mem]: 總記憶體量
Legend3[wy1_mem]: 可用記憶體
Legend4[wy1_mem]: 總記憶體量
LegendI[wy1_mem]: 可用記憶體
LegendO[wy1_mem]: 總記憶體量
Options[wy1_mem]: growright,gauge,nopercent

###cpu status
Target[wy1_CPU]:`snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.54 | grep 54.101 | awk -F" '{print $2}'`
#Targey[wy1_CPU]: memTotalReal.0&memAvailReal.0:holdata@holdata.3322.org
Xsize[wy1_CPU]: 300
Ysize[wy1_CPU]: 100
Ytics[wy1_CPU]: 7
MaxBytes[wy1_CPU]: 100
Title[wy1_CPU]:CPU State of WY1 IP 192.168.13.103 Server
PageTop[wy1_CPU]:

CPU State of WY1 IP 192.168.13.103 Server


ShortLegend[wy1_CPU]:
kmg[wy1_CPU]: %
#kilo[wy1_CPU]:1024
YLegend[wy1_CPU]: CPU Usage
Legend1[wy1_CPU]: 已用CPU:
Legend2[wy1_CPU]: 可用CPU:
LegendI[wy1_CPU]: 已用CPU:
LegendO[wy1_CPU]: 可用CPU:
Options[wy1_CPU]: growright,gauge,nopercent

###iostat
###cpu status
Target[wy1_IO]:`snmpwalk -v 1 192.168.13.103 -c public .1.3.6.1.4.1.2021.55 | grep 55.101 | awk -F" '{print $2}'`
#Targey[wy1_IO]: memTotalReal.0&memAvailReal.0:holdata@holdata.3322.org
Xsize[wy1_IO]: 300
Ysize[wy1_IO]: 100
Ytics[wy1_IO]: 7
MaxBytes[wy1_IO]: 10000
Title[wy1_IO]: DISK IO State of WY1 IP 192.168.13.103 Server
PageTop[wy1_IO]:

DISK IO State of WY1 IP 192.168.13.103 Server


ShortLegend[wy1_IO]:
kmg[wy1_IO]: K/s,M/s
kilo[wy1_IO]:1024
YLegend[wy1_IO]: DISK IO SPEED
Legend1[wy1_IO]: IO速度:
Legend2[wy1_IO]: IO速度:
LegendI[wy1_IO]: IO速度:
LegendO[wy1_IO]: IO速度:
Options[wy1_IO]: growright,gauge,nopercent


用indexmaker -o /home/httpd/mrtg/103/index.html /home/httpd/mrtg/103/mrtg.cfg 生成網頁,在crontab 中加入*/5 * * * * mrtg /home/httpd/mrtg/103/mrtg.cfg
OK,這樣我們就能透過mrtg生成的圖來監控我們linux的機器的狀態了。在IE中打入http: //192.168.13.105/mrtg/103,mrtg的監控網頁就出來啦(/home/httpd/是我appache的主目錄)。當然我們也能用snmpwalk命令來得到安裝有snmp服務的win2000機器的狀態的資料:
如:

[root@wy1 103]# snmpwalk -v 1 192.168.1.5 -c public HOST-RESOURCES-MIB::hrStorage
HOST-RESOURCES-MIB::hrMemorySize.0 = INTEGER: 3800424 KBytes
HOST-RESOURCES-MIB::hrStorageIndex.1 = INTEGER: 1
HOST-RESOURCES-MIB::hrStorageIndex.2 = INTEGER: 2
HOST-RESOURCES-MIB::hrStorageIndex.3 = INTEGER: 3
HOST-RESOURCES-MIB::hrStorageIndex.4 = INTEGER: 4
HOST-RESOURCES-MIB::hrStorageIndex.5 = INTEGER: 5
HOST-RESOURCES-MIB::hrStorageIndex.6 = INTEGER: 6
HOST-RESOURCES-MIB::hrStorageType.1 = OID: HOST-RESOURCES-TYPES::hrStorageRemovableDisk
HOST-RESOURCES-MIB::hrStorageType.2 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk
HOST-RESOURCES-MIB::hrStorageType.3 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk
HOST-RESOURCES-MIB::hrStorageType.4 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk
HOST-RESOURCES-MIB::hrStorageType.5 = OID: HOST-RESOURCES-TYPES::hrStorageCompactDisc
HOST-RESOURCES-MIB::hrStorageType.6 = OID: HOST-RESOURCES-TYPES::hrStorageVirtualMemory
HOST-RESOURCES-MIB::hrStorageDescr.1 = STRING: A:
HOST-RESOURCES-MIB::hrStorageDescr.2 = STRING: C: Label: Serial Number 581e89fe
HOST-RESOURCES-MIB::hrStorageDescr.3 = STRING: D: Label:New Volume Serial Number 1cde6e55
HOST-RESOURCES-MIB::hrStorageDescr.4 = STRING: E: Label:DATA_BAK Serial Number 30d29147
HOST-RESOURCES-MIB::hrStorageDescr.5 = STRING: F:
HOST-RESOURCES-MIB::hrStorageDescr.6 = STRING: Virtual Memory
HOST-RESOURCES-MIB::hrStorageAllocationUnits.1 = INTEGER: 0 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.2 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.3 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.4 = INTEGER: 4096 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.5 = INTEGER: 0 Bytes
HOST-RESOURCES-MIB::hrStorageAllocationUnits.6 = INTEGER: 65536 Bytes
HOST-RESOURCES-MIB::hrStorageSize.1 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageSize.2 = INTEGER: 2050287
HOST-RESOURCES-MIB::hrStorageSize.3 = INTEGER: 15703529
HOST-RESOURCES-MIB::hrStorageSize.4 = INTEGER: 53263499
HOST-RESOURCES-MIB::hrStorageSize.5 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageSize.6 = INTEGER: 89444
HOST-RESOURCES-MIB::hrStorageUsed.1 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.2 = INTEGER: 1233681
HOST-RESOURCES-MIB::hrStorageUsed.3 = INTEGER: 591593
HOST-RESOURCES-MIB::hrStorageUsed.4 = INTEGER: 23583930
HOST-RESOURCES-MIB::hrStorageUsed.5 = INTEGER: 0
HOST-RESOURCES-MIB::hrStorageUsed.6 = INTEGER: 50611
HOST-RESOURCES-MIB::hrStorageAllocationFailures.1 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.2 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.3 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.4 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.5 = Counter32: 0
HOST-RESOURCES-MIB::hrStorageAllocationFailures.6 = Counter32: 0
上面顯示的是192.168.1.5這臺win2000SERVER的磁碟資訊,可以看到磁碟機代號、每個分割槽的空間總量、使用量等。其它的相應建值還有:
Diskused: HOST-RESOURCES-MIB::hrStorageUsed
CPU: HOST-RESOURCES-MIB::hrProcessorLoad
RUN Proc: HOST-RESOURCES-MIB::hrSWRunName
SYS Uptime: HOST-RESOURCES-MIB::hrSystemUptime SNMPv2-MIB::sysUpTime
SYS Date: HOST-RESOURCES-MIB::hrSystemDate
SYS Device: HOST-RESOURCES-MIB::hrDeviceDescr
SYS Descr: SNMPv2-MIB::sysDescr
SYS Name: SNMPv2-MIB::sysName
netcard speed: IF-MIB::ifSpeed
netcard physcal address: IF-MIB::ifPhysAddress
這樣我們就可以用一臺linux主機透過snmp+mrtg來監控多臺區域網內的linux/win2000SERVER了:)。
現在我最關心的是如何讓snmp包穿過防火牆,(我用snmpwalk試了一下,抓不到公司在IDC防火牆後的SERVER的snmp資料)。不然,我就可以用snmp去監控公司在IDC防火牆後的SERVER的狀態了。聽說perl能實現,但不知用什麼樣的方法來實現?

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/312079/viewspace-245714/,如需轉載,請註明出處,否則將追究法律責任。

相關文章