Nginx下搭建Nagios监控平台

    本文基于《LNMP最新源码安装脚本》,Nagios依赖PHP环境和perl环境,由于Nginx不支持Perl的CGI,需先来搭建Perl环境,Nagios原理介绍略。

    1、下载最新稳定源码包和Perl脚本

    1. mkdir nagios-cacti
    2. cd nagios-cacti
    3. wget http://www.cpan.org/modules/by-module/FCGI/FCGI-0.74.tar.gz
    4. wget http://www.cpan.org/authors/id/B/BO/BOBTFISH/FCGI-ProcManager-0.24.tar.gz
    5. wget //linuxeye.com/wp-content/uploads/2013/04/perl-fcgi.pl
    6. wget http://jaist.dl.sourceforge.net/project/nagios/nagios-3.x/nagios-3.5.0/nagios-3.5.0.tar.gz
    7. wget http://nchc.dl.sourceforge.net/project/nagiosplug/nagiosplug/1.4.16/nagios-plugins-1.4.16.tar.gz
    8. wget http://nchc.dl.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.14/nrpe-2.14.tar.gz

    2、Nginx对Perl的CGI支持

    Nginx支持Perl的CGI方法有好几种,基本原理都是通过Perl的FCGI模块实现,下面的方法就是其中一种:

    安装FCGI模块

    1. tar xzf FCGI-0.74.tar.gz
    2. cd FCGI-0.74
    3. perl Makefile.PL
    4. make && make install
    5. cd ../

    安装FCGI-ProcManager模块

    1. tar xzf FCGI-ProcManager-0.24.tar.gz
    2. cd FCGI-ProcManager-0.24
    3. perl Makefile.PL
    4. make && make install
    5. cd ../

    Perl脚本

    1. cp perl-fcgi.pl /usr/local/nginx
    2. chmod +x /usr/local/nginx/perl-fcgi.pl
    3. /usr/local/nginx/perl-fcgi.pl > /usr/local/nginx/logs/perl-fcgi.log 2>&1 & #启动Perl
    4. chmod 777 /usr/local/nginx/logs/perl-fcgi.sock #Nginx Log中提示Permision Denied方法
    5. cd ../

    3、Nagios安装(服务端)

    1. useradd -s /sbin/nologin nagios
    2. groupadd nagcmd
    3. usermod -a -G nagcmd nagios
    4. usermod -a -G nagcmd www
    5. tar xzf nagios-3.5.0.tar.gz
    6. cd nagios
    7. yum -y install gd-devel
    8. ./configure --prefix=/usr/local/nagios --with-command-group=nagcmd
    9. make all
    10. make install #用于安装主要的程序、CGI及HTML文件
    11. make install-init #用于生成init启动脚本
    12. make install-config #用于安装示例配置文件
    13. make install-commandmode #用于设置相应的目录权限
    14. chkconfig --add nagios
    15. chkconfig nagios on
    16. cd ../

    Nagios主程序只是提供一个运行框架,其具体监控是靠运行在其下的插件完成的,Nagios插件必须安装

    1. tar xzf nagios-plugins-1.4.16.tar.gz
    2. cd nagios-plugins-1.4.16
    3. ./configure --prefix=/usr/local/nagios --with-nagios-user=nagios --with-nagios-group=nagios
    4. make && make install
    5. cd ../

    由于Nagios只能监测自己所在的主机的一些本地情况,例如,cpu负载、内存使用、硬盘使用等等。如果想要监测被监控的服务器上的这些本地情况,就要用到NRPE。NRPE(Nagios Remote Plugin Executor)是Nagios的一个扩展,它被用于被监控的服务器上,向Nagios监控平台提供该服务器的一些本地的情况。NRPE可以称为Nagios的Linux客户端。

    1. tar xzf nrpe-2.14.tar.gz
    2. cd nrpe-2.14
    3. ./configure
    4. make && make install
    5. cp sample-config/nrpe.cfg /usr/local/nagios/etc/
    6. chown nagios.nagios /usr/local/nagios/etc/nrpe.cfg
    7. cd ../

    4、Nginx配置(服务端)

    1. ln -s /usr/local/nagios/share /data/admin/nagios

    以http://www.linuxeye.com/nagios,需要建立软链接,服务nginx.conf配置文件如下:

    1. ################http://www.linuxeye.com/nagios#########################
    2.         server {
    3.         listen  80;
    4.         server_name    _;
    5.         access_log     /dev/null;
    6.         root /data/admin;
    7.         index index.php;
    8.         location ~ .*\.(php|php5)?$  {
    9.                 fastcgi_pass  127.0.0.1:9000;
    10.                 fastcgi_index index.php;
    11.                 include fastcgi.conf;
    12.                 }
    13.         location ~ .*\.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$ {
    14.                 expires      30d;
    15.                 }
    16.         location ~ .*\.(js|css)?$ {
    17.                 expires      1h;
    18.                 }
    19.         location /status {
    20.                 stub_status on;
    21.                 }
    22.         location ~ .*\.(cgi|pl)?$ {
    23.                 auth_basic "Nagios Access";
    24.                 auth_basic_user_file /usr/local/nagios/etc/htpasswd.users;
    25.                 gzip off;
    26.                 root   /usr/local/nagios/sbin;
    27.                 rewrite ^/nagios/cgi-bin/(.*)\.cgi /$1.cgi break;
    28.                 fastcgi_pass  unix:/usr/local/nginx/logs/perl-fcgi.sock;
    29.                 fastcgi_param SCRIPT_FILENAME /usr/local/nagios/sbin$fastcgi_script_name;
    30.                 fastcgi_index index.cgi;
    31.                 fastcgi_param  REMOTE_USER        $remote_user;
    32.                 fastcgi_param HTTP_ACCEPT_LANGUAGE en_US;
    33.                 include fastcgi_params;
    34.                 fastcgi_read_timeout   60;
    35.                 }
    36.         }

    以http://nagios.linuxeye.com服务nginx.conf配置文件如下:

    1. ################http://nagios.linuxeye.com##############################
    2.         server {
    3.         listen  80;
    4.         server_name     nagios.linuxeye.com;
    5.         access_log      logs/nagios_access.log combined;
    6.         auth_basic "Nagios Access";
    7.         auth_basic_user_file /usr/local/nagios/etc/htpasswd.users;
    8.         location / {
    9.         root   /usr/local/nagios/share;
    10.         index  index.html index.htm index.php;
    11.                 }
    12.         location ~ .*\.(php|php5)?$ {
    13.         root /usr/local/nagios/share;
    14.         fastcgi_pass  127.0.0.1:9000;
    15.         fastcgi_index index.php;
    16.         include fastcgi.conf;
    17.                 }
    18.         location /nagios {
    19.             alias /usr/local/nagios/share;
    20.                 }
    21.         location /cgi-bin/images {
    22.             alias /usr/local/nagios/share/images;
    23.                 }
    24.         location /cgi-bin/stylesheets {
    25.             alias /usr/local/nagios/share/stylesheets;
    26.                 }
    27.         location /cgi-bin {
    28.             alias /usr/local/nagios/sbin;
    29.                 }
    30.         location ~ .*\.(cgi|pl)?$ {
    31.         gzip off;
    32.         root   /usr/local/nagios/sbin;
    33.         rewrite ^/nagios/cgi-bin/(.*)\.cgi /$1.cgi break;
    34.         fastcgi_pass  unix:/usr/local/nginx/logs/nginx-fcgi.sock;
    35.         fastcgi_param SCRIPT_FILENAME /usr/local/nagios/sbin$fastcgi_script_name;
    36.         fastcgi_index index.cgi;
    37.         fastcgi_param  REMOTE_USER        $remote_user;
    38.         fastcgi_param HTTP_ACCEPT_LANGUAGE en_US;
    39.         include fastcgi_params;
    40.         fastcgi_read_timeout   60;
    41.                 }
    42.         }

    #创建web验证用户

    在有安装apache服务器用htpasswd或者在线生成

    1. /usr/local/apache/bin/htpasswd -nb admin 123456 > /usr/local/nagios/etc/htpasswd.users
    2. chown nagios.nagios /usr/local/nagios/etc/htpasswd.users

    5、服务端配置文件修改

    NRPE

    1. sed -i 's@allowed_hosts=.*$@allowed_hosts=127.0.0.1,192.168.1.114@g' /usr/local/nagios/etc/nrpe.cfg
    2. sed -i 's@command[check_hda1]@#command[check_hda1]@g' /usr/local/nagios/etc/nrpe.cfg
    3. sed -i '223a command[check_df]=/usr/local/nagios/libexec/check_disk -w 20 -c 10' /usr/local/nagios/etc/nrpe.cfg
    4. sed -i '224a command[check_cpu_procs]=/usr/local/nagios/libexec/check_procs -w 50 -c 90 --metric=CPU' /usr/local/nagios/etc/nrpe.cfg
    5. sed -i '225a command[check_swap]=/usr/local/nagios/libexec/check_swap -w 20% -c 5%' /usr/local/nagios/etc/nrpe.cfg
    6. echo '/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d' >> /etc/rc.local
    7. /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d #启动nrpe

    #修改配置文件归类

    1. sed -i 's@cfg_file=/usr/local/nagios/etc/objects/templates.cfg@#cfg_file=/usr/local/nagios/etc/objects/templates.cfg@g' /usr/local/nagios/etc/nagios.cfg
    2. sed -i 's@cfg_file=/usr/local/nagios/etc/objects/localhost.cfg@#cfg_file=/usr/local/nagios/etc/objects/localhost.cfg@g' /usr/local/nagios/etc/nagios.cfg
    3. sed -i '32a cfg_file=/usr/local/nagios/etc/objects/hosts.cfg' /usr/local/nagios/etc/nagios.cfg
    4. sed -i '33a cfg_file=/usr/local/nagios/etc/objects/hostgroups.cfg' /usr/local/nagios/etc/nagios.cfg
    5. sed -i '34a cfg_file=/usr/local/nagios/etc/objects/contactsgroups.cfg' /usr/local/nagios/etc/nagios.cfg
    6. sed -i '35a cfg_file=/usr/local/nagios/etc/objects/services.cfg' /usr/local/nagios/etc/nagios.cfg

    #命令检查时间间隔

    1. sed -i 's@^command_check_interval.*$@command_check_interval=10s@g' /usr/local/nagios/etc/nagios.cfg

    #指定用户admin可以通过浏览器操纵nagios服务的关闭、重启等各种操作

    1. sed -i 's@authorized_for_system_information=.*$@authorized_for_system_information=admin@g' /usr/local/nagios/etc/cgi.cfg
    2. sed -i 's@authorized_for_configuration_information=.*$@authorized_for_configuration_information=admin@g' /usr/local/nagios/etc/cgi.cfg
    3. sed -i 's@authorized_for_system_commands=.*$@authorized_for_system_commands=admin@g' /usr/local/nagios/etc/cgi.cfg
    4. sed -i 's@authorized_for_all_services=.*$@authorized_for_all_services=admin@g' /usr/local/nagios/etc/cgi.cfg
    5. sed -i 's@authorized_for_all_hosts=.*$@authorized_for_all_hosts=admin@g' /usr/local/nagios/etc/cgi.cfg
    6. sed -i 's@authorized_for_all_service_commands=.*$@authorized_for_all_service_commands=admin@g' /usr/local/nagios/etc/cgi.cfg
    7. sed -i 's@authorized_for_all_host_commands=.*$@authorized_for_all_host_commands=admin@g' /usr/local/nagios/etc/cgi.cfg

    #hosts.cfg

    1. cat > /usr/local/nagios/etc/objects/hosts.cfg << EOF
    2. define host {
    3. host_name                 linux4
    4. alias                     nagios-server
    5. address                   192.168.1.114
    6. contact_groups            sagroup
    7. check_command             check-host-alive
    8. max_check_attempts          10
    9. notification_interval       5
    10. notification_period         24x7
    11. notification_options        d,u,r
    12. }
    13. define host {
    14. host_name                 linux3
    15. alias                     192.168.1.113
    16. address                   192.168.1.113
    17. contact_groups            sagroup
    18. check_command             check-host-alive
    19. max_check_attempts          10
    20. notification_interval       5
    21. notification_period         24x7
    22. notification_options        d,u,r
    23. }
    24. EOF
    25. chown nagios.nagios /usr/local/nagios/etc/objects/hosts.cfg
    26. chmod 664 /usr/local/nagios/etc/objects/hosts.cfg

    #hostgroups.cfg

    1. cat > /usr/local/nagios/etc/objects/hostgroups.cfg << EOF
    2. define hostgroup {
    3. hostgroup_name  sa-servers
    4. alias           sa servers
    5. members         linux4,linux3
    6. }
    7. EOF
    8. chown nagios.nagios /usr/local/nagios/etc/objects/hostgroups.cfg
    9. chmod 664 /usr/local/nagios/etc/objects/hostgroups.cfg

    #contacts.cfg

    1. cp /usr/local/nagios/etc/objects/contacts.cfg /usr/local/nagios/etc/objects/contacts.cfg.bk
    2. cat > /usr/local/nagios/etc/objects/contacts.cfg << EOF
    3. define contact {
    4. contact_name    admin
    5. alias           system administrator
    6. service_notification_period    24x7
    7. host_notification_period       24x7
    8. service_notification_options   w,u,c,r
    9. host_notification_options       d,u,r
    10. host_notification_commands     notify-host-by-email
    11. service_notification_commands  notify-service-by-email
    12. email                          admin@linuxeye.com
    13. }
    14. EOF

    #services.cfg

    1. cat > /usr/local/nagios/etc/objects/services.cfg << EOF
    2. define service {
    3. host_name               linux4,linux3
    4. service_description     check-host-alive
    5. check_command           check-host-alive
    6. check_period            24x7
    7. max_check_attempts      4
    8. normal_check_interval   3
    9. retry_check_interval    2
    10. contact_groups          sagroup
    11. notification_interval   10
    12. notification_period     24x7
    13. notification_options    w,u,c,r
    14. }
    15. define service {
    16. host_name               linux4,linux3
    17. service_description     check_http
    18. check_command           check_http
    19. check_period            24x7
    20. max_check_attempts      4
    21. normal_check_interval   3
    22. retry_check_interval    2
    23. contact_groups          sagroup
    24. notification_interval   10
    25. notification_period     24x7
    26. notification_options    w,u,c,r
    27. }
    28. define service{
    29. host_name               linux4,linux3
    30. service_description     check_ssh
    31. check_command           check_ssh
    32. max_check_attempts      4
    33. normal_check_interval   3
    34. retry_check_interval    2
    35. check_period            24x7
    36. notification_interval   10
    37. notification_period     24x7
    38. notification_options    w,u,c,r
    39. contact_groups          sagroup
    40. }
    41. define service{
    42. host_name               linux4,linux3
    43. service_description     check-disk
    44. check_command           check_nrpe!check_df
    45. max_check_attempts      4
    46. normal_check_interval   3
    47. retry_check_interval    2
    48. check_period            24x7
    49. notification_interval   10
    50. notification_period     24x7
    51. notification_options    w,u,c,r
    52. contact_groups          sagroup
    53. }
    54. define service{
    55. host_name               linux4,linux3
    56. service_description     check_cpu_procs
    57. check_command           check_nrpe!check_cpu_procs
    58. max_check_attempts      4
    59. normal_check_interval   3
    60. retry_check_interval    2
    61. check_period            24x7
    62. notification_interval   10
    63. notification_period     24x7
    64. notification_options    w,u,c,r
    65. contact_groups          sagroup
    66. }
    67. define service{
    68. host_name               linux4,linux3
    69. service_description     check_load
    70. check_command           check_nrpe!check_load
    71. max_check_attempts      4
    72. normal_check_interval   3
    73. retry_check_interval    2
    74. check_period            24x7
    75. notification_interval   10
    76. notification_period     24x7
    77. notification_options    w,u,c,r
    78. contact_groups          sagroup
    79. }
    80. define service{
    81. host_name               linux4,linux3
    82. service_description     check_users
    83. check_command           check_nrpe!check_users
    84. max_check_attempts      4
    85. normal_check_interval   3
    86. retry_check_interval    2
    87. check_period            24x7
    88. notification_interval   10
    89. notification_period     24x7
    90. notification_options    w,u,c,r
    91. contact_groups          sagroup
    92. }
    93. define service{
    94. host_name               linux4,linux3
    95. service_description     check_swap
    96. check_command           check_nrpe!check_swap
    97. max_check_attempts      4
    98. normal_check_interval   3
    99. retry_check_interval    2
    100. check_period            24x7
    101. notification_interval   10
    102. notification_period     24x7
    103. notification_options    w,u,c,r
    104. contact_groups          sagroup
    105. }
    106. define service{
    107. host_name               linux4,linux3
    108. service_description     check_zombie_procs
    109. check_command           check_nrpe!check_zombie_procs
    110. max_check_attempts      4
    111. normal_check_interval   3
    112. retry_check_interval    2
    113. check_period            24x7
    114. notification_interval   10
    115. notification_period     24x7
    116. notification_options    w,u,c,r
    117. contact_groups          sagroup
    118. }
    119. EOF
    120. chown nagios.nagios /usr/local/nagios/etc/objects/services.cfg
    121. chmod 664 /usr/local/nagios/etc/objects/services.cfg

    #commands.cfg

    1. echo 'define command{
    2. command_name check_nrpe
    3. command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
    4. }' >> /usr/local/nagios/etc/objects/commands.cfg

    #contactsgroups.cfg

    1. cat > /usr/local/nagios/etc/objects/contactsgroups.cfg << EOF
    2. define contactgroup {
    3. contactgroup_name    sagroup
    4. alias                system administrator group
    5. members              admin
    6. }
    7. EOF
    8. chown nagios.nagios /usr/local/nagios/etc/objects/contactsgroups.cfg
    9. chmod 664 /usr/local/nagios/etc/objects/contactsgroups.cfg
    10. /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg #检查配置是否有错误
    11. service nagios start

    6、被监控端(客户端)

    1. mkdir nagios  
    2. cd nagios  
    3. wget http://nchc.dl.sourceforge.net/project/nagiosplug/nagiosplug/1.4.16/nagios-plugins-1.4.16.tar.gz  
    4. wget http://nchc.dl.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.14/nrpe-2.14.tar.gz  
    5.   
    6. useradd -M -s /sbin/nologin nagios  
    7. tar xzf nagios-plugins-1.4.16.tar.gz  
    8. cd nagios-plugins-1.4.16  
    9. ./configure --prefix=/usr/local/nagios --with-nagios-user=nagios --with-nagios-group=nagios  
    10. make && make install  
    11. cd ../  
    12.   
    13. tar xzf nrpe-2.14.tar.gz  
    14. cd nrpe-2.14  
    15. ./configure  
    16. make && make install  
    17. mkdir /usr/local/nagios/etc  
    18. cp sample-config/nrpe.cfg  /usr/local/nagios/etc/  
    19. cd ../  
    20.   
    21. sed -i 's@allowed_hosts=.*$@allowed_hosts=192.168.1.114@g' /usr/local/nagios/etc/nrpe.cfg  
    22. sed -i 's@command[check_hda1]=@#command[check_hda1]=@' /usr/local/nagios/etc/nrpe.cfg  
    23. sed -i '224a command[check_disk]=/usr/local/nagios/libexec/check_disk -w 20 -c 10' /usr/local/nagios/etc/nrpe.cfg  
    24. sed -i '225a command[check_cpu_procs]=/usr/local/nagios/libexec/check_procs -w 50 -c 90 --metric=CPU' /usr/local/nagios/etc/nrpe.cfg  
    25. sed -i '226a command[check_swap]=/usr/local/nagios/libexec/check_swap -w 20% -c 5%' /usr/local/nagios/etc/nrpe.cfg  
    26. echo '/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d' >> /etc/rc.local  
    27. /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d  
    28. iptables -A INPUT -p tcp -s 192.168.1.114 -m state --state NEW -m tcp --dport 5666 -j ACCEPT  

    Tue Apr 16 21:10:51 CST 2013

    • 本文由 发表于 2013-04-16
    • 转载请务必保留本文链接:https://linuxeye.com/312.html
    Nginx Lua Redis防止CC攻击 Linux

    Nginx Lua Redis防止CC攻击

    Nginx Lua Redis防止CC攻击实现原理:同一个外网IP、同一个网址(ngx.var.request_uri)、同一个客户端(http_user_agent)在某一段时间(CCseconds...
    Keepalived+Nginx架构整理版 Linux

    Keepalived+Nginx架构整理版

    Keepalived介绍 keepalived是一个类似于layer3, 4, 5 交换机制的软件,也就是我们平时说的第3层、第4层和第5层交换。Keepalived的作用是检测web服务器的状态,如...
    Nginx中文域名配置 Linux

    Nginx中文域名配置

    Nginx虚拟主机上绑定一个带中文域名,比如linuxeye.中国,浏览器不能跳转。 why? 因为操作系统的核心都是英文组成,DNS服务器的解析也是由英文代码交换,所以DNS服务器上并不支持直接的中...
    Wordpress优化——利用Nginx fastcgi_cache缓存加速 Linux

    WordPress优化——利用Nginx fastcgi_cache缓存加速

    高并发网站架构的核心原则其实就一句话"把所有的用户访问请求都尽量往前推",即:能缓存在用户电脑本地的,就不要让他去访问CDN。 能缓存CDN服务器上的,就不要让CDN去访问源(静态服务器)了。能访问静...
    匿名

    发表评论

    匿名网友