iT邦幫忙

DAY 19
5

Linux及虛擬化平台維運分享系列 第 16

[Day19 - Splunk] Nagios and Splunk integration - 2/4

  • 分享至 

  • xImage
  •  

延續[Day18 - Splunk] Nagios and Splunk integration - 1/4,本文分享Splunk透過「Splunk for Nagios」App與Nagios進行整合之實作經驗
[Lab Information]
此實作範例已事先安裝Nagios及Splunk forwarder於同一台主機上,主機資訊如下:
OS: Rat Hat Enterprise Linux 6.2 64 bit
Linux Kernel: 2.6.32
CPU Type: Intel Xeon CPU E5-2620 2.00GHz
CPU Core: 8
Memory: 16GB
Universal Forwarder version: 5.0.4
OS root password: 12345678
IP: 192.168.0.102
Splunk Forwarder admin password: changeme
Package directory: /root/plugin
Splunk Forwarder directory: /opt/splunkforwarder
Nagios directory: /usr/local/nagios

[Download MK Livestatus Package]
因後續安裝的「Splunk for Nagios」App版本為:3.0,故需安裝套件:mk-livestatus
請至MK Livestatus下載頁面進行下載
此實作範例使用版本為:1.2.2p2,如下圖紅框處示:

[Install On Nagios Server]
使用帳號:root登入Nagios Server,並參閱下列步驟執行:

  1. 透過yum command安裝下列套件:

    yum install gcc-c++* xinetd -y

  2. 切換至mk-livestatus套件所存放的目錄下,解壓縮完畢後開始進行安裝:

    cd /root/plugin
    tar -zxf mk-livestatus-1.2.2p2.tar.gz
    cd mk-livestatus-1.2.2p2
    bash configure
    make && make install

  3. 於目錄:/usr/local/nagios下建立目錄:mk-livestatus,並更改使用者名稱為:nagios,及群組名稱為:apache,如下步驟:

    mkdir /usr/local/nagios/mk-livestatus && chown nagios:apache /usr/local/nagios/mk-livestatus

  4. 編輯檔案:/usr/local/nagios/etc/nagios.cfg,並參照下列步驟進行異動:

    vim /usr/local/nagios/etc/nagios.cfg
    #Add the following lines in "/usr/local/nagios/etc/nagios.cfg" file.
    broker_module=/usr/local/lib/mk-livestatus/livestatus.o /usr/local/nagios/mk-livestatus/live

[Configure To Start]
mk-livestatus是透過Super Daemon進行管理,若要啓動此程式,須進行下列步驟:

  1. 於目錄:/etc/xinetd.d下新增檔案:livestatus,並新增下列內容:

    vim /etc/xinetd.d/livestatus
    #Add the following lines in "/etc/xinetd.d/livestatus" file.
    service livestatus
    {
    type = UNLISTED
    port = 6557
    socket_type = stream
    protocol = tcp
    wait = no

    limit to 100 connections per second. Disable 3 secs if above.

    cps             = 100 3
    

    set the number of maximum allowed parallel instances of unixcat.

    Please make sure that this values is at least as high as

    the number of threads defined with num_client_threads in

    etc/mk-livestatus/nagios.cfg

    instances       = 500
    

    limit the maximum number of simultaneous connections from

    one source IP address

    per_source      = 250
    

    Disable TCP delay, makes connection more responsive

    flags           = NODELAY
    user		= nagios
    server		= /usr/local/bin/unixcat
    server_args     = /usr/local/nagios/mk-livestatus/live
    

    configure the IP address(es) of your Nagios server here:

    only_from = 127.0.0.1 10.0.20.1 10.0.20.2

    only_from       = 127.0.0.1 192.168.0.101 192.168.0.102
    disable		= no
    

    }

  2. 執行下列步驟即可啓動:

    /etc/init.d/xinetd start

  3. 若要設定開機自動啓動,可參閱以下步驟:

    chkconfig xinetd on
    chkconfig xinetd --list

  4. 透過下列步驟可確認程式是否執行:

    /etc/init.d/xinetd status
    netstat -taulnp | grep 6557

執行結果如下圖示:

5. 重新啓動Nagios Daemon即可:

/etc/init.d/nagios restart
  1. 可執行下列步驟確認mk-livestatus套件是否正常運作

    echo 'GET hosts' | unixcat /usr/local/nagios/mk-livestatus/live

下一篇文章將延續此議題,分享如何讓Splunk Server可以接收Splunk Forwarder所搜集的資訊

[Reference]
Splunk for Nagios
MK Livestatus
Download Check_MK


上一篇
[Day18 - Splunk] Nagios and Splunk integration - 1/4
下一篇
[Day20 - Splunk] Nagios and Splunk integration - 3/4
系列文
Linux及虛擬化平台維運分享27
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言