Syslog记录软件

之前写过在Linux中记录syslog的方法,若急用,也可以使用软件来实现。Syslog Watcher就是这样一款在WINDOWS下使用的软件(下载地址,提取码:jw8k)。

运行主程序后,在Listen状态下即能监控syslog数据包,如下图:

syslog03

点击上图中的Settings,进行相应设置,如考虑若每天的日志量很大,可以设置为每天生成一个日志文件;并设置日志存放的路径,如下图所示。

syslog04

CentOS 8发布

CentOS8发布,CentOS-8-x86_64-1905-dvd1.iso。

下载地址

CentOS7中,利用rsyslog搭建日志服务器(采集syslog日志),并使用loganalyzer实现日志图形化管理

Rsyslog是一个syslogd的多线程增强版,在syslog的基础上扩展了很多其他功能,如数据库支持(MySQL, PostgreSQL、Oracle等)、日志内容筛选、定义日志格式模板等。除了默认的udp协议外,rsyslog还支持tcp协议来接收日志。

交换机、路由器、防火墙、上网行为管理等设备都支持syslog日志标准输出,网络中如有日志审计设备,即可将日志输出至日志审计设备中,实现日志记录,等保中网内设备日志的记录也是最基本的要求。

若没有专用日志审计设备,可通过相关日志管理软件实现,本文将介绍通过Linux自带的Rsyslog来记录外部日志,并通过loganalyzer实现日志图形化管理。

一、在CentOS7(1804)中配置Rsyslog

1、安装 CentOS

在虚拟化平台中完成CentOS操作系统的安装,准备存放日志的/或/var目录空间相对配置大些,用于存放日志。

2、关闭防火墙

通过systemctl status firewalld.service命令查看防火墙正在运行,如下图:

[root@localhost ~]# systemctl status firewalld.service
鈼[0m firewalld.service – firewalld – dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-09-13 22:43:44 CST; 16h ago
     Docs: man:firewalld(1)
  Main PID: 802 (firewalld)
    Tasks: 2
   CGroup: /system.slice/firewalld.service
           鈹斺攢802 /usr/bin/python -Es /usr/sbin/firewalld –nofork –nopid

Sep 13 22:43:42 localhost.localdomain systemd[1]: Starting firewalld – dynami…
Sep 13 22:43:44 localhost.localdomain systemd[1]: Started firewalld – dynamic…
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]#

rsyslog01

通过命令关闭防火墙,并禁用关机启用防火墙:

[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl status firewalld.service
鈼firewalld.service – firewalld – dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Sat 2019-09-14 15:20:48 CST; 6s ago
     Docs: man:firewalld(1)
  Process: 802 ExecStart=/usr/sbin/firewalld –nofork –nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
  Main PID: 802 (code=exited, status=0/SUCCESS)

Sep 13 22:43:42 localhost.localdomain systemd[1]: Starting firewalld – dynamic firew….
Sep 13 22:43:44 localhost.localdomain systemd[1]: Started firewalld – dynamic firewa….
Sep 14 15:20:46 localhost.localdomain systemd[1]: Stopping firewalld – dynamic firew….
Sep 14 15:20:48 localhost.localdomain systemd[1]: Stopped firewalld – dynamic firewa….
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]#

如上,通过systemctl stop firewalld.service关闭防火墙功能,通过systemctl disable firewalld.service关闭自启动模式。

3、关闭SELINUX

执行如下命令,将SELINUX关闭。

[root@localhost ~]# sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g’ /etc/selinux/config
[root@localhost ~]# more /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is enforced.
#     permissive – SELinux prints warnings instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted – Targeted processes are protected,
#     minimum – Modification of targeted policy. Only selected processes are protected.
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted

[root@localhost ~]# reboot

完成 后reboot重启服务器。

4、配置并启动Rsyslog

rsyslog一般是预先就安装于linux系统的发行版上的,使用如下命令检查下是否已安装Rsyslog:

[root@localhost ~]# rpm -qa | grep rsyslog
rsyslog-8.24.0-16.el7.x86_64
[root@localhost ~]# rsyslogd -v
rsyslogd 8.24.0, compiled with:
        PLATFORM:                               x86_64-redhat-linux-gnu
        PLATFORM (lsb_release -d):
        FEATURE_REGEXP:                         Yes
        GSSAPI Kerberos 5 support:              Yes
        FEATURE_DEBUG (debug build, slow code): No
         32bit Atomic operations supported:      Yes
        64bit Atomic operations supported:      Yes
        memory allocator:                       system default
        Runtime Instrumentation (slow code):    No
        uuid support:                           Yes
        Number of Bits in RainerScript integers: 64

See http://www.rsyslog.com for more information.
[root@localhost ~]#

如上显示默认已安装rsyslog。

rsyslog后台进程默认不能接受外部信息的,但可以通过配置它的配置文件/etc/rsyslog.conf来使之接受外部日志信息,使其变成一台日志管理服务器。使用vi命令配置/etc/rsyslog.conf文件:

[root@localhost ~]# vi /etc/rsyslog.conf

将四个#字符去除,原为:

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

去除后变为:

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

并在最后添加如下内容(目前如下日志文件名称的写法是第天会生成一个log日志文件,若希望一直是一个日志文件,则可以将年月日变量去除,修改为syslog_%FROMHOST-IP%.log即可):

$template RemoteLogs,”/var/log/syslog/%HOSTNAME%/syslog_%$YEAR%-%$MONTH%-%$DAY%_%FROMHOST-IP%.log”
*.* ?RemoteLogs
& ~
fromhost-ip, !isequal, “127.0.0.1”
?Remote
& ~

完成后wq!保存退出。

重启rsyslog进程,并加入开机启动:

[root@localhost ~]# systemctl restart rsyslog
[root@localhost ~]# systemctl enable rsyslog
[root@localhost ~]#

然后查看rsyslog进程是否在运行,514端口是否在侦听:

[root@localhost ~]# systemctl status rsyslog
鈼[0m rsyslog.service – System Logging Service
    Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-09-14 21:57:02 CST; 16s ago
     Docs: man:rsyslogd(8)
           http://www.rsyslog.com/doc/
  Main PID: 5651 (rsyslogd)
   CGroup: /system.slice/rsyslog.service
           鈹斺攢5651 /usr/sbin/rsyslogd -n

Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: action ‘isequal,’ treated as ‘…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: action ‘127’ treated as ‘:omus…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]:  Could not find template 1 ‘Re…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: warning: ~ action is deprecate…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during config processing…]
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# netstat -antup | grep 514
tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      5651/rsyslogd      
tcp6       0      0 :::514                  :::*                    LISTEN      5651/rsyslogd      
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5651/rsyslogd      
udp6       0      0 :::514                  :::*                                5651/rsyslogd      
[root@localhost ~]#

至此rsyslog配置结束,接着配置一台华为5720交换机,配置成将syslog日志传输至本服务器上(192.168.10.209):

[center-s5700]info-center enable
[center-s5700]info-center loghost 192.168.10.209

完成后进入日志服务器的/var/log/syslog目录,生成了一个center-5700的文件夹,进入后,有一个syslog_2019-09-14_192.168.10.253.log日志文件,如下:

rsyslog02

[root@localhost xxx-center-s5700]# cd ..
[root@localhost syslog]# ls
xxx-center-s5700  localhost
[root@localhost syslog]#
[root@localhost syslog]# cd xxx-center-s5700/
[root@localhost xxx-center-s5700]# ls
syslog_2019-09-14_192.168.10.253.log
[root@localhost xxx-center-s5700]# ^C
[root@localhost xxx-center-s5700]#

如上,说明日志文件已经生成,使用more syslog_2019-09-14_192.168.10.253.log查看日志内容

[root@localhost xxx-center-s5700]# more syslog_2019-09-14_192.168.10.253.log
Nov  6 03:17:11 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[0]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”info-center loghost 192.168.10.209″)
Nov  6 03:17:12 xxx-center-s5700 DS/4/DATASYNC_CFGCHANGE: OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 1, the change loo
p count is 0, and the maximum number of records is 4095.
Nov  6 03:17:55 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[1]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”quit”)
Nov  6 03:17:56 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[2]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”quit”)
Nov  6 03:17:56 xxx-center-s5700 %%01SHELL/5/LOGOUT(s)[3]: The user succeeded in log
ging out of VTY0. (UserType=Telnet, UserName=, Ip=192.168.10.66, VpnName=)
Nov  6 03:17:56 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[4]: Recorded command infor
mation. (Task=VT0, Ip=**, VpnName=, User=**, AuthenticationMethod=”Null”, Command=”undo
debugging all”)
Nov  6 03:18:03 xxx-center-s5700 %%01SHELL/5/LOGIN(s)[5]: The user succeeded in logg
ing in to VTY0. (UserType=Telnet, UserName=, AuthenticationMethod=”Password”, Ip=192.168
.10.66, VpnName=)
Nov  6 03:18:04 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[6]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”system-view”)

说明5700交换机日志可以传输至日志服务器上,至此rsyslog配置完成。

但目前只能通过文件的方式来查看日志的内容,不能直观的查看,故下面将介绍结合使用loganalyzer来实现图形化的管理。

二、安装及配置loganalyzer

loganalyzer是一款日志分析工具,配合rsyslog使用,rsyslog用于搜集日志,loganalyzer根据rsyslog搜集到的数据进行分析与图形化展示,并能生成相应报表等功能。

1、安装mariadb(mysql)、httpd(apache)、php

利用yum安装LAMP运行环境,包括mysql、php、httpd等,如下:

[root@localhost /]# yum -y install httpd mariadb-server mariadb php php-mysql mysql-devel
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
  * base: mirrors.163.com
  * extras: mirrors.huaweicloud.com
  * updates: mirrors.163.com
base                                                             | 3.6 kB  00:00:00    
extras                                                           | 3.4 kB  00:00:00    
updates                                                          | 3.4 kB  00:00:00  

…………………………………..

Installed:
  httpd.x86_64 0:2.4.6-89.el7.centos.1          mariadb.x86_64 1:5.5.60-1.el7_5       
  mariadb-devel.x86_64 1:5.5.60-1.el7_5         php.x86_64 0:5.4.16-46.el7            
  php-mysql.x86_64 0:5.4.16-46.el7            

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7_4.1                apr-util.x86_64 0:1.5.2-6.el7           
  httpd-tools.x86_64 0:2.4.6-89.el7.centos.1  keyutils-libs-devel.x86_64 0:1.5.8-3.el7
  krb5-devel.x86_64 0:1.15.1-37.el7_6         libcom_err-devel.x86_64 0:1.42.9-13.el7 
  libkadm5.x86_64 0:1.15.1-37.el7_6           libselinux-devel.x86_64 0:2.5-14.1.el7  
  libsepol-devel.x86_64 0:2.5-10.el7          libverto-devel.x86_64 0:0.2.5-4.el7     
  libzip.x86_64 0:0.10.1-8.el7                mailcap.noarch 0:2.1.41-2.el7           
  openssl-devel.x86_64 1:1.0.2k-16.el7_6.1    pcre-devel.x86_64 0:8.32-17.el7         
  php-cli.x86_64 0:5.4.16-46.el7              php-common.x86_64 0:5.4.16-46.el7       
  php-pdo.x86_64 0:5.4.16-46.el7              zlib-devel.x86_64 0:1.2.7-18.el7        

Dependency Updated:
  e2fsprogs.x86_64 0:1.42.9-13.el7           e2fsprogs-libs.x86_64 0:1.42.9-13.el7     
  krb5-libs.x86_64 0:1.15.1-37.el7_6         libcom_err.x86_64 0:1.42.9-13.el7         
  libselinux.x86_64 0:2.5-14.1.el7           libselinux-python.x86_64 0:2.5-14.1.el7   
  libselinux-utils.x86_64 0:2.5-14.1.el7     libsepol.x86_64 0:2.5-10.el7              
  libss.x86_64 0:1.42.9-13.el7               mariadb-libs.x86_64 1:5.5.60-1.el7_5      
  openssl.x86_64 1:1.0.2k-16.el7_6.1         openssl-libs.x86_64 1:1.0.2k-16.el7_6.1   
  zlib.x86_64 0:1.2.7-18.el7               

Complete!
[root@localhost /]#

如下,完成安装。启动apache和mysql:

[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@localhost ~]# systemctl start mariadb.service
[root@localhost ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@localhost ~]#

使用如下命令查看服务是否启动:

[root@localhost rsyslog-8.24.0]# ss -naplt | grep httpd
LISTEN     0      128         :::80                      :::*                   users:((“httpd”,pid=12789,fd=4),(“httpd”,pid=12788,fd=4),(“httpd”,pid=12787,fd=4),(“httpd”,pid=2433,fd=4),(“httpd”,pid=2432,fd=4),(“httpd”,pid=2431,fd=4),(“httpd”,pid=2430,fd=4),(“httpd”,pid=2429,fd=4),(“httpd”,pid=2426,fd=4))
[root@localhost rsyslog-8.24.0]# ss -naplt | grep mysqld
LISTEN     0      50           *:3306                     *:*                   users:((“mysqld”,pid=12580,fd=13))
[root@localhost rsyslog-8.24.0]#

2、测试PHP

进入html目录,新建index.php文件,如下

[root@localhost www]# cd html     
[root@localhost html]# vi index.php

      在index.php文件中写入如下内容:

<?php
    phpinfo()
?>

      保存退出。
浏览器打开服务器地址http://192.168.10.209,出现如下界面,PHP则运行正常。

rsyslog03

3、安装rsyslog连接数据库模块插件,并导入rsyslog自带的sql脚本

安装rsyslog日志软件连接mysql插件:

[root@localhost ~]# yum -y install rsyslog-mysql

完成安装后,开始导入脚本,首先设置mariadb的root帐号密码,密码为syslog123,如下:

[root@localhost rsyslog-8.24.0]# mysqladmin -u root password syslog123
[root@localhost rsyslog-8.24.0]#

然后进入/usr/share/doc/rsyslog-8.24.0目录,执行mysql-createDB.sql脚本,如下:

[root@localhost rsyslog-8.24.0]#
[root@localhost rsyslog-8.24.0]# pwd
/usr/share/doc/rsyslog-8.24.0
[root@localhost rsyslog-8.24.0]# ls
AUTHORS  ChangeLog  COPYING  COPYING.ASL20  COPYING.LESSER  mysql-createDB.sql
[root@localhost rsyslog-8.24.0]# mysql -u root -p < mysql-createDB.sql
Enter password:
[root@localhost rsyslog-8.24.0]#
[root@localhost rsyslog-8.24.0]#
[root@localhost rsyslog-8.24.0]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> show databases;
+——————–+
| Database           |
+——————–+
| information_schema |
| Syslog             |
| mysql              |
| performance_schema |
| test               |
+——————–+
5 rows in set (0.00 sec)

MariaDB [(none)]> use syslog;
ERROR 1049 (42000): Unknown database ‘syslog’
MariaDB [(none)]> use Syslog;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [Syslog]> show tables;
+————————+
| Tables_in_Syslog       |
+————————+
| SystemEvents           |
| SystemEventsProperties |
+————————+
2 rows in set (0.00 sec)

MariaDB [Syslog]>

如上所示,导入后没有错误产生,查询有SystemEvents、SystemEventsProperties两张表,说明导入脚本成功。

4、创建数据库用户,并使支持rsyslog-mysql模块

库和表已经创建完成,开始创建一个数据库用户,能够写入syslog数据表中,进行如下操作:

MariaDB [Syslog]> grant all on Syslog.* to rsyslog@’localhost’ identified by ‘syslog123’;
Query OK, 0 rows affected (0.01 sec)

MariaDB [Syslog]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [Syslog]> exit
Bye
[root@localhost rsyslog-8.24.0]#

完成后,开始配置rsyslog.conf配置文件,使支持rsyslog-mysql模块:

[root@localhost rsyslog-8.24.0]# vi /etc/rsyslog.conf

将#$ModLoad immark  # provides –MARK– message capability语句的#号去除,并添加如下内容:

$Modload ommysql
*.* :ommysql:localhost,Syslog,rsyslog,syslog123

最终变成:

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
$ModLoad immark  # provides –MARK– message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

$Modload ommysql
*.* :ommysql:localhost,Syslog,rsyslog,syslog123

#### GLOBAL DIRECTIVES ####

rsyslog04

完成修改后,wq!保存退出,并重启rsyslog进程:

[root@localhost rsyslog-8.24.0]# systemctl restart rsyslog.service

5、安装并配置loganalyzer

从官网下载安装包,解压并复制至 /var/www/html目录下:

[root@localhost home]# wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.7.tar.gz
[root@localhost home]# tar -zxvf loganalyzer-4.1.7.tar.gz
[root@localhost home]# ls
aa  loganalyzer-4.1.7  loganalyzer-4.1.7.tar.gz
[root@localhost home]# cd loganalyzer-4.1.7/
[root@localhost loganalyzer-4.1.7]# ls
ChangeLog  contrib  COPYING  doc  INSTALL  src
[root@localhost loganalyzer-4.1.7]# cd src
[root@localhost src]# ls
admin               convert.php  favicon.ico  js                   search.php
asktheoracle.php    cron         images       lang                 statistics.php
BitstreamVeraFonts  css          include      login.php            templates
chartgenerator.php  details.php  index.php    reportgenerator.php  themes
classes             export.php   install.php  reports.php          userchange.php
[root@localhost src]# cd ..
[root@localhost loganalyzer-4.1.7]# ls
ChangeLog  contrib  COPYING  doc  INSTALL  src
[root@localhost loganalyzer-4.1.7]# cp -a ./src/* /var/www/html/
cp: overwrite 鈥var/www/html/index.php鈥 y
[root@localhost loganalyzer-4.1.7]# cp -a ./contrib/* /var/www/html/
[root@localhost loganalyzer-4.1.7]#
[root@localhost loganalyzer-4.1.7]#

完成后,打开浏览器,输入http://192.168.10.209,点击HERE开始安装:

rsyslog05

点击next开始下一步

rsyslog06

提供config.sh文件不存在,权限错误,如下图

rsyslog07

运行软件根目录下的configure.sh,如下:

[root@localhost loganalyzer-4.1.7]# cd /var/www/html/
[root@localhost html]# ls
admin               convert.php  images       login.php            templates
asktheoracle.php    cron         include      reportgenerator.php  themes
BitstreamVeraFonts  css          index.php    reports.php          userchange.php
chartgenerator.php  details.php  install.php  search.php
classes             export.php   js           secure.sh
configure.sh        favicon.ico  lang         statistics.php
[root@localhost html]# sh configure.sh
[root@localhost html]#

完成后,点击上图中的ReCheck按扭,错误清除,如下图,继续next进行下一步

rsyslog08

配置数据库,选择YES,数据库名称Syslog,用户名rsyslog,密码是刚才创建用户时的密码,如下图

rsyslog09

创建表

rsyslog10

检查SQL语句

rsyslog11

创建管理员用户

rsyslog12

通过如下创建一个测试日志文件:

[root@localhost log]# echo 1 > /var/log/syslogtest

syslog file中输入syslogtest,如下图:

rsyslog13

完成安装。

rsyslog14

在刚才的syslogtest中添加一些字符,首页即会产生相应显示,则说明loganalyzer运行正常。

rsyslog15

6、在loganalyzer中添加数据源

综上已经完成了loganalyzer的安装工作,下面开始添加数据源,之前在安装rsyslog时已经添加了两台交换机的日志,并已经在/var/log/syslog目录生成了相应的日志文件,如下图所示:

rsyslog16

点击首页的Login按扭,输入刚才创建的admin用户

rsyslog17

选择Admin Center,如下

rsyslog18

选择Sources,数据源,如下

rsyslog19

选择Add new Sources,添加新的数据源,如下

rsyslog20

如下图,完成日志添加的相应信息

rsyslog21

若出现不能添加的问题,如下

rsyslog22

则需要修改/var/log下相关日志文件的权限,设置为777,如下:

[root@localhost log]# chmod -R 777 syslog

完成后,列表中会增加一个huawei5720的条目,如下

rsyslog23

返回首页,右上角Select Source中选择刚才创建的huawei-5720数据源条目

rsyslog24

刷新后,即能看到5720交换机的相关日志信息,如下图。

rsyslog25

到此,rsyslog和LogAnalyzer安装结束,第一次使用和安装,文中难免有逻辑等错误,仅供参考。

参考文章:

1、https://www.linuxidc.com/Linux/2017-10/147693.htm

2、https://www.cnblogs.com/lsdb/articles/8072115.html

3、https://blog.csdn.net/xdnabl/article/details/51120873

4、https://www.cnblogs.com/zhaodahai/p/6824523.html

5、https://loganalyzer.adiscon.com/doc/install.html

6、https://blog.csdn.net/xdnabl/article/details/51120873

7、https://www.jianshu.com/p/0f6cb74a7280

Debian 10.1发布

下载地址

debian-10.1.0-amd64-DVD-1.iso
debian-10.1.0-amd64-DVD-2.iso
debian-10.1.0-amd64-DVD-3.iso

debian10

RedHat 8

下载地址

混合云智能操作系统
混合型 IT 是当下 IT 领域的大势所趋。但是,如果想要将传统数据中心到公共云服务的庞大生态系统打造成真正的混合环境,还需要满足更多要求—— 比如按需扩展,无缝迁移工作负载,开发和管理可随处运行的应用,只需一个操作系统就可以让这一切成为现实。现在,再加上涵盖所有有效订阅的红帽智能分析,它更能为您提供前瞻性分析和修复功能。这便是红帽 企业 Linux 8。

redhat82

“错误:Cookies因预料之外的输出被阻止。要获取帮助,请参见此文档或访问支持论坛。”错误的解决

本博客wordpress后台不能登陆已经有一段时间了,登陆后台时提示”错误:Cookies因预料之外的输出被阻止。要获取帮助,请参见此文档或访问支持论坛。”,如下图所示:

wordpressloginerror01

后台也一直提示ERROR错误日志,如下所示:

[11-Aug-2019 13:28:39 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) inwp-includes/pluggable.php on line 1223
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/comment.php on line 529
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/comment.php on line 530
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/comment.php on line 531
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/pluggable.php on line 1223
[11-Aug-2019 13:28:46 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/functions.php on line 1315
[11-Aug-2019 13:31:08 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) in wp-includes/feed-rss2-comments.php on line 8
[11-Aug-2019 13:31:09 UTC] PHP Warning:  Cannot modify header information – headers already sent by (output started at /wp-config.php:1) inwp-includes/feed-rss2-comments.php on line 8

如上的错误也导致文章不能更新,最近太忙,今天花了些时间搜索了下,发现可能是由于wp-config.php,使用UE打开,并”另存为“一个新文件,另存为时编码选择”ANSI/ASCII“,如下图所示。

wordpressloginerror02

wordpressloginerror03

完成后,上传wp-config.php覆盖原文件,再次打开后台,发现已经没有cookies错误提示,也能登陆后台管理系统。

在vSphere中手工降低虚拟机的版本(兼容性)

在高版本ESXi上运行的虚拟机vMotion至低版本的ESXi上时会出错,提示不兼容,需要降版本。

目前Esxi6.7的版本为14,Esxi6.5的虚拟机版本为13,如下图,需要手工将虚拟机版本号更改为13。

vmware14_01

打开存储的“数据存储浏览”,如下图

vmware14_03

找到需要降版本的虚拟机文件夹,这里为win2012R,如下图,选中win2012R2.vmx文件,点击下载至本地

vmware14_02

用记事本打开下载的文件,将virtualHW.version = “14”修改为virtualHW.version = “13”,如下图

vmware14_04

完成修改后再上载至原目录,覆盖原文件

vmware14_05

再次启动虚拟机,查看兼容性信息,版本已经修改为13

vmware14_06

现次vMotion,已经没有提示不兼容信息,成功迁移虚拟机。

Zabbix 4.0.2试用(九):在Linux主机中安装zabbix agent并添加该主机(RPM安装,适用于内网无互联网环境)

之前介绍的是用yum源方式安装,前提是主机需要与互联网相通,但有些需监控的客户机可能没有互联网,只有内网环境,就需要使用RPM安装方法,操作如下:

1、关闭防火墙和SELINUX

使用root用户登陆系统:

首先查看防火墙状态

[root@zabbix ~]# firewall-cmd –state
running
[root@zabbix ~]#

关闭firewall,并禁止防火墙开机启动,命令如下:

[root@zabbix ~]# systemctl stop firewalld.service
[root@zabbix ~]# systemctl disable firewalld.service

再次查看,防火墙已不在运行:

[root@zabbix ~]# firewall-cmd –state

安装之前还需将SELINUX关闭,运行如下命令编辑SELINUX配置文件:

[root@zabbix ~]# vi /etc/selinux/config

并将SELINUX=enforcing改成SELINUX=disable,如下:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is enforced.
#     permissive – SELinux prints warnings instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted – Targeted processes are protected,
#     minimum – Modification of targeted policy. Only selected processes are protected.
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted

修改完成后,重启机器,运行如下命令查看是否 SELINUX已关闭:

[root@zabbix ~]# getenforce

退回disable即为已关闭。

2、安装Zabbix Agent

由于此centos客户端没有互联网环境,故不能使用YUM等方式安装,将采用RPM安装包进行安装。

首先进入http://repo.zabbix.com,下载http://repo.zabbix.com/zabbix-official-repo.keyhttp://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-agent-4.0.1-1.el7.x86_64.rpm两个文件,然后开始安装:

首先导入repo:

[root@zabbixclient tmp]# rpm –import zabbix-official-repo.key

agentnew001

完成后,开始安装zabbix agent:

[root@zabbixclient tmp]# rpm -ivh zabbix-agent-4.0.1-1.el7.x86_64.rpm
warning: zabbix-agent-4.0.1-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing…                          ################################# [100%]
Updating / installing…
   1:zabbix-agent-4.0.1-1.el7         ################################# [100%]
[root@zabbixclient tmp]#

agentnew002

3、配置Zabbix Agent配置文件zabbix_agentd.conf

使用vi编辑器编辑配置文件,进入/etc/zabbix/目录,使用vi编辑器打开zabbix_agentd.conf

[root@zabbixclient tmp]# cd /etc/zabbix/
[root@zabbixclient zabbix]# ls
zabbix_agentd.conf  zabbix_agentd.d
[root@zabbixclient zabbix]# vi zabbix_agentd.conf

主要完成以下几项的修改:

EnableRemoteCommands=1       //来至zabbix服务器的远程命令是否允许被执行
Server=192.168.10.208             //zabbix server地址,用于被动模式,数据获取
ServerActive=192.168.10.208    //主动发送的zabbix server地址主动发送的zabbix server地址,用于主动模式,数据提交
Hostname=zabbix                     //和创建主机时的hostname一致
UnsafeUserParameters=1           //启用自定义key,zabbix监控mysql、tomcat等数据时需要自定义key

完成后保存退出。

3、启动Zabbix Agent服务

配置文件修改完成后,开始启动Agent程序,service zabbix-agent status用来查看启动状态,service zabbix-agent start用来启动服务,具体如下:

[root@zabbixclient zabbix]# service zabbix-agent status
Redirecting to /bin/systemctl status zabbix-agent.service
鈼zabbix-agent.service – Zabbix Agent
   Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@zabbixclient zabbix]# service zabbix-agent start
Redirecting to /bin/systemctl start zabbix-agent.service
[root@zabbixclient zabbix]# service zabbix-agent status
Redirecting to /bin/systemctl status zabbix-agent.service
鈼[0m zabbix-agent.service – Zabbix Agent
   Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2019-03-24 19:58:25 CST; 6s ago
  Process: 20179 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS)
  Main PID: 20182 (zabbix_agentd)
    Tasks: 6
   CGroup: /system.slice/zabbix-agent.service
            鈹溾攢20182 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
           鈹溾攢20184 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
           鈹溾攢20185 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
           鈹溾攢20186 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
            鈹溾攢20187 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
           鈹斺攢20188 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]

Mar 24 19:58:25 zabbixclient systemd[1]: Starting Zabbix Agent…
Mar 24 19:58:25 zabbixclient systemd[1]: Started Zabbix Agent.
[root@zabbixclient zabbix]#

agentnew003

4、开机自启动Zabbix Agent服务

通过chkconfig zabbix-agent on命令来实现开机自动启动:

[root@zabbixclient zabbix]# chkconfig zabbix-agent on
Note: Forwarding request to ‘systemctl enable zabbix-agent.service’.
Created symlink from /etc/systemd/system/multi-user.target.wants/zabbix-agent.service to /usr/lib/systemd/system/zabbix-agent.service.
[root@zabbixclient zabbix]#

5、将主机添加至zabbix server平台

打开zabbix server主界面,选择“配置‘->”主机“,点击右上角的”创建“按扭,创建一台主机,如下图

agentinstall06

输入主机名称,群组选择系统默认的Server hardware,agent代理接口IP设置刚才安装agent的主机192.168.10.209,端口默认10050,如下图:

agentinstall07

再选择”模板“选项栏,链接指示器里选择”Template OS Linux“,点击添加,最后点击蓝底添加按扭,完成添加。

agentinstall08

完成后可以看到列表中已经有刚才不回的主机,过几分钟后,可用性一栏中的ZBX变绿即表示监控正常。

agentinstall09

Zabbix 4.0.2试用(八):在Windows2008R2和2012主机中安装zabbix agent并添加该主机

之前介绍了通过两种不同的安装方式来安装zabbix agent,以使服务器能被监控到,本次介绍在Windows下安装agent,以使能被监控,步骤如下:

1、关闭防火墙

若被监控的Windows主机启用了防火墙,需关闭防火墙,或者在防火中开放TCP和UDP的10050端口。

2、下载agent for windows软件

进入Zabbix Agents下载页面,选择Windows amd64架构的版本,如下:

zabbixwindows01

3、安装agent for windows软件(Windows 2008R2)

下载后,将安装包上心至被监控主机中,然后在C盘目录下新建文件夹zabbix_agent,再将安装包中的zabbix_agentd.exe和zabbix_agentd.win.conf文件复制到c:\zabbix_agent文件夹中,如下图

zabbixwindows02

开始编辑配置文件zabbix_agentd.win.conf,右键选择打开,选择使用记事本打开

zabbixwindows03

主要完成以下几项的修改:

EnableRemoteCommands=1          //来至zabbix服务器的远程命令是否允许被执行
Server=192.168.10.208                //zabbix server地址,用于被动模式,数据获取
ServerActive=192.168.10.208       //主动发送的zabbix server地址,用于主动模式,数据提交
Hostname=WIN-9UI6G0K748R      //和创建主机时的hostname一致
UnsafeUserParameters=1             //启用自定义key,zabbix监控mysql、tomcat等数据时需要自定义key

完成后保存退出。

开始安装,在命令行界面中以服务的形式安装 Zabbix Windows agent,如下:

c:\zabbix_agent>c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -i
zabbix_agentd.exe [4532]: service [Zabbix Agent] installed successfully
zabbix_agentd.exe [4532]: event source [Zabbix Agent] installed successfully

c:\zabbix_agent>

zabbixwindows04

进入WINDOWS服务界面,对Zabbix Agent进行编辑,点击“启动”按扭,启动类型为“自动”,如下图。

zabbixwindows05

4、安装agent for windows软件(Windows 2012)

WINDOWS 2012和2008R2的安装方法基本相同,先关闭防火墙或在防火中上打开TCP和R 10050端口,然后先将安装包中的zabbix_agentd.exe和zabbix_agentd.win.conf文件复制到c:\zabbix_agent文件夹中,如下图:

zabbixwindows08

开始编辑配置文件zabbix_agentd.win.conf,右键选择打开,选择使用记事本打开,主要完成以下几项的修改:

EnableRemoteCommands=1          //来至zabbix服务器的远程命令是否允许被执行
Server=192.168.10.208                //zabbix server地址,用于被动模式,数据获取
ServerActive=192.168.10.208       //主动发送的zabbix server地址,用于主动模式,数据提交
Hostname=WIN-9UI6G0K748R      //和创建主机时的hostname一致
UnsafeUserParameters=1             //启用自定义key,zabbix监控mysql、tomcat等数据时需要自定义key

完成后保存退出。

开始安装,在命令行界面中以服务的形式安装 Zabbix Windows agent,如下:

Microsoft Windows [版本 6.3.9600]
(c) 2013 Microsoft Corporation。保留所有权利。

C:\Users\Administrator>c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -i
zabbix_agentd.exe [3756]: service [Zabbix Agent] installed successfully
zabbix_agentd.exe [3756]: event source [Zabbix Agent] installed successfully

C:\Users\Administrator>

zabbixwindows09

安装、卸载、启动等参数说明:

c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -i
c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -s
c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -x
c:\zabbix_agent\zabbix_agentd.exe -c c:\zabbix_agent\zabbix_agentd.win.conf -d

-c:指定配置文件所有位置
-i:安装客户端
-s:启动客户端
-x:停止客户端
-d:卸载客户端

开始启动服务,和WIN2008R2一样,打开2012的服务窗口,在最后找到Zabbix Agent的服务名称,右键属性,启动类型选择“自动”,并点击“启动”按扭,如下:

zabbixwindows10

5、将主机添加至zabbix server平台

首先添加WIN2008R2的主机,打开zabbix server主界面,选择“配置‘->”主机“,点击右上角的”创建“按扭,创建一台主机,如下图

agentinstall06

输入主机名称和可见的名称,群组选择系统默认的Server hardware,agent代理接口IP设置刚才安装agent的主机192.168.10.210,端口默认10050,如下图:

zabbixwindows06

再选择”模板“选项栏,链接指示器里选择”Template OS Windows“,点击添加,最后点击蓝底添加按扭,完成添加。

zabbixwindows07

WIN2012的主机添加方法与2008R2的相同,添加后,等待5分钟左右,即可看到可用性一栏中的ZBX已经变绿,证明监控平台已经监控到两台WINDOWS主机,如下图。

zabbixwindows11

参考文章:https://www.zabbix.com/documentation/4.0/zh/manual/concepts/agent

Zabbix 4.0.2试用(七):在Linux主机中安装zabbix agent并添加该主机(yum源安装)

之前介绍的是下载源安装包,编译安装的方式来安装agent,本次将采用yum源方式安装,前提是主机需要与互联网相通,操作如下:

1、关闭防火墙和SELINUX

使用root用户登陆系统:

首先查看防火墙状态

[root@zabbix ~]# firewall-cmd –state
running
[root@zabbix ~]#

关闭firewall,并禁止防火墙开机启动,命令如下:

[root@zabbix ~]# systemctl stop firewalld.service
[root@zabbix ~]# systemctl disable firewalld.service

再次查看,防火墙已不在运行:

[root@zabbix ~]# firewall-cmd –state

安装之前还需将SELINUX关闭,运行如下命令编辑SELINUX配置文件:

[root@zabbix ~]# vi /etc/selinux/config

并将SELINUX=enforcing改成SELINUX=disable,如下:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is enforced.
#     permissive – SELinux prints warnings instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted – Targeted processes are protected,
#     minimum – Modification of targeted policy. Only selected processes are protected.
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted

修改完成后,重启机器,运行如下命令查看是否 SELINUX已关闭:

[root@zabbix ~]# getenforce

退回disable即为已关闭。

2、安装Zabbix Agent

首先需添加对应的yum repository:

进入zabbix官网文档,选择产品手册->安装->从二进制包安装->1 Red Hat Enterprise,

zabbixinstallx21

zabbixagentyum01

开始安装agent:

[root@localhost ~]# yum install zabbix-agent
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
  * base: centos.ustc.edu.cn
  * extras: centos.ustc.edu.cn
  * updates: mirrors.shu.edu.cn
base                                                                        | 3.6 kB  00:00:00    
extras                                                                      | 3.4 kB  00:00:00    
updates                                                                     | 3.4 kB  00:00:00    
zabbix                                                                      | 2.9 kB  00:00:00    
zabbix-non-supported                                                        |  951 B  00:00:00    
updates/7/x86_64/primary_db    FAILED                                         
http://mirrors.shu.edu.cn/centos/7.6.1810/updates/x86_64/repodata/384ed51dad1c96d9f80866dedacb6fd008516393c597a3da83afd33281356e1b-primary.sqlite.bz2: [Errno 14] curl#7 – “Failed connect to mirrors.shu.edu.cn:80; Connection refused”
Trying other mirror.
(1/5): extras/7/x86_64/primary_db                                           | 156 kB  00:00:00    
(2/5): base/7/x86_64/group_gz                                               | 166 kB  00:00:00    
(3/5): zabbix/x86_64/primary_db                                             |  26 kB  00:00:00    
(4/5): updates/7/x86_64/primary_db                                          | 1.3 MB  00:00:04    
(5/5): base/7/x86_64/primary_db                                             | 6.0 MB  00:00:10    
zabbix-non-supported/x86_64/primary                                         | 1.6 kB  00:00:00    
zabbix-non-supported                                                                           4/4
Resolving Dependencies
–> Running transaction check
—> Package zabbix-agent.x86_64 0:4.0.2-1.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================
  Package                   Arch                Version                   Repository           Size
===================================================================================================
Installing:
  zabbix-agent              x86_64              4.0.2-1.el7               zabbix              384 k

Transaction Summary
===================================================================================================
Install  1 Package

Total download size: 384 k
Installed size: 1.5 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/zabbix/packages/zabbix-agent-4.0.2-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Public key for zabbix-agent-4.0.2-1.el7.x86_64.rpm is not installed
zabbix-agent-4.0.2-1.el7.x86_64.rpm                                         | 384 kB  00:00:01    
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
Importing GPG key 0xA14FE591:
  Userid     : “Zabbix LLC <packager@zabbix.com>”
  Fingerprint: a184 8f53 52d0 22b9 471d 83d0 082a b56b a14f e591
  Package    : zabbix-release-4.0-1.el7.noarch (installed)
  From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : zabbix-agent-4.0.2-1.el7.x86_64                                                 1/1
  Verifying  : zabbix-agent-4.0.2-1.el7.x86_64                                                 1/1

Installed:
  zabbix-agent.x86_64 0:4.0.2-1.el7                                                              

Complete!
[root@localhost ~]#

3、配置Zabbix Agent

完成安装后,开始配置zabbix_agentd.conf配置文件:

[root@localhost ~]# vi /etc/zabbix/zabbix_agentd.conf

主要完成以下几项的修改:

EnableRemoteCommands=1       //来至zabbix服务器的远程命令是否允许被执行
Server=192.168.10.208             //zabbix server地址,用于被动模式,数据获取
ServerActive=192.168.10.208    //主动发送的zabbix server地址,用于主动模式,数据提交
Hostname=localhost                  //和创建主机时的hostname一致
UnsafeUserParameters=1           //启用自定义key,zabbix监控mysql、tomcat等数据时需要自定义key

完成后保存退出。

4、启动Zabbix Agent

配置文件修改后,开始启动服务:

启动服务:

[root@localhost ~]# systemctl start zabbix-agent.service

添加开机启动功能:

[root@localhost ~]# systemctl enable zabbix-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/zabbix-agent.service to /usr/lib/systemd/system/zabbix-agent.service.

查看agent服务是否已启动:

[root@localhost ~]# ps -ef | grep zabbix
zabbix    2842     1  0 06:37 ?        00:00:00 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
zabbix    2843  2842  0 06:37 ?        00:00:00 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
zabbix    2844  2842  0 06:37 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
zabbix    2845  2842  0 06:37 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
zabbix    2846  2842  0 06:37 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
zabbix    2847  2842  0 06:37 ?        00:00:00 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
root      2896  2435  0 06:38 pts/1    00:00:00 grep –color=auto zabbix
[root@localhost ~]#
[root@localhost ~]# ss -tnl | grep 10050
LISTEN     0      128          *:10050                    *:*                 
LISTEN     0      128         :::10050                   :::*                

如上,已发现agentd进程运行,并且10050端口已启动。

6、将主机添加至zabbix server平台

打开zabbix server主界面,选择“配置‘->”主机“,点击右上角的”创建“按扭,创建一台主机,如下图

agentinstall06

输入主机名称,群组选择系统默认的Server hardware,agent代理接口IP设置刚才安装agent的主机192.168.10.209,端口默认10050,如下图:

agentinstall07

再选择”模板“选项栏,链接指示器里选择”Template OS Linux“,点击添加,最后点击蓝底添加按扭,完成添加。

agentinstall08

完成后可以看到列表中已经有刚才不回的主机,过几分钟后,可用性一栏中的ZBX变绿即表示监控正常。

agentinstall09