ÔõÑù¼à¿ØcentosЧÀÍÆ÷ÒÔ¼°ÊµÊ±·¢Ã÷ºÍÓ¦¶ÔÇå¾²ÊÂÎñ

ÔÚ»¥ÁªÍøʱ´ú£¬Ð§ÀÍÆ÷ÊÎÑÝ×ÅÖÁ¹ØÖ÷ÒªµÄ½ÇÉ«£¬³ÐÔØ×ÅÖÖÖÖÓªÒµºÍÊý¾Ý£¬Òò´ËЧÀÍÆ÷Çå¾²¼à¿ØÏÔµÃÓÈΪÖ÷Òª¡£±¾ÎĽ«ÏÈÈÝÔõÑùÔÚCentOSЧÀÍÆ÷ÉϾÙÐмà¿Ø£¬²¢ÇÒÄܹ»ÊµÊ±·¢Ã÷ºÍÓ¦¶ÔÇå¾²ÊÂÎñ¡£ÎÒÃǽ«ÌÖÂÛÒÔϼ¸¸ö·½Ã棺ϵͳ¼à¿Ø¡¢ÍøÂç¼à¿Ø¡¢ÈÕÖ¾¼à¿ØÒÔ¼°Çå¾²ÊÂÎñ´¦Àí¡£

ϵͳ¼à¿Ø

ΪÁËʵʱ·¢Ã÷ЧÀÍÆ÷µÄÒì³££¬ÎÒÃÇ¿ÉÒÔʹÓÃһЩ¹¤¾ßÀ´¼à¿ØЧÀÍÆ÷µÄÐÔÄܺÍ״̬¡£³£ÓõÄϵͳ¼à¿Ø¹¤¾ßÓÐZabbix¡¢NagiosµÈ¡£ÒÔZabbixΪÀý£¬ÎÒÃÇ¿ÉÒÔͨ¹ýÒÔÏ°취À´×°ÖúÍÉèÖãº

1£©×°ÖÃZabbix Server¶Ë£º

yum install zabbix-server-mysql zabbix-web-mysql -y

µÇ¼ºó¸´ÖÆ

2£©×°ÖÃZabbix Agent¶Ë£º

yum install zabbix-agent -y

µÇ¼ºó¸´ÖÆ

3£©ÉèÖÃZabbix Server¶ËºÍAgent¶Ë£º

ÔÚZabbix Server¶ËµÄÉèÖÃÎļþ /etc/zabbix/zabbix_server.conf ÖУ¬ÐÞ¸ÄÊý¾Ý¿âÅþÁ¬ÐÅÏ¢£º

DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=zabbix

µÇ¼ºó¸´ÖÆ

ÔÚZabbix Agent¶ËµÄÉèÖÃÎļþ /etc/zabbix/zabbix_agentd.conf ÖУ¬ÉèÖÃServerºÍServerActiveµÄIPµØµãΪZabbix ServerµÄIP¡£

Server=Zabbix_Server_IP
ServerActive=Zabbix_Server_IP

µÇ¼ºó¸´ÖÆ

4£©Æô¶¯Zabbix ServerºÍAgentЧÀÍ£º

systemctl start zabbix-server
systemctl start zabbix-agent

µÇ¼ºó¸´ÖÆ

ͨ¹ýWeb½çÃæ»á¼ûZabbix Server£¬¾ÙÐмà¿ØÏîµÄÉèÖúÍÉ趨±¨¾¯¹æÔò¡£

ÍøÂç¼à¿Ø

³ýÁËϵͳ¼à¿Ø£¬ÎÒÃÇ»¹ÐèÒª¶ÔЧÀÍÆ÷Ëù´¦µÄÍøÂçÇéÐξÙÐмà¿Ø£¬ÒÔ±ãʵʱ·¢Ã÷Òì³£¡£³£ÓõÄÍøÂç¼à¿Ø¹¤¾ßÓÐNetData¡¢IcingaµÈ¡£ÒÔNetDataΪÀý£¬ÎÒÃÇ¿ÉÒÔͨ¹ýÒÔÏ°취À´×°ÖúÍÉèÖãº

1£©×°ÖÃNetData£º

bash <(curl -Ss https://my-netdata.io/kickstart.sh)

µÇ¼ºó¸´ÖÆ

2£©Æô¶¯NetDataЧÀÍ£º

systemctl start netdata

µÇ¼ºó¸´ÖÆ

ͨ¹ýä¯ÀÀÆ÷»á¼ûhttp://ЧÀÍÆ÷IP:19999£¬¼´¿ÉÉó²éЧÀÍÆ÷µÄÍøÂç״̬ºÍÐÔÄÜÐÅÏ¢¡£

ÈÕÖ¾¼à¿Ø

ÈÕÖ¾¼à¿ØÊǺÜÊÇÖ÷ÒªµÄ£¬Ëü¿ÉÒÔ×ÊÖúÎÒÃÇʵʱ²ì¾õµ½Ç±ÔÚµÄÇå¾²ÎÊÌâ¡£³£ÓõÄÈÕÖ¾¼à¿Ø¹¤¾ßÓÐELK Stack£¨Elasticsearch, Logstash, Kibana£©¡¢GraylogµÈ¡£ÒÔELK StackΪÀý£¬ÎÒÃÇ¿ÉÒÔͨ¹ýÒÔÏ°취À´×°ÖúÍÉèÖãº

1£©×°ÖúÍÉèÖÃElasticsearch£º

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo "[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md" | sudo tee /etc/yum.repos.d/elasticsearch.repo
yum install elasticsearch -y

vi /etc/elasticsearch/elasticsearch.yml
cluster.name: my-application
node.name: node-1
network.host: 0.0.0.0

µÇ¼ºó¸´ÖÆ

2£©×°ÖúÍÉèÖÃLogstash£º

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo "[logstash-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md" | sudo tee /etc/yum.repos.d/logstash.repo
yum install logstash -y

vi /etc/logstash/conf.d/logstash.conf
input {
  file {
    path => "/var/log/*.log"
    start_position => "beginning"
  }
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
  }
}

µÇ¼ºó¸´ÖÆ

3£©×°ÖúÍÉèÖÃKibana£º

echo "[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md" | sudo tee /etc/yum.repos.d/kibana.repo
yum install kibana -y

vi /etc/kibana/kibana.yml
server.host: "0.0.0.0"

µÇ¼ºó¸´ÖÆ

4£©Æô¶¯Elasticsearch¡¢LogstashºÍKibanaЧÀÍ£º

systemctl start elasticsearch
systemctl start logstash
systemctl start kibana

µÇ¼ºó¸´ÖÆ

ͨ¹ýä¯ÀÀÆ÷»á¼ûhttp://ЧÀÍÆ÷IP:5601£¬¾ÙÐÐKibanaµÄÉèÖá£

Çå¾²ÊÂÎñ´¦Àí

Ò»µ©·¢Ã÷ЧÀÍÆ÷µÄÇå¾²ÊÂÎñ£¬ÎÒÃÇÐèҪʵʱ´¦ÀíºÍÓ¦¶Ô¡
£¿ÉÒÔƾ֤ÏêϸÇéÐξÙÐÐÏìÓ¦µÄ²Ù×÷£¬Èç·â½ûÒì³£IP¡¢¹Ø±ÕÎó²îЧÀÍ¡¢ÐÞ¸´Îó²îµÈ¡£ÒÔÏÂÊÇÒ»¸öʾÀý´úÂ룬ÓÃÓÚ·â½ûÒì³£IPµØµã£º

#!/bin/bash

IP="192.168.1.100"

iptables -I INPUT -s $IP -j DROP
service iptables save

µÇ¼ºó¸´ÖÆ

½«ÒÔÉÏ´úÂëÉúÑÄΪblock_ip.sh£¬²¢¸¶ÓëÖ´ÐÐȨÏÞ£º

chmod +x block_ip.sh

µÇ¼ºó¸´ÖÆ

Ö´Ðо籾¼´¿É·â½ûÖ¸¶¨IPµØµã£º

./block_ip.sh

µÇ¼ºó¸´ÖÆ

×ÛÉÏËùÊö£¬ÎÒÃÇ¿ÉÒÔͨ¹ýϵͳ¼à¿Ø¡¢ÍøÂç¼à¿Ø¡¢ÈÕÖ¾¼à¿ØÒÔ¼°Çå¾²ÊÂÎñ´¦ÀíÀ´ÊµÏÖ¶ÔCentOSЧÀÍÆ÷µÄʵʱ¼à¿ØºÍÇå¾²Ó¦¶Ô¡£ËäÈ»£¬ÕâЩֻÊÇ»ù´¡µÄ¼à¿ØºÍ´¦ÀíÒªÁ죬ƾ֤ÏêϸÇéÐκÍÐèÇó£¬ÎÒÃÇ»¹¿ÉÒÔʹÓøü¶à¸ß¼¶µÄ¹¤¾ßºÍÊÖÒÕÀ´Ìá¸ßЧÀÍÆ÷µÄÇå¾²ÐÔºÍÎȹÌÐÔ¡£Ï£Íû±¾ÎÄÄܶԸ÷ÈËÓÐËù×ÊÖú¡£

ÒÔÉϾÍÊÇÔõÑù¼à¿ØCentOSЧÀÍÆ÷ÒÔ¼°ÊµÊ±·¢Ã÷ºÍÓ¦¶ÔÇå¾²ÊÂÎñµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡