iptables_cacti_nagios
cacti:在被检测端(客户端)修改iptables,允许服务端访问被检测端的udp161端口。
# yum -y install ntp net-snmp net-snmp-devel net-snmp-utils net-snmp-libs net-snmp-utils net-snmp-perl
# service snmdp restart
# iptables -I INPUT -p udp -m udp -s 服务端IP地址 --dport 161 -j ACCEPT
# iptables-save > iptables.script
# iptables-save
# vi iptables.script
有:
-A INPUT -s 服务端IP地址 -p udp -m udp --dport 161 -j ACCEPT
# iptables-save > iptables.script
到服务端测试验证下:
# snmpwalk -v1 被检测客户端IP地址 -c 暗语 system
==================================================
nagios
在被监控客户端操作如下:
# mkdir -p /data/src
# cd /data/src
# scp abc@xx.xx.xx.xx:/data/src/* .
# tar -xvzf nrpe-2.13.tar.gz
# cd nrpe-2.13
# yum -y install openssl openssl-devel
# ./configure --enable-ssl --enable-command-args
# make all
# useradd nagios
# make install-plugin
# make install-daemon
# make install-daemon-config
# tar -xvzf nagios-plugins-1.4.9.tar.gz
# cd nagios-plugins-1.4.9
# ./configure --prefix=/usr/local/nagios --with-nagios-user=nagios --with-nagios-group=nagios
# make && make install
# cd /usr/local/nagios/etc
# vi nrpe.cfg
dont_blame_nrpe=1
allowed_hosts=127.0.0.1,服务端IP地址
# /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
# ps aux|grep nrpe
# netstat -nlp|grep nrpe
检查被监控客户端已经有nrpe进程并且5666端口有在监听,然后修改iptables设置,允许服务端访问被监控客户端nrpe服务对应的端口5666
# vi iptables.script
添加:
-A RH-Firewall-1-INPUT -s 服务端IP地址 -m state --state NEW -m tcp -p tcp --dport 5666 -j ACCEPT
# iptables-restore iptables.script
# iptables-save
在服务端操作如下:
# telnet 被监控客户端IP地址 5666
如果报:
$ telnet 被监控客户端IP地址 5666
Trying 被监控客户端IP地址...
Connected to 被监控客户端IP地址 (被监控客户端IP地址).
Escape character is '^]'.
Connection closed by foreign host.
请返回到被监控客户端检查selinux的状态:
# getenforce
Enforcing
# vi /etc/selinux/config
#SELINUX=enforcing
SELINUX=disabled
# setenforce 0
# getenforce
Permissive
页:
[1]