TCP十二种连接状态说明
可以使用man netstat查看
LISTEN - 侦听来自远方TCP端口的连接请求; SYN-SENT -在发送连接请求后等待匹配的连接请求; SYN-RECEIVED - 在收到和发送一个连接请求后等待对连接请求的确认; ESTABLISHED- 代表一个打开的连接,数据可以传送给用户; FIN-WAIT-1 - 等待远程TCP的连接中断请求,或先前的连接中断请求的确认; FIN-WAIT-2 - 从远程TCP等待连接中断请求; CLOSE-WAIT - 等待从本地用户发来的连接中断请求; CLOSING -等待远程TCP对连接中断的确认; LAST-ACK - 等待原来发向远程TCP的连接中断请求的确认; TIME-WAIT -等待足够的时间以确保远程TCP接收到连接中断请求的确认; CLOSED - 没有任何连接状态;
监控命令
ss -ant | awk 'NR>1{++b[$1]} END{for(a in b)print a,b[a]}'
也可以使用
netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}'
监控脚本vim tcp_status.sh 放入系统任意位置,如/xx/zabbix/shells
#!/bin/bash #this script is used to get tcp and udp connetion status #tcp status metric=$1 tmp_file=/tmp/tcp_status.txt /bin/netstat -an|awk '/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}' > $tmp_file
case $metric in closed) output=$(awk '/CLOSED/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; listen) output=$(awk '/LISTEN/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; synrecv) output=$(awk '/SYN_RECV/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; synsent) output=$(awk '/SYN_SENT/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; established) output=$(awk '/ESTABLISHED/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; timewait) output=$(awk '/TIME_WAIT/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; closing) output=$(awk '/CLOSING/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; closewait) output=$(awk '/CLOSE_WAIT/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; lastack) output=$(awk '/LAST_ACK/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; finwait1) output=$(awk '/FIN_WAIT1/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; finwait2) output=$(awk '/FIN_WAIT2/{print $2}' $tmp_file) if [ "$output" == "" ];then echo 0 else echo $output fi ;; *) echo -e "e[033mUsage: sh $0 [closed|closing|closewait|synrecv|synsent|finwait1|finwait2|listen|established|lastack|timewait]e[0m" esac
在配置文件zabbix_agentd.conf的Include对应目录下添加配置文件
vim tcp_status.conf
UserParameter=tcp.status[*],/xx/zabbix/shells/tcp_status.sh $1
重启zabbix_agent
测试
zabbix_get -s 192.168.1.1 -k tcp.status[listen]
监控页面导入模板文件xx.xml
<?xml version="1.0" encoding="UTF-8"?> <zabbix_export> <version>2.0</version> <date>2018-04-02T15:38:44Z</date> <groups> <group> <name>Templates</name> </group> </groups> <templates> <template> <template>Template TCP Connection Status</template> <name>Template TCP Connection Status</name> <groups> <group> <name>Templates</name> </group> </groups> <applications> <application> <name>TCP Status</name> </application> </applications> <items> <item> <name>CLOSED</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[closed]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>CLOSE_WAIT</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[closewait]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>CLOSING</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[closing]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>ESTABLISHED</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[established]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>FIN_WAIT1</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[finwait1]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>FIN_WAIT2</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[finwait2]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>LAST_ACK</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[lastack]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>LISTEN</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[listen]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>SYN_RECV</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[synrecv]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>SYN_SENT</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[synsent]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> <item> <name>TIME_WAIT</name> <type>0</type> <snmp_community/> <multiplier>0</multiplier> <snmp_oid/> <key>tcp.status[timewait]</key> <delay>60</delay> <history>90</history> <trends>365</trends> <status>0</status> <value_type>3</value_type> <allowed_hosts/> <units/> <delta>0</delta> <snmpv3_contextname/> <snmpv3_securityname/> <snmpv3_securitylevel>0</snmpv3_securitylevel> <snmpv3_authprotocol>0</snmpv3_authprotocol> <snmpv3_authpassphrase/> <snmpv3_privprotocol>0</snmpv3_privprotocol> <snmpv3_privpassphrase/> <formula>1</formula> <delay_flex/> <params/> <ipmi_sensor/> <data_type>0</data_type> <authtype>0</authtype> <username/> <password/> <publickey/> <privatekey/> <port/> <description/> <inventory_link>0</inventory_link> <applications> <application> <name>TCP Status</name> </application> </applications> <valuemap/> </item> </items> <discovery_rules/> <macros/> <templates/> <screens/> </template> </templates> <triggers> <trigger> <expression>{Template TCP Connection Status:tcp.status[timewait].last()}>10000</expression> <name>There are too many TCP TIME_WAIT status</name> <url/> <status>0</status> <priority>4</priority> <description/> <type>0</type> <dependencies/> </trigger> </triggers> <graphs> <graph> <name>TCP Status</name> <width>900</width> <height>200</height> <yaxismin>0.0000</yaxismin> <yaxismax>100.0000</yaxismax> <show_work_period>1</show_work_period> <show_triggers>1</show_triggers> <type>0</type> <show_legend>1</show_legend> <show_3d>0</show_3d> <percent_left>0.0000</percent_left> <percent_right>0.0000</percent_right> <ymin_type_1>0</ymin_type_1> <ymax_type_1>0</ymax_type_1> <ymin_item_1>0</ymin_item_1> <ymax_item_1>0</ymax_item_1> <graph_items> <graph_item> <sortorder>0</sortorder> <drawtype>0</drawtype> <color>C80000</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[closed]</key> </item> </graph_item> <graph_item> <sortorder>1</sortorder> <drawtype>0</drawtype> <color>00C800</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[closewait]</key> </item> </graph_item> <graph_item> <sortorder>2</sortorder> <drawtype>0</drawtype> <color>0000C8</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[closing]</key> </item> </graph_item> <graph_item> <sortorder>3</sortorder> <drawtype>0</drawtype> <color>C800C8</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[established]</key> </item> </graph_item> <graph_item> <sortorder>4</sortorder> <drawtype>0</drawtype> <color>00C8C8</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[finwait1]</key> </item> </graph_item> <graph_item> <sortorder>5</sortorder> <drawtype>0</drawtype> <color>C8C800</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[finwait2]</key> </item> </graph_item> <graph_item> <sortorder>6</sortorder> <drawtype>0</drawtype> <color>C8C8C8</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[lastack]</key> </item> </graph_item> <graph_item> <sortorder>7</sortorder> <drawtype>0</drawtype> <color>960000</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[listen]</key> </item> </graph_item> <graph_item> <sortorder>8</sortorder> <drawtype>0</drawtype> <color>009600</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[synrecv]</key> </item> </graph_item> <graph_item> <sortorder>9</sortorder> <drawtype>0</drawtype> <color>000096</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[synsent]</key> </item> </graph_item> <graph_item> <sortorder>10</sortorder> <drawtype>0</drawtype> <color>960096</color> <yaxisside>0</yaxisside> <calc_fnc>2</calc_fnc> <type>0</type> <item> <host>Template TCP Connection Status</host> <key>tcp.status[timewait]</key> </item> </graph_item> </graph_items> </graph> </graphs> </zabbix_export>
