Zabbix联合报警

2417 字
12 分钟
Zabbix联合报警

Zabbix联合报警#

[TOC]


触发器#

用户登录数优化#

image-20260413083416025
image-20260413083416025

  • 今天登录上去发现有报错!
    • 未知的字符❌️
Terminal window
[root@Client ~]# head -1 /etc/zabbix/zabbix_agentd.d/os.conf
UserParameter=user_login,w | awk 'NR==1{print $4}'
[root@Client ~]# w | awk 'NR==1{print $4}'
min,
# 已经出现问题了!
[root@Client ~]# w
08:30:16 up 10 min, 2 users, load average: 0.00, 0.00, 0.00
[root@Client ~]# w | awk 'NR==1{print $(NF-6)}'
2
'我们从后往前取就可以了!'
# 修改一下相应的配置&&重启服务
# 服务端测试
[root@Zabbix ~]# zabbix_get -s 192.168.88.102 -k user_login
2
'现在就正常了'

image-20260413083848063
image-20260413083848063

Terminal window
设置用户登录数超过2个则告警通知
'默认告警到zabbix界面中'

image-20260413084443226
image-20260413084443226

image-20260413084650950
image-20260413084650950

image-20260413085146247
image-20260413085146247

image-20260413085449028
image-20260413085449028

image-20260413085540912
image-20260413085540912

image-20260413090304555
image-20260413090304555

内存报警#

Terminal window
[root@Client ~]# free | awk 'NR==2{print $3/$2*100}'
21.3618
# 可以用ab命令-->给内存点压力
ab -n800000 -c200 http://127.0.0.1/index.php
"设置内存超过21%告警(实际工作中80%)"

image-20260413091550864
image-20260413091550864

image-20260413091619255
image-20260413091619255

  • 想要恢复,最简便的方式就是把数值调回去!
    • 重新调整触发器的数值

联合报警#

image-20260413093859117
image-20260413093859117

  • 我们先把之前的触发器删除掉,以防干扰

  • 👆的配置是 用户登录数 && 22端口

    • 实际工作中,它们没有任何关联

image-20260413093957063
image-20260413093957063

image-20260413094053803
image-20260413094053803

  • 必须两个都降下来, ==才行==

邮件报警#

发送方#

image-20260413101045264
image-20260413101045264

image-20260413102139602
image-20260413102139602

image-20260413101857950
image-20260413101857950

image-20260413104346556
image-20260413104346556

Terminal window
'消息模版'
# 默认标题:
故障:{EVENT.NAME}
# 消息内容:
报警主机:{HOST.NAME1}
报警服务:{ITEM.NAME}
报警key1:{ITEM.KEY1}{ITEM.VALUE1}
报警key2:{ITEM.KEY2}{ITEM.VALUE2}
严重级别:{TRIGGER.SEVERITY}
'恢复操作'
# 默认标题:
恢复:{EVENT.NAME}
# 消息内容:
恢复主机:{HOST.NAME1}
恢复服务:{ITEM.NAME}
恢复key1:{ITEM.KEY1}{ITEM.VALUE1}
恢复key2:{ITEM.KEY2}{ITEM.VALUE2}

image-20260413104657531
image-20260413104657531

动作#

image-20260413102514880
image-20260413102514880

image-20260413102649113
image-20260413102649113

  • 触发报警--->则发送邮件
    • ==具体的操作==👆

image-20260413105747223
image-20260413105747223

image-20260413110054474
image-20260413110054474

收件用户#

image-20260413103706787
image-20260413103706787


  • 我们试着触发联合报警!

image-20260413110453525
image-20260413110453525

image-20260413110632377
image-20260413110632377

image-20260413110750805
image-20260413110750805


  • ==恢复故障后==

image-20260413110954796
image-20260413110954796

远程执行命令#

Terminal window
场景复原:
半夜,服务挂了-->nginx的80端口-->但是我们正在睡觉(没有收到消息)
# 我们要试着抢救一下,比如重启一下服务!
# 下面的实例中我们以22-->sshd服务举例
1)先进行sudo提权
# 有些操作需要root权限
[root@Client ~]# visudo
zabbix ALL=(ALL) NOPASSWD: /usr/bin/systemctl
'NOPASSWD: ⚠️中间一定要有个空格!'
# 客户端虽然是以root进程启动的,但是被服务端远程操作时,会进行降级为zabbix
# 这样 zabbix 重启服务的时候就有权限了!
[root@Client ~]# su - zabbix -s /bin/bash
su: warning: cannot change directory to /var/lib/zabbix: No such file or directory
'可以自行切换测试,命令是否可以执行成功✅️'
[zabbix@Client root]$ sudo systemctl restart sshd
# 成功执行
2)允许远程执行命令
[root@Client ~]# vim /etc/zabbix/zabbix_agentd.conf
[root@Client ~]# grep -n "^EnableRemoteCommands" /etc/zabbix/zabbix_agentd.conf
93:EnableRemoteCommands=1
=========================
👆是老版本的参数<6.0
AllowKey=system.run[*]
'我们6.0用这个,没有⚠️信息!'
✅️详细介绍参考下面"📚自定义模版"
3)重启生效
[root@Client ~]# systemctl restart zabbix-agent
"监控项sshd"-->"新建触发器"-->"脚本"-->"动作"
# 我有这个监控项
⚠️Zabbix 6.0 起, 远程命令需先在“管理 脚本”中定义
✅️然后才能在“动作”的“操作”中调用

image-20260413114948827
image-20260413114948827

image-20260413121912163
image-20260413121912163

image-20260413120818268
image-20260413120818268

image-20260413122340686
image-20260413122340686

image-20260413122514984
image-20260413122514984

image-20260413133830703
image-20260413133830703

Terminal window
[root@Client ~]# systemctl stop sshd
# 关闭服务后
[root@Client ~]# ss -lntup | grep 0:22
# 刚开始没有
[root@Client ~]# ss -lntup | grep 0:22
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=25322,fd=7))
# 可以自行拉起来!
'就不需要上升到发送邮件了'

企业微信报警#

准备工作#

image-20260413151003200
image-20260413151003200


微信公众平台

  • ==注册企业微信==

image-20260414080903379
image-20260414080903379

image-20260414081119183
image-20260414081119183

image-20260414081330141
image-20260414081330141

image-20260414081448005
image-20260414081448005

image-20260414081556079
image-20260414081556079

image-20260414081926734
image-20260414081926734

image-20260414082736750
image-20260414082736750

image-20260414081958804
image-20260414081958804

#!/usr/bin/env python
#-*- coding: utf-8 -*-
#author: jiuzhao
#date: 2026
#comment: zabbix接入微信报警脚本
import requests
import sys
import os
import json
import logging
logging.basicConfig(level = logging.DEBUG, format = '%(asctime)s, %(filename)s, %(levelname)s, %(message)s',
datefmt = '%a, %d %b %Y %H:%M:%S',
filename = os.path.join('/tmp','weixin.log'),
filemode = 'a')
corpid='企业ID'
appsecret='应用密码'
agentid='1000002'
#获取accesstoken
token_url='https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=' + corpid + '&corpsecret=' + appsecret
req=requests.get(token_url)
accesstoken=req.json()['access_token']
#发送消息
msgsend_url='https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=' + accesstoken
touser=sys.argv[1]
subject=sys.argv[2]
#toparty='3|4|5|6'
message=sys.argv[2] + "\n\n" +sys.argv[3]
params={
"touser": touser,
# "toparty": toparty,
"msgtype": "text",
"agentid": agentid,
"text": {
"content": message
},
"safe":0
}
response = requests.post(msgsend_url, data=json.dumps(params))
response_data = response.json()
# 添加对 API 返回结果的检查
if response_data.get('errcode') == 0:
logging.info(f'Message sent successfully to {touser}. Response: {response_data}')
else:
logging.error(f'Failed to send message to {touser}. Error code: {response_data.get("errcode")}, Error message: {response_data.get("errmsg")}')
print(f'API Error - Code: {response_data.get("errcode")}, Msg: {response_data.get("errmsg")}')
# 也可以打印到控制台
logging.info('sendto:' + touser + ';;subject:' + subject + ';;message:' + message)
Terminal window
[root@Zabbix ~]# vim weixin.py
corpid='企业ID'
appsecret='应用密码'
agentid='1000002'
[root@zabbix:~]# yum -y install python2
# 安装python2-pip # 用来安装python依赖
[root@zabbix:~]# yum -y install python2-pip
# 安装运行python脚本的依赖
[root@zabbix:~]# pip2.7 install requests
=======================================
'上面的操作适合老版本'
# 在 Rocky Linux 10 中,Python 2 已被完全移除
[root@Zabbix ~]# python --version
Python 3.12.11
[root@Zabbix ~]# pip install requests
-bash: pip: command not found
'命令没有找到!还没有pip'
[root@Zabbix ~]# dnf install -y python3-pip
[root@Zabbix ~]# pip3 install requests

image-20260414085527711
image-20260414085527711

  • 需要上传到网站根目录
    • 然后 上面的链接 必须能够访问到才行

image-20260414085547053
image-20260414085547053

API Error - Code: 60020, Msg: not allow to access from your ip from ip: 115.26.4.225

  • 这正是企业微信官方错误码 60020 —— “不安全的访问 IP”

  • 企业微信出于安全考虑,默认禁止所有外部 IP 调用其 API

    • 除非您在后台显式配置了「可信 IP 白名单」
    • 就在👆上面这个页面配置 ✅️
Terminal window
[root@Zabbix ~]# python weixin.py "ShiHao" "下雨了" "回家"
# 然后需要先在命令行进行测试
三个参数:
- 发给谁
- 标题
- 内容
'如果配置是正确的 --> 企业微信应该是能收到信息的'

image-20260430215358135
image-20260430215358135

Terminal window
# 每成功发送一条消息!
# 日志都会进行记录下来!
[root@Zabbix ~]# cat /tmp/weixin.log
Thu, 30 Apr 2026 20:46:00, connectionpool.py, DEBUG, Starting new HTTPS connection (1): qyapi.weixin.qq.com:443
Thu, 30 Apr 2026 20:46:00, connectionpool.py, DEBUG, https://qyapi.weixin.qq.com:443 "GET /cgi-bin/gettoken?corpid=xxx HTTP/1.1" 200 277
Thu, 30 Apr 2026 20:46:00, connectionpool.py, DEBUG, Starting new HTTPS connection (1): qyapi.weixin.qq.com:443
Thu, 30 Apr 2026 20:46:01, connectionpool.py, DEBUG, https://qyapi.weixin.qq.com:443 "POST /cgi-bin/message/send?access_token=xxx HTTP/1.1" 200 145
Thu, 30 Apr 2026 20:46:01, weixin.py, INFO, Message sent successfully to ShiHao. Response: {'errcode': 0, 'errmsg': 'ok', 'msgid': 'xxx'}
Thu, 30 Apr 2026 20:46:01, weixin.py, INFO, sendto:ShiHao;;subject:快下雨了;;message:快下雨了
回家吧!
[root@Zabbix ~]# ll /tmp/weixin.log
-rw-r--r-- 1 root root 1213 Apr 14 08:51 /tmp/weixin.log
'它的属主为root'
# 我们后面zabbix运行的时候,是没有权限进行写入的
'在接入zabbix之前可以把属主改了'
[root@Zabbix ~]# chown zabbix:zabbix /tmp/weixin.log
[root@Zabbix ~]# ll /tmp/weixin.log
-rw-r--r-- 1 zabbix zabbix 1213 Apr 14 08:51 /tmp/weixin.log

集成zabbix页面#

Terminal window
[root@Zabbix ~]# mv weixin.py /usr/local/share/zabbix/alertscripts/
# 移动到zabbix的家目录,可以很轻松找到这个脚本
[root@Zabbix ~]# ll /usr/local/share/zabbix/alertscripts/
total 4
-rw-r--r-- 1 root root 1354 Apr 14 08:27 weixin.py
[root@Zabbix ~]# chmod +x /usr/local/share/zabbix/alertscripts/weixin.py
# 给这个脚本赋执行权限
# 即使是zabbix用户也可以也可以执行
[root@Zabbix ~]# ll /usr/local/share/zabbix/alertscripts/
total 4
-rwxr-xr-x 1 root root 1354 Apr 14 08:27 weixin.py
  • 管理 —> 媒介 —> 创建媒介

image-20260414093055711
image-20260414093055711

Terminal window
'对应着三个不同参数'
1)发给谁
{ALERT.SENDTO}
2)报警标题
{ALERT.SUBJECT}
3)报警内容
{ALERT.MESSAGE}

image-20260414093440806
image-20260414093440806

  • 上面有==消息模版==

image-20260414093716752
image-20260414093716752

image-20260414093831152
image-20260414093831152

  • ⚠️ 留意日志

image-20260501000008176
image-20260501000008176

自定义图形#

image-20260414100444594
image-20260414100444594

image-20260414100746955
image-20260414100746955

image-20260414101030606
image-20260414101030606


  • 一个图显示==多个监控项==

image-20260414103619923
image-20260414103619923

image-20260414103650248
image-20260414103650248


  • 仪表盘

image-20260414105533414
image-20260414105533414

image-20260414105612063
image-20260414105612063

image-20260414110026460
image-20260414110026460

image-20260414110229086
image-20260414110229086

image-20260414110631940
image-20260414110631940

image-20260414110730282
image-20260414110730282

自定义模版#

image-20260414111915399
image-20260414111915399

Terminal window
[root@Client nginx]# pwd
/etc/nginx
[root@Client nginx]# vim nginx.conf
'这个是默认dnf安装的'
'默认的页面在主配置文件中'
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
location /nginx_status {
stub_status;
}
.....
[root@Client nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@Client nginx]# systemctl restart nginx
# 浏览器访问
http://10.0.0.102/nginx_status

image-20260414113047356
image-20260414113047356

Terminal window
[root@Client nginx]# curl -s localhost/nginx_status
Active connections: 1
server accepts handled requests
2 2 2
Reading: 0 Writing: 1 Waiting: 0
'接下来就是用sed & awk把这些数值取出来'
[root@Client nginx]# curl -s localhost/nginx_status | awk 'NR==1{print $NF}'
'nginx_active'
[root@Client nginx]# curl -s localhost/nginx_status | awk 'NR==3{print $1}'
'nginx_accepts'
[root@Client nginx]# curl -s localhost/nginx_status | awk 'NR==3{print $2}'
'nginx_handled'
[root@Client nginx]# curl -s localhost/nginx_status | awk 'NR==3{print $3}'
'nginx_requests'
[root@Client nginx]# curl -s localhost/nginx_status | awk 'NR==4{print $2}'
'nginx_reading'
[root@Client nginx]# curl -s localhost/nginx_status | awk 'NR==4{print $4}'
'nginx_writing'
[root@Client nginx]# curl -s localhost/nginx_status | awk 'NR==4{print $6}'
'nginx_waiting'
=========================
[root@Client ~]# cd /etc/zabbix/zabbix_agentd.d/
[root@Client zabbix_agentd.d]# vim nginx.conf
Terminal window
UserParameter=nginx_active,curl -s localhost/nginx_status | awk 'NR==1{print $NF}'
UserParameter=nginx_accepts,curl -s localhost/nginx_status | awk 'NR==3{print $1}'
UserParameter=nginx_handled,curl -s localhost/nginx_status | awk 'NR==3{print $2}'
UserParameter=nginx_requests,curl -s localhost/nginx_status | awk 'NR==3{print $3}'
UserParameter=nginx_reading,curl -s localhost/nginx_status | awk 'NR==4{print $2}'
UserParameter=nginx_writing,curl -s localhost/nginx_status | awk 'NR==4{print $4}'
UserParameter=nginx_waiting,curl -s localhost/nginx_status | awk 'NR==4{print $6}'
Terminal window
[root@Client zabbix_agentd.d]# zabbix_agentd -p | tail -7
zabbix_agentd [9388]: Warning: EnableRemoteCommands parameter is deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
nginx_active [t|1]
nginx_accepts [t|17]
nginx_handled [t|18]
nginx_requests [t|18]
nginx_reading [t|0]
nginx_writing [t|1]
nginx_waiting [t|0]
'这里有一个警告信息'
  • EnableRemoteCommands=1
    • 是 Zabbix 旧版本(<6.0)中用于允许远程执行命令的参数
  • 从 Zabbix 6.0 开始,该参数被废弃(deprecated)
    • 改用更精细的 AllowKey / DenyKey 白名单/黑名单机制
Terminal window
[root@Client ~]# vim /etc/zabbix/zabbix_agentd.conf
# 注释或删除这行
# EnableRemoteCommands=1
AllowKey=system.run[*]
# 允许所有 system.run 命令(危险!仅限测试环境)
[root@Client ~]# systemctl restart zabbix-agent
'现在就没有警告信息了'
[root@Client ~]# zabbix_agentd -p | tail -7
nginx_active [t|1]
......'共7种状态'
nginx_waiting [t|0]
"服务端测试"
[root@Zabbix ~]# zabbix_get -s 192.168.88.102 -k nginx_accepts
34

image-20260414140222044
image-20260414140222044

image-20260414140602957
image-20260414140602957

image-20260414140800365
image-20260414140800365

  • 点进去后--->创建监控项

image-20260414141654490
image-20260414141654490

  • 还可以添加 80端口
    • 配合 触发器, 图形

image-20260414142648224
image-20260414142648224

image-20260414142815735
image-20260414142815735

image-20260414142910027
image-20260414142910027

image-20260414143026409
image-20260414143026409

扩展web#

Terminal window
[root@Client02 ~]# rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/9/x86_64/zabbix-release-latest-6.0.el9.noarch.rpm
[root@Client02 ~]# dnf -y install zabbix-agent
[root@Client02 ~]# egrep -i "^server=" /etc/zabbix/zabbix_agentd.conf
Server=192.168.88.99
[root@Client02 ~]# systemctl enable --now zabbix-agent
Created symlink '/etc/systemd/system/multi-user.target.wants/zabbix-agent.service' '/usr/lib/systemd/system/zabbix-agent.service'.
[root@Client02 ~]# visudo
zabbix ALL=(ALL) NOPASSWD: /usr/bin/systemctl
[root@Client02 ~]# su - zabbix -s /bin/bash
su: warning: cannot change directory to /var/lib/zabbix: No such file or directory
[zabbix@Client02 root]$ sudo systemctl restart sshd
[zabbix@Client02 root]$ exit
logout
[root@Client02 ~]# grep -i "^allowkey" /etc/zabbix/zabbix_agentd.conf
AllowKey=system.run[*]
[root@Client02 ~]# scp 192.168.88.102:/etc/zabbix/zabbix_agentd.d/nginx.conf /etc/zabbix/zabbix_agentd.d/
[root@Client02 ~]# cat /etc/zabbix/zabbix_agentd.d/nginx.conf
UserParameter=nginx_active,curl -s localhost/nginx_status | awk 'NR==1{print $NF}'
UserParameter=nginx_accepts,curl -s localhost/nginx_status | awk 'NR==3{print $1}'
........
[root@Client02 ~]# systemctl restart zabbix-agent
[root@Client02 ~]# dnf -y install nginx
[root@Client02 ~]# scp 192.168.88.102:/etc/nginx/nginx.conf /etc/nginx/
# 把主配置文件拷贝过来
[root@Client02 ~]# systemctl enable --now nginx
Created symlink '/etc/systemd/system/multi-user.target.wants/nginx.service' '/usr/lib/systemd/system/nginx.service'.
[root@Client02 ~]# curl localhost/nginx_status
Active connections: 1
server accepts handled requests
1 1 1
Reading: 0 Writing: 1 Waiting: 0
  • zabbix页面添加

image-20260414150411766
image-20260414150411766

case脚本取值#

Terminal window
[root@Client02 ~]# vim /etc/zabbix/zabbix_agentd.d/nginx.sh
#!/bin/sh
case $1 in
active)
curl -s 127.0.0.1/nginx_status | awk 'NR==1{print $NF}'
;;
accepts)
curl -s 127.0.0.1/nginx_status | awk 'NR==3{print $1}'
;;
handled)
curl -s 127.0.0.1/nginx_status | awk 'NR==3{print $2}'
;;
requests)
curl -s 127.0.0.1/nginx_status | awk 'NR==3{print $3}'
;;
reading)
curl -s 127.0.0.1/nginx_status | awk 'NR==4{print $2}'
;;
writing)
curl -s 127.0.0.1/nginx_status | awk 'NR==4{print $4}'
;;
waiting)
curl -s 127.0.0.1/nginx_status | awk 'NR==4{print $6}'
;;
*)
echo "Usage: $0 {active|accepts|handled|requests|reading|writing|waiting}"
exit 1
;;
esac
Terminal window
[root@Client02 ~]# cd /etc/zabbix/zabbix_agentd.d/
[root@Client02 zabbix_agentd.d]# chmod +x nginx.sh
[root@Client02 zabbix_agentd.d]# ll
total 8
-rw-r--r-- 1 root root 116 Apr 14 15:19 nginx.conf
-rwxr-xr-x 1 root root 752 Apr 14 15:16 nginx.sh
[root@Client02 zabbix_agentd.d]# sh nginx.sh
Usage: nginx.sh {active|accepts|handled|requests|reading|writing|waiting}
[root@Client02 zabbix_agentd.d]# vim nginx.conf
# 使用通配符 $1 来传递参数给脚本
UserParameter=nginx_status[*],/etc/zabbix/zabbix_agentd.d/nginx.sh $1
[root@Client02 zabbix_agentd.d]# zabbix_agentd -p | tail -1
nginx_status [t|Usage: /etc/zabbix/zabbix_agentd.d/nginx.sh {active|accepts|handled|requests|reading|writing|waiting}]
[root@Client02 zabbix_agentd.d]# systemctl restart zabbix-agent
'服务端测试'
[root@Zabbix ~]# zabbix_get -s 192.168.88.101 -k nginx_status[accepts]
923
✅️UserParameter=nginx_status[*]⭐Key值

image-20260414153025484
image-20260414153025484

  • 全部都更改过来

image-20260414153450523
image-20260414153450523

文章分享

如果这篇文章对你有帮助,欢迎分享给更多人!

Zabbix联合报警
https://www.kpyun.fun/posts/web/zabbix/zabbix02/
作者
久棹
发布于
2026-01-16
许可协议
CC BY-NC-SA 4.0
Profile Image of the Author
久棹
只要胆子大,天天寒暑假!
公告
欢迎来到久棹的技术小站!本站专注 Linux 运维学习笔记分享,如有问题欢迎交流探讨 🎉
分类
标签
站点统计
文章
98
分类
11
标签
203
总字数
244,453
运行时长
0
最后活动
0 天前
站点信息
构建平台
Local
博客版本
Firefly v6.13.5
文章许可
CC BY-NC-SA 4.0

文章目录