zabbix監控Nginx訪問日誌中的狀態碼
一、介紹:
由於生產環境中Nginx訪問日誌很多,我們需要隨時監控Nginx伺服器返回的狀態碼,方便我們能及時定位相關問題。
以下是按照分鐘對資料進行抓取
二、Zabbix_Agentd建立監控指令碼
1) 建立指令碼之前核對Nginx的日誌格式;
我這裡Nginx日誌格式如下,使用 "" 分割日誌引數。
log_format main ' $http_x_forwarded_for" "$remote_user" "[$time_local]" "$request"' ' "$status" "$body_bytes_sent" "$http_referer"' ' "$http_user_agent" "$remote_addr" "$gzip_ratio"' ' "$upstream_addr" "$request_time" "$upstream_response_time" "$http_host"'; access_log logs/access.log main;
輸出日誌格式如下:
root@mycentos scripts]# cat /var/log/nginx/access.log | tail -n10
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "43.243.94.205" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "43.243.94.205" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "43.243.94.205" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:41 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "43.243.94.205" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:42 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "43.243.94.205" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:42 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "43.243.94.205" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:42 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "43.243.94.205" "-" "-" "0.000" "-" "159.138.9.157"
"-" "-" "[18/Jul/2020:11:45:42 +0800]" "GET / HTTP/1.1" "200" "540" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 OPR/69.0.3686.57" "43.243.94.205" "-" "-" "0.000" "-" "159.138.9.157"
2) 建立日誌監控指令碼:
vim /usr/local/zabbix/scripts/ngx_logs.sh
#!/usr/bin/env bash # ----------------------------------- # Script name : nginx logs status code monitor # Author : xiaoyige # Contact me : [email protected] # Last Modified : Jun, 18th, 2020 # ----------------------------------- [ ! -d /tmp/nginx ] && mkdir /tmp/nginx LOG_PATH=/var/log/nginx/access.log #Nginx日誌路徑,根據自己Nginx日誌路徑進行修改 LOG_TEMP=/tmp/nginx/nginx_last_min.log #Nginx上一分鐘檔案 LOG_STAT=/tmp/nginx/nginx_stat.txt #Nginx狀態碼檔案 LAST_MIN=`date -d "1 minute ago" +%Y:%H:%M` #獲取上一分鐘值 tail -1000 ${LOG_PATH} | grep "${LAST_MIN}" > ${LOG_TEMP} #tail 1000行資料然後進行過濾上一分鐘,如果請求量較大則加大行數,過濾後將資料重定向到上一分鐘檔案中 cat ${LOG_TEMP} | awk -F '" "' '{print $5}' | sort | uniq -c | sort -rn > ${LOG_STAT} #過濾上一分鐘檔案的狀態碼並對狀態碼進行排序去重然後顯示狀態碼次數 # 備註 awk -F '" "' '{print $5}' 需要根據自己日誌輸出情況具體分析, #200 Code #過濾臨時檔案中狀態碼等於200的值然後列印其次數後賦值給c_200,然後重定向到/tmp/nginx/nginx_200.txt,如果其值為空,則賦值為0後重定向到/tmp/nginx/nginx_200.txt c_200=`cat ${LOG_STAT} | awk '$2==200{print $1}'`;[ -z ${c_200} ] && c_200=0;echo ${c_200} > /tmp/nginx/nginx_200.txt c_202=`cat ${LOG_STAT} | awk '$2==202{print $1}'`;[ -z ${c_202} ] && c_202=0;echo ${c_202} > /tmp/nginx/nginx_202.txt #300 Code c_301=`cat ${LOG_STAT} | awk '$2==301{print $1}'`;[ -z ${c_301} ] && c_301=0;echo ${c_301} > /tmp/nginx/nginx_301.txt c_302=`cat ${LOG_STAT} | awk '$2==302{print $1}'`;[ -z ${c_302} ] && c_302=0;echo ${c_302} > /tmp/nginx/nginx_302.txt c_304=`cat ${LOG_STAT} | awk '$2==304{print $1}'`;[ -z ${c_304} ] && c_304=0;echo ${c_304} > /tmp/nginx/nginx_304.txt #400 Code c_400=`cat ${LOG_STAT} | awk '$2==400{print $1}'`;[ -z ${c_400} ] && c_400=0;echo ${c_400} > /tmp/nginx/nginx_400.txt c_403=`cat ${LOG_STAT} | awk '$2==403{print $1}'`;[ -z ${c_403} ] && c_403=0;echo ${c_403} > /tmp/nginx/nginx_403.txt c_404=`cat ${LOG_STAT} | awk '$2==404{print $1}'`;[ -z ${c_404} ] && c_404=0;echo ${c_404} > /tmp/nginx/nginx_404.txt c_405=`cat ${LOG_STAT} | awk '$2==405{print $1}'`;[ -z ${c_405} ] && c_405=0;echo ${c_405} > /tmp/nginx/nginx_405.txt #500 Code c_502=`cat ${LOG_STAT} | awk '$2==502{print $1}'`;[ -z ${c_502} ] && c_502=0;echo ${c_502} > /tmp/nginx/nginx_502.txt c_503=`cat ${LOG_STAT} | awk '$2==503{print $1}'`;[ -z ${c_503} ] && c_503=0;echo ${c_503} > /tmp/nginx/nginx_503.txt c_504=`cat ${LOG_STAT} | awk '$2==504{print $1}'`;[ -z ${c_504} ] && c_504=0;echo ${c_504} > /tmp/nginx/nginx_504.txt #以下來定義函式方便 UserParameter 呼叫 function c_200 { cat /tmp/nginx/nginx_200.txt } function c_202 { cat /tmp/nginx/nginx_202.txt } function c_301 { cat /tmp/nginx/nginx_301.txt } function c_302 { cat /tmp/nginx/nginx_302.txt } function c_304 { cat /tmp/nginx/nginx_304.txt } function c_400 { cat /tmp/nginx/nginx_400.txt } function c_403 { cat /tmp/nginx/nginx_403.txt } function c_404 { cat /tmp/nginx/nginx_404.txt } function c_405 { cat /tmp/nginx/nginx_405.txt } function c_502 { cat /tmp/nginx/nginx_502.txt } function c_503 { cat /tmp/nginx/nginx_503.txt } function c_504 { cat /tmp/nginx/nginx_504.txt } $1
3) 修改許可權屬性
如果你的zabbix使用zabbix使用者進啟動的按照下面進行修改許可權 chown -Rf zabbix.zabbix /usr/local/zabbix/scripts/ngx_logs.sh chmod u+x /usr/local/zabbix/scripts/ngx_logs.sh 如果zabbix是使用root使用者建立的 chmod +x /usr/local/zabbix/scripts/ngx_logs.sh
建立Nginx日誌鍵值
vim /etc/zabbix/zabbix_agentd.d/userparameter_ngx_logs.conf UserParameter=ngx.logs[*],/usr/local/zabbix/scripts/ngx_logs.sh $1
重啟zabbix-agent
systemctl resart zabbix-agent
4)測試資料獲取
1.本地測試資料獲取
/usr/local/zabbix/scripts/ngx_logs.sh c_200 28 /usr/local/zabbix/scripts/ngx_logs.sh c_202 0 /usr/local/zabbix/scripts/ngx_logs.sh c_301 0 /usr/local/zabbix/scripts/ngx_logs.sh c_302 2 /usr/local/zabbix/scripts/ngx_logs.sh c_304 14 /usr/local/zabbix/scripts/ngx_logs.sh c_400 0 /usr/local/zabbix/scripts/ngx_logs.sh c_403 1 /usr/local/zabbix/scripts/ngx_logs.sh c_404 0 /usr/local/zabbix/scripts/ngx_logs.sh c_405 0 /usr/local/zabbix/scripts/ngx_logs.sh c_502 0 /usr/local/zabbix/scripts/ngx_logs.sh c_503 0 /usr/local/zabbix/scripts/ngx_logs.sh c_504 0
三、Zabbix_Web建立模板及監控項
1)建立模板
主頁點選配置 ------> 模板------>建立模板
2)建立應用集
3)建立監控項
進入模板後------->監控項-------->建立監控項
建立好後如下:
4)建立觸發器
對程序監控新增觸發器,觸發器——》建立觸發器
填入觸發器名稱,此名稱是告警出的資訊——》選擇嚴重性——》新增表示式——》我這裡是使用了last
函式最新的值如果大於15則觸發告警,恢復表示式為last
函式最新的至小於15則恢復告警。
建立好後如下:
5)建立圖形
把Nginx日誌監控項放在圖形中
6)主機巢狀模板
配置——>主機——>進入需要監控Nginx效能的主機——>模板——>新增模板——>選中我們建立的模板
7)檢視資料
監測——》最新資料——》選中節點——》選中應用集
通過圖形檢視資料: