zabbix3.4實現對tcp連接數及狀態的監控

一、獲取TCP連接數相關方法
方法一：
[root@host-47-98-97-124 scripts]# netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}'
LISTEN 6
ESTABLISHED 64
TIME_WAIT 100

方法二：
[root@host-47-98-97-124 scripts]# ss -ant | awk 'NR>1 {a[$1]++} END {for (b in a) print b,a[b]}'
LISTEN 6
ESTAB 64
TIME-WAIT 100

netstat是遍歷/proc下面每個PID目錄，ss直接讀/proc/net下面的統計信息。所以ss執行的時候消耗資源以及消耗的時間都比netstat少很多。

二、TCP狀態信息描述
ESTABLISHED socket已經建立連接
CLOSED socket沒有被使用，無連接
CLOSING 服務器端和客戶端都同時關閉連接
CLOSE_WAIT 等待關閉連接
TIME_WAIT 表示收到了對方的FIN報文，併發送出了ACK報文，等待2MSL後就可回到CLOSED狀態
LAST_ACK 遠端關閉，當前socket被動關閉後發送FIN報文，等待對方ACK報文
LISTEN 監聽狀態
SYN_RECV 接收到SYN報文
SYN_SENT 已經發送SYN報文
FIN_WAIT1 The socket is closed, and the connection is shutting down
FIN_WAIT2 Connection is closed, and the socket is waiting for a shutdown from the remote end.

編寫tcp狀態監控腳本

#!/bin/bash

if [ $# -ne 1 ];then
echo "Follow the script name with an argument "
fi

case $1 in

established)   #socket已經建立連接 
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | grep -w ESTABLISHED | cut -d " "  -f 2`
    echo $result
    ;;

listen)        #監聽狀態  
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | grep -w LISTEN | cut -d " "  -f 2`
    echo $result
    ;;

timewait)     #表示收到了對方的FIN報文，併發送出了ACK報文，等待2MSL後就可回到CLOSED狀態 
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | grep -w TIME_WAIT | cut -d " "  -f 2`
    echo $result
    ;;

closed)
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | awk '/CLOSED/{print $2}'`
    echo $result
    ;;

closewait)
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | awk '/CLOSE_WAIT/{print $2}'`
    if [ "$result" == "" ];then
           echo 0
    else
       echo $result
    fi
    ;;

closing)
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | awk '/CLOSING/{print $2}'`
    echo $result
    ;;

finwait1)
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | awk '/FIN_WAIT1/{print $2}'`
    echo $result
    ;;

finwait2)
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | awk '/FIN_WAIT2/{print $2}'`
    echo $result
    ;;

lastack)
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | awk '/LAST_ACK /{print $2}'`
    echo $result
    ;;

synrecv)
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | awk '/SYN_RECV/{print $2}'`
    echo $result
    ;;

synsent)
    result=`netstat -an | awk '/^tcp/ {a[$NF]++} END {for (b in a) print b,a[b]}' | awk '/SYN_SENT/{print $2}'`
    echo $result
    ;;  

    *)
      echo -e "\e[033mUsage: sh  $0 [closed|closing|closewait|synrecv|synsent|finwait1|finwait2|listen|established|lastack|timewait]\e[0m"

esac

#!/bin/bash

if [ $# -ne 1 ];then
echo "Follow the script name with an argument "
fi

case $1 in

LISTEN)
    result=`ss -ant | awk 'NR>1 {a[$1]++} END {for (b in a) print b,a[b]}' | awk '/LISTEN/{print $2}'`
    if [ "$result" == "" ];then
           echo 0
    else
       echo $result
    fi
    ;;

ESTAB)
    result=`ss -ant | awk 'NR>1 {a[$1]++} END {for (b in a) print b,a[b]}' | awk '/ESTAB/{print $2}'`
    if [ "$result" == "" ];then
           echo 0
    else
       echo $result
    fi
    ;;

CLOSE-WAIT)
    result=`ss -ant | awk 'NR>1 {a[$1]++} END {for (b in a) print b,a[b]}' | awk '/CLOSE-WAIT/{print $2}'`
    if [ "$result" == "" ];then
           echo 0
    else
       echo $result
    fi
    ;;

TIME-WAIT)
    result=`ss -ant | awk 'NR>1 {a[$1]++} END {for (b in a) print b,a[b]}' | awk '/TIME-WAIT/{print $2}'`
    if [ "$result" == "" ];then
           echo 0
    else
       echo $result
    fi
    ;;

esac