wazuh监控部署脚本

<h1>获取数据</h1> <pre><code class="language-bash">vim wazuh_cpu_mem.sh #!/bin/bash cpu=`cat /proc/cpuinfo | grep -w processor | wc -l` agent_pid=`ps -ef | grep wazuh-agentd | grep -v grep | awk '{print $2}'` agent_cpu=`top -b -n 1 | awk '{if($1=='$agent_pid') print $9}'` agent_mem=`top -b -n 1 | awk '{if($1=='$agent_pid') print $10}'` execd_cpu=`top -b -n 1 | grep -w wazuh-execd | awk '{print $9}'` execd_mem=`top -b -n 1 | grep -w wazuh-execd | awk '{print $10}'` syscheckd_pid=`ps -ef | grep wazuh-syscheckd | grep -v grep | awk '{print $2}'` syscheckd_cpu=`top -b -n 1 | awk '{if($1=='$syscheckd_pid') print $9}'` syscheckd_mem=`top -b -n 1 | awk '{if($1=='$syscheckd_pid') print $10}'` logcollector_pid=`ps -ef | grep wazuh-logcollector | grep -v grep | awk '{print $2}'` logcollector_cpu=`top -b -n 1 | awk '{if($1=='$logcollector_pid') print $9}'` logcollector_mem=`top -b -n 1 | awk '{if($1=='$logcollector_pid') print $10}'` modulesd_pid=`ps -ef | grep wazuh-modulesd | grep -v grep | awk '{print $2}'` modulesd_cpu=`top -b -n 1 | awk '{if($1=='$modulesd_pid') print $9}'` modulesd_mem=`top -b -n 1 | awk '{if($1=='$modulesd_pid') print $10}'` n1=$(echo "scale=1;$agent_cpu / $cpu" | bc) n2=$(echo "scale=1;$execd_cpu / $cpu" | bc) n3=$(echo "scale=1;$syscheckd_cpu / $cpu" | bc) n4=$(echo "scale=1;$logcollector_cpu / $cpu" | bc) n5=$(echo "scale=1;$modulesd_cpu / $cpu" | bc) echo "#TYPE wazuh_agent_cpu_use gauge" #echo "wazuh_agent_cpu_use " `echo | awk "{print $agent_cpu / $cpu}"` echo "wazuh_agent_cpu_use ${n1}" echo "#TYPE wazuh_agent_mem_use gauge" echo "wazuh_agent_mem_use ${agent_mem}" # echo "#TYPE wazuh_execd_cpu_use gauge" #echo "wazuh_execd_cpu_use " `echo | awk "{print $execd_cpu / $cpu}"` echo "wazuh_execd_cpu_use ${n2}" echo "#TYPE wazuh_execd_mem_use gauge" echo "wazuh_execd_mem_use ${execd_mem}" echo "#TYPE wazuh_syscheckd_cpu_use gauge" #echo "wazuh_syscheckd_cpu_use " `echo | awk "{print $syscheckd_cpu / $cpu}"` echo "wazuh_syscheckd_cpu_use ${n3}" echo "#TYPE wazuh_syscheckd_mem_use gauge" echo "wazuh_syscheckd_mem_use ${syscheckd_mem}" echo "#TYPE wazuh_logcollector_cpu_use gauge" #echo "wazuh_logcollector_cpu_use " `echo | awk "{print $logcollector_cpu / $cpu}"` echo "wazuh_logcollector_cpu_use ${n4}" echo "#TYPE wazuh_logcollector_mem_use gauge" echo "wazuh_logcollector_mem_use ${logcollector_mem}" # echo "#TYPE wazuh_modulesd_cpu_use gauge" #echo "wazuh_modulesd_cpu_use " `echo | awk "{print $modulesd_cpu / $cpu}"` echo "wazuh_modulesd_cpu_use ${n5}" echo "#TYPE wazuh_modulesd_mem_use gauge" echo "wazuh_modulesd_mem_use ${modulesd_mem}"</code></pre> <h1>存放数据</h1> <pre><code class="language-bash">bash wazuh_cpu_mem.sh > wazuh.txt</code></pre> <h1>计划任务</h1> <pre><code class="language-bash">crontal -e */1 * * * * bash /home/shiyue/wazuh_monitor/wazuh_cpu_mem.sh > /home/shiyue/wazuh_monitor/wazuh.txt */2 * * * * curl -XPOST --data-binary @/home/shiyue/wazuh_monitor/wazuh.txt http://180.184.138.201:9091/metrics/job/wazuh/instance/42.192.10.73(当前主机公网)</code></pre> <h1>远程部署wazuh监控环境</h1> <h2>1.ansible-playbook</h2> <pre><code class="language-bash">--- - name: wazuh hosts: all remote_user: root tasks: - name: create wazuh directory file: path: /home/shiyue/wazuh_monitor state: directory - name: copy script copy: src: /root/pro_script/wazuh/wazuh_cpu_mem.sh dest: /home/shiyue/wazuh_monitor/ - name: crontab cron: name: "get data" minute: "*/1" state: present job: "bash /home/shiyue/wazuh_monitor/wazuh_cpu_mem.sh > /home/shiyue/wazuh_monitor/wazuh.txt" - name: crontab 2 cron: name: "push data" minute: "*/2" state: present job: "curl -XPOST --data-binary @/home/shiyue/wazuh_monitor/wazuh.txt http://180.184.138.201:9091/metrics/job/wazuh/instance/{{ public_network }}"</code></pre> <h2>2.执行脚本</h2> <pre><code class="language-bash">ansible-playbook -i 42.192.10.73:2020, -e "public_network=42.192.10.73" -e "ansible_ssh_user=shiyue" wazuh.yaml</code></pre> <h1>服务端需要放行客户端ip的9091端口，客户端也要</h1>

系统运维

wazuh监控部署脚本

页面列表