ELK Lesson 23：使用Heartbeat監控Server、Web與Socket

ELK用於基礎架構監控與維運 / 2021-07-26 / Jovepater

監控方式

Heartbeat提供的監控方式有三種，分別為ICMP、HTTP、Socket，其又對應主機、網頁/Restful API與網路服務。接下來，分別說明如何設定監控，並在最後展示Kibana上的畫面。

以ICMP模組監控主機

ICMP通訊協定就是所謂的Ping，Heartbeat使用Ping的方式確認目標主機是否會正常回應，若收不到回應，則表示主機不正常。

在/etc/heartbeat/monitors.d資料夾中新增一個設定檔host.yml。

# These files contain a list of monitor configurations identical
# to the heartbeat.monitors section in heartbeat.yml
# The .example extension on this file must be removed for it to
# be loaded.

- type: icmp # monitor type `icmp` (requires root) uses ICMP Echo Request to ping
  # ID used to uniquely identify this monitor in elasticsearch even if the config changes
  id: my-icmp-monitor

  # Human readable display name for this service in Uptime UI and elsewhere
  name: My ICMP Monitor

  # Name of corresponding APM service, if Elastic APM is in use for the monitored service.
  #service_name: my-apm-service-name

  # Enable/Disable monitor
  enabled: true

  # Configure task schedule using cron-like syntax
  schedule: '@every 10s' # every 5 seconds from start of beat
  #設定每10秒ping一次目標主機

  # List of hosts to ping
  hosts: ["lab-elk-2.example.com"]
  #指定監控的目標主機

  # Configure IP protocol types to ping on if hostnames are configured.
  # Ping all resolvable IPs if `mode` is `all`, or only one IP if `mode` is `any`.
  ipv4: true
  #ipv6: true
  mode: any

  # Total running time per ping test.
  timeout: 16s

  # Waiting duration until another ICMP Echo Request is emitted.
  wait: 1s

更詳細的設定參數請參考【官方網站】。

以HTTP模組監控網頁

藉由Heartbeat的HTTP模組模擬人類瀏覽Web的方式，並且將預期的結果設定好，Heartbeat就會自動呼叫Web，並藉由判斷Response來確定Web是不是正常運作。

在/etc/heartbeat/monitors.d資料夾中新增一個設定檔web.yml。

# These files contain a list of monitor configurations identical
# to the heartbeat.monitors section in heartbeat.yml
# The .example extension on this file must be removed for it to
# be loaded.

- type: http # monitor type `http`. Connect via HTTP an optionally verify response
  # ID used to uniquely identify this monitor in elasticsearch even if the config changes
  id: my-http-monitor

  # Human readable display name for this service in Uptime UI and elsewhere
  name: My HTTP Monitor

  # Enable/Disable monitor
  enabled: true

  # Configure task schedule
  schedule: '@every 30s' # every 5 seconds from start of beat
  #可以指定heartbeat多久來確認一次服務

  # Configure URLs to ping
  hosts: ["http://192.168.50.101:5601/login?next=%2F"]
  #要被監控的網址

  # Configure IP protocol types to ping on if hostnames are configured.
  # Ping all resolvable IPs if `mode` is `all`, or only one IP if `mode` is `any`.
  ipv4: true
  #aipv6: true
  mode: any

  # Expected response settings
  check.response:
    # Expected status code. If not configured or set to 0 any status code not
    # being 404 is accepted.
    status: 200
    #預期應該收到的HTTP狀態碼，若不同，則表示服務故障

以上設定就可以監控一個標準的Web了，若需要驗證、Request Data或其他更進階的操作，可以參考【官方網站】。

基本上監控Web網頁與監控Web Service、Restful API是一樣的方式，只是在Request Body或Request method不同而已。

以Socket監控網路服務

Heartbeat以Socket的方式去測試TCP或UDP的伺服器是否有正常在接聽，以此判斷服務是否正常運作。

在/etc/heartbeat/monitors.d資料夾中新增一個設定檔tcp.yml。

# These files contain a list of monitor configurations identical
# to the heartbeat.monitors section in heartbeat.yml
# The .example extension on this file must be removed for it to
# be loaded.

- type: tcp # monitor type `tcp`. Connect via TCP and optionally verify endpoint
  # by sending/receiving a custom payload

  # ID used to uniquely identify this monitor in elasticsearch even if the config changes
  id: my-tcp-monitor

  # Human readable display name for this service in Uptime UI and elsewhere
  name: My TCP monitor

  # Name of corresponding APM service, if Elastic APM is in use for the monitored service.
  #service_name: my-apm-service-name

  # Enable/Disable monitor
  enabled: true

  # Configure task schedule
  schedule: '@every 10s' # every 5 seconds from start of beat
  #每10秒確認一次

  #     system defaults will be used (not supported on windows).
  #     If `port` is missing in url, the ports setting is required.
  hosts: ["lab-elk-1.example.com"]
  #指定服務主機

  # Configure IP protocol types to ping on if hostnames are configured.
  # Ping all resolvable IPs if `mode` is `all`, or only one IP if `mode` is `any`.
  ipv4: true
  #ipv6: true
  mode: any

  # List of ports to ping if host does not contain a port number
  ports: [9200]
  #指定服務的Port

更詳細的設定參數請參考【官方網站】。

使用Kibana來觀察服務的UP or Down

Heartbeat的監控資料寫入Elasticsearch後，我們可以從Kibana中的Uptime頁籤觀看視覺化的數據，如下圖：

在此畫面，我們可以很輕易的看到有多少被監控的目標，並且判斷他們是否正常運作，很重要的是，HTTP與TCP兩個模組還能另外監控SSL憑證是否到期的資訊，更方便在服務故障時做判斷。

~ END ~

---

< ELK Lesson 22：Heartbeat基本安裝

ELK Lesson 24：安裝ElastAlert >

ELK, Heartbeat, Monitoring, Uptime