Featured image of post Python获取zabbix问题触发器
Python学习

Python获取zabbix问题触发器

背景:阿里云的服务器因为阿里云升级插件,导致安全防护程序重启,产生不同的端口。导致低自动发现注册的端口大量报警。解决:杀掉关于因为非业务变更的端口检测的触发器。相关文档:监控之主机端口监控自动发现监控。。。。。。。

背景:阿里云的ECS服务器因为阿里云升级插件,导致安全防护程序重启,产生不同的端口。导致低自动发现注册的端口 大量报警。

解决:杀掉关于因为非业务 变更的端口检测的触发器。

相关文档:

Zabbix监控之主机端口监控自动发现

zabbix监控端口原理

一个个去添加listen监控tcp的话不现实啊,还是也搞自动发现吧

分割下来也是2步啊

第一步脚本丢zabbix-agent下产生自定义键值

第二步不就是zabbix-server添加自动发现绑定这个键值咯

 

什么是安骑士Agent插件?

Agent 插件_云安全中心(安骑士)-阿里云帮助中心

解决思路

1、根据zabbix的api 获取的token

2、根据token获取到问题主机的触发器id

3、根据触发器id 删除相关的触发器,

4、消停大面积的告警

zabbix相关的API文档 可以查询官方文档或者博客

https://www.cnblogs.com/rxysg/p/15700912.html 

Python调用Zabbix API接口批量修改(禁用/启用)触发器trigger_啥是比亚的技术博客_51CTO博客

1、获取zabbix的token 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

# -*- coding: utf-8 -*-
# @Time    : 2023/2/17 16:45
# @Author  : 南宫乘风
# @File    : zabbix_trigger.py
# @Software: PyCharm
import json
import os
import requests

url = "http://ip/zabbix/api_jsonrpc.php"  # 此处域名修改为相应的地址
headers = {
    'Content-Type': 'application/json-rpc'
}

tokens = '97553b7342457602a0a6452f0058c0ed'


def token_get():  # 根据账号密码获取token
    data = {
        "jsonrpc": "2.0",
        "method": "user.login",
        "params": {
            "user": "Admin",  # zabbix管理员用户名
            "password": "密码"  # 账户密码
        },
        "auth": None,
        "id": 1
    }
    json_data = json.dumps(data)
    req = requests.post(url, data=json_data, headers=headers)
    js_req = req.json()
    print(js_req['result'])
    return js_req['result']

2、获取zabbix有问题主机触发器的id

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55


def hosts_get(token):  # 获取有问题主机的触发器id
    # data = {
    #     "jsonrpc": "2.0",
    #     "method": "host.get",
    #     "params": {
    #         "output": ["hostid", "name"],
    #         "filter": {
    #             # 筛选条件
    #             "value": 1,  # value值为1表示有问题
    #             "status": 0  # status为0表示已启用的trigger
    #         },
    #     },
    #
    #     "auth": token,
    #     "id": 1
    # }
    data = {
        "jsonrpc": "2.0",
        "method": "trigger.get",
        "params": {
            # output表示输出结果包含参数有哪些
            "output": [
                "triggerid",
                "description",
                "status",
                "value",
                "priority",
                "lastchange",
                "recovery_mode",
                "hosts",
                "state",
            ],
            "selectHosts": "hosts",  # 需包含主机ID信息,以便于根据主机ID查询主机信息
            "selectItems": "items",
            "filter": {
                # 筛选条件
                "value": 1,  # value值为1表示有问题
                "status": 0  # status为0表示已启用的trigger
            },
        },
        "auth": token,  # 这里的auth就是登录后获取的
        'id': '1'  # 这个id可以随意
    }
    json_data = json.dumps(data)
    req = requests.post(url, data=json_data, headers=headers)
    js_req = req.json()
    print(len(js_req['result']), js_req['result'])
    id_list = []
#判断 有问题的地自动发现的端口
    for item in js_req['result']:
        if 'PROCESS' in item['description']:
            id_list.append(item['triggerid'])
    print(len(id_list), id_list)
    return js_req['result']

3、删除触发器的ID

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

def del_trigger(id):
    id_one = []
    ids = id_one.append(str(id))

    values = {

        "jsonrpc": "2.0",

        "method": "trigger.delete",

        "params": id_one,  # 触发器id

        "auth": tokens,

        "id": 1

    }
    json_data = json.dumps(values)
    req = requests.post(url, data=json_data, headers=headers)
    js_req = req.json()
    print(js_req)
    # return js_req['result']

完正代码

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

# -*- coding: utf-8 -*-
# @Time    : 2023/2/17 16:45
# @Author  : 南宫乘风
# @Email   : 1794748404@qq.com
# @File    : zabbix_trigger.py
# @Software: PyCharm
import json
import os
import requests

url = "http://ip/zabbix/api_jsonrpc.php"  # 此处域名修改为相应的地址
headers = {
    'Content-Type': 'application/json-rpc'
}

tokens = '97553b7342457602a0a6452f0058c0ed'


def token_get():  # 根据账号密码获取token
    data = {
        "jsonrpc": "2.0",
        "method": "user.login",
        "params": {
            "user": "Admin",  # zabbix管理员用户名
            "password": "密码"  # 账户密码
        },
        "auth": None,
        "id": 1
    }
    json_data = json.dumps(data)
    req = requests.post(url, data=json_data, headers=headers)
    js_req = req.json()
    print(js_req['result'])
    return js_req['result']


def hosts_get(token):  # 获取所有主机信息
    # data = {
    #     "jsonrpc": "2.0",
    #     "method": "host.get",
    #     "params": {
    #         "output": ["hostid", "name"],
    #         "filter": {
    #             # 筛选条件
    #             "value": 1,  # value值为1表示有问题
    #             "status": 0  # status为0表示已启用的trigger
    #         },
    #     },
    #
    #     "auth": token,
    #     "id": 1
    # }
    data = {
        "jsonrpc": "2.0",
        "method": "trigger.get",
        "params": {
            # output表示输出结果包含参数有哪些
            "output": [
                "triggerid",
                "description",
                "status",
                "value",
                "priority",
                "lastchange",
                "recovery_mode",
                "hosts",
                "state",
            ],
            "selectHosts": "hosts",  # 需包含主机ID信息,以便于根据主机ID查询主机信息
            "selectItems": "items",
            "filter": {
                # 筛选条件
                "value": 1,  # value值为1表示有问题
                "status": 0  # status为0表示已启用的trigger
            },
        },
        "auth": token,  # 这里的auth就是登录后获取的
        'id': '1'  # 这个id可以随意
    }
    json_data = json.dumps(data)
    req = requests.post(url, data=json_data, headers=headers)
    js_req = req.json()
    print(len(js_req['result']), js_req['result'])
    id_list = []
    for item in js_req['result']:
        if 'PROCESS' in item['description']:
            id_list.append(item['triggerid'])
    print(len(id_list), id_list)
    return js_req['result']

#这边我做了个调试,如果想直接一次运行成功,建议自己改动 启动是的代码

id_lists = ['21284', '21244', '21249', '21275', '21264', '21278', '21262', '21263', '21266', '21270', '21272', '21276',
            '21277', '21279', '21267', '21269', '21254', '21282', '21287', '21268', '21273', '21274', '21285', '21289',
            '21283', '21286', '21290', '21251', '21250', '21243']


def del_trigger(id):
    id_one = []
    ids = id_one.append(str(id))

    values = {

        "jsonrpc": "2.0",

        "method": "trigger.delete",

        "params": id_one,  # 触发器id

        "auth": tokens,

        "id": 1

    }
    json_data = json.dumps(values)
    req = requests.post(url, data=json_data, headers=headers)
    js_req = req.json()
    print(js_req)
    # return js_req['result']


for i in id_lists:
    del_trigger(i)