Categorygithub.com/rilyu/windows-agent
modulepackage
1.0.4
Repository: https://github.com/rilyu/windows-agent.git
Documentation: pkg.go.dev

# README

falcon-windows-agent

open-falcon 的 windows-agent, go 语言编写, 开箱即用 支持端口监控 支持进程监控 支持注册为 windows 服务后台运行 内置 IIs 监控 和 MsSQL(SqlServer) 监控。

上报字段

Windows Metrics

CountersTypeTagNotes
agent.aliveGAUGE/ailve
cpu.idleGAUGE/cpu idle
cpu.busyGAUGE/cpu busy
cpu.userGAUGE/cpu user
cpu.systemGAUGE/cpu system
mem.memtotalGAUGE/mem total
mem.memusedGAUGE/mem used
mem.memfreeGAUGE/mem free
mem.memfree.percentGAUGE/memfree percent
mem.memused.percentGAUGE/memused percent
df.bytes.totalGAUGEmounts=Mountpoint,fstype=fstypedevice bytes total
df.bytes.freeGAUGEmounts=Mountpoint,fstype=fstypedevice bytes free
df.bytes.totalGAUGEmounts=Mountpoint,fstype=fstypedevice bytes total
df.bytes.used.percentGAUGEmounts=Mountpoint,fstype=fstypedevice used percent
df.bytes.free.percentGAUGEmounts=Mountpoint,fstype=fstypedevice free percent
df.statistics.totalGAUGEmounts=Mountpoint,fstype=fstypedevice statistics total
df.statistics.usedGAUGEmounts=Mountpoint,fstype=fstypedevice statistics used
df.statistics.used.percentGAUGEmounts=Mountpoint,fstype=fstypedevice statistics used percent
disk.io.msec_readCOUNTERdevice=devicedisk io msec read
disk.io.msec_writeCOUNTERdevice=devicedisk io msec write
disk.io.read_bytesCOUNTERdevice=devicedisk io read bytes
disk.io.write bytesCOUNTERdevice=devicedisk io write bytes
disk.io.read_requestsCOUNTERdevice=devicedisk io read requests
disk.io.write requestsCOUNTERdevice=devicedisk io write requests
disk.io.utilCOUNTERdevice=devicedisk io util
net.if.in.bytesCOUNTERiface=ifnamenet if bytes recv
net.if.in.packetsCOUNTERiface=ifnamenet if packets recv
net.if.in.errorsCOUNTERiface=ifnamenet if errors recv
net.if.in.droppedCOUNTERiface=ifnamenet if dropped recv
net.if.out.bytesCOUNTERiface=ifnamenet if bytes sent
net.if.out.packetsCOUNTERiface=ifnamenet if packets sent
net.if.out.errorsCOUNTERiface=ifnamenet if errors sent
net.if.out.droppedCOUNTERiface=ifnamenet if dropped sent
tcpip.confailuresCOUNTER/tcp connect failure
tcpip.conactiveCOUNTER/tcp connect active
tcpip.conpassiveCOUNTER/tcp connect passive
tcpip.conestablishedGAUGE/tcp connect established
tcpip.conresetCOUNTER/tcp connect reset
net.port.listenGAUGEport=portport alive
proc.numGAUGEcmdline=cmdline,name=nameproc number

IIs Metrics

CountersTypeTagNotes
iis.bytes.receivedCOUNTERsite=siteBytes Received/sec
iis.bytes.sentCOUNTERsite=siteTotal Bytes Sent/sec
iis.requests.cgiCOUNTERsite=siteCGI Requests/sec
iis.requests.copyCOUNTERsite=sitecopy Requests/sec
iis.requests.deleteCOUNTERsite=sitedelete Requests/sec
iis.requests.getCOUNTERsite=siteget Requests/sec
iis.requests.headCOUNTERsite=sitehead Requests/sec
iis.requests.isapiCOUNTERsite=siteisapi Requests/sec
iis.requests.lockCOUNTERsite=sitelock Requests/sec
iis.requests.mkcolCOUNTERsite=sitemkcol Requests/sec
iis.requests.moveCOUNTERsite=sitemove Requests/sec
iis.requests.optionsCOUNTERsite=siteoptions Requests/sec
iis.requests.postCOUNTERsite=sitepost Requests/sec
iis.requests.proppatchCOUNTERsite=siteproppatch Requests/sec
iis.requests.propfindCOUNTERsite=sitepropfind Requests/sec
iis.requests.putCOUNTERsite=siteput Requests/sec
iis.requests.searchCOUNTERsite=sitesearch Requests/sec
iis.requests.traceCOUNTERsite=sitetrace Requests/sec
iis.requests.unlockCOUNTERsite=siteunlock Requests/sec
iis.errors.notfountCOUNTERsite=sitenotfound errors/sec
iis.errors.lockedCOUNTERsite=sitelocked errors/sec
iis.connection.attemptsCOUNTERsite=siteconn attempts/sec
iis.connectionsGAUGEsite=siteconnections
iis.service.uptimeGAUGEsite=siteService Uptime

视版本和配置不同,采集到的 Metric 可能有所差别。

MsSQL

CountersTypeTagNotes
MsSQL.Lock_Waits/secGAUGEinstance=instanceLock_Waits/sec
MsSQL.Log_File(s)Size(KB)GAUGEinstance=instanceLog_File(s)Size(KB)
MsSQL.Log_File(s)Used_Size(KB)GAUGEinstance=instanceLog_File(s)Used_Size(KB)
MsSQL.Percent_Log_UsedGAUGEinstance=instanceLog_File(s)Used_Size(KB)
MsSQL.Errors/secGAUGEerror_type=error_typeLog_File(s)Used_Size(KB)
MsSQL.Batch_Requests/secGAUGE/Batch_Requests/sec
MsSQL.Target_Server_Memory_(KB)GAUGE/Target_Server_Memory_(KB)
MsSQL.Total_Server_Memory_(KB)GAUGE/Total_Server_Memory_(KB)
MsSQL.IO_requestsGAUGE/IO_requests
MsSQL.ConnectionGAUGE/Connections
MsSQL.UptimeGAUGE/Service Uptime

视版本和配置不同,采集到的 Metric 可能有所差别。 其中Lock_Waits/sec …… Total_Server_Memory_(KB) 等通过查询 sys.dm_os_performance_counters 表获得,这需要服务器上开启性能计数器。

如果这部分指标缺失,请确认性能计数器是否正确开启。

使用方式

配置文件请参照cfg.example.json,修改该文件名为cfg.json

{
    "debug": true,
	"logfile": "windows.log",  //日志的输出路径
    "hostname": "",
    "ip": "",
	"iis":{
		"enabled": false,
		"websites": [
	        "Default Web Site" //web 的站点,可以留空,默认会采集_Total的
	    ]
 	}, 
	"mssql":{
		"enabled": false,
		"addr":"127.0.0.1",
		"port":1433,
		"username":"sa",
		"password":"123456",
		"encrypt":"disable",
		//disable - 不加密
		//false - 除认证报文外不加密
		//true -加密
		//SQL Server 2008 和 SQL Server 2008 R2 必须选择 disable,否则无法正常认证。要修复这个问题,需要升级 SQL Server 2008 R2 SP2,或 SQL Server 2008 SP3
		"instance": [ //要采集数据库实例名
	        "test"
	    ]
 	}, 
    "heartbeat": {
        "enabled": true,
        "addr": "127.0.0.1:6030",
        "interval": 60,
        "timeout": 1000
    },
    "transfer": {
        "enabled": true,
        "addrs": [
            "127.0.0.1:8433"
        ],
        "interval": 60,
        "timeout": 1000
    },
    "http": {
        "enabled": true,
        "listen": ":1988",
        "backdoor": false
    },
    "collector": {
        "ifacePrefix": ["本地连接"] //所采集的网卡名,注意 falcon 默认不支持中文名的tag,因此需要修改 graph 表的编码为 uft8
    },
	"default_tags": {
    },
    "ignore": {
        "cpu.busy": true,
    }
}

http 信息维护接口

curl http://127.0.0.1:1988/health
正常则返回 ok

curl http://127.0.0.1:1988/version
返回版本

curl http://127.0.0.1:1988/workdir
返回工作目录
 
curl http://127.0.0.1:1988/config
返回配置

http 转发接口

http://127.0.0.1:1988//v1/push

源码安装

cd %GOPATH%/src/github.com/freedomkk-qfeng/windows-agent
go get ./...
go build -o windows-agent.exe

Release 版本

可以从这里直接下载编译好的 Release 版本

运行

以下命令需在管理员模式下运行开 cmd 或 Powershell

先试运行一下

.\windows-agent.exe
2016/08/08 13:44:31 cfg.go:96: read config file: cfg.json successfully
2016/08/08 13:44:31 var.go:31: logging on windows.log
2016/08/08 13:44:31 http.go:64: listening :1988

等待1-2分钟,观察输出,确认运行正常 使用 nssm 注册为 Windows 服务。

.\nssm.exe install windows-agent

启动服务

.\nssm.exe start windows-agent

TODO

增加完善 sqlserver 的监控项

# Packages

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author