碼上快樂

相關內容    簡體    繁體

ELK logstash郵件報警

本文轉載自   查看原文   2017-06-12 15:42   1468    ELK

這個方法有一個問題就是我這邊不能給我們公司的郵箱發郵件。還有就是我們有兩個郵箱一個是騰訊企業郵箱,還有一個就是我們的集團郵箱

使用下面的這個方法是不能給我們的集團郵箱發郵件的。第二個問題就是這個方法給我們的騰訊企業郵箱發郵件的話,騰訊的企業郵箱會有一定的規則

當你一定時間發送太多郵件的話,這里就會拒收,服務器拒絕了。所以得用另外一種方法

input {
    beats {
      type => beats
      port => 5089
    }
}
filter {
        multiline {
                pattern => ".*#ELK#.*"
                negate => true
                what => "previous"
        }
            grok {
        patterns_dir => "/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns"
                match => {"message"=>"%{DATA:Date} %{LOGLEVEL:Level} %{JAVACLASS:Class} %{NOTSPACE:Thread} %{NOTSPACE:RequestId} #ELK# %{MSG:msg}"}
        remove_field => ['@version']
        remove_field => ['message']
        remove_field => ['offset']
        remove_field => ['input_type']
        remove_field => ['beat']
}
}
output {
        elasticsearch {
           hosts => ["10.19.192.69:9200","10.19.2.20:9200"]
           index => "test-web1-front-%{+YYYY.MM.dd}"
        }
    if [Level] == "ERROR" {
        exec {
             command => "echo 'pro_front %{host} %{Date}  %{msg}' | mail -s 'Log_error' bigbao@kongz.com"
        }
    }

}

 

 

logstash 配置報警首先需要有mail
yum -y install mailx postfix
這里我啟動失敗修改以下配置,重啟postfix就好了
vi  /etc/postfix/main.cf
 發現配置為:

inet_interfaces = localhost

inet_protocols = all

改成:

inet_interfaces = all

inet_protocols = all

重新啟動

service postfix start

 

input {
    beats {
        port => "5191"
        codec => multiline {
            patterns_dir => ["/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns"]
            pattern => ".*#ELK#.*"
            what => "previous"
            negate => true

        }
    }
}
filter {
	        grok {
		patterns_dir => "/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns"
                match => {"message"=>"%{DATA:Date} %{LOGLEVEL:Level} %{NOTSPACE:Class} %{NOTSPACE:Thread} %{NOTSPACE:RequestId} #ELK# %{MSG:msg}"}
		remove_field => ['@version']
		remove_field => ['message']
		remove_field => ['offset']
		remove_field => ['source']
		remove_field => ['input_type']
		remove_field => ['beat']
}
            date{
                match => [
                "Date","yyyy-MM-dd HH:mm:ss.SSS"
                ]
               target => ["@timestamp"]
              }
}

output {
        elasticsearch {
           hosts => ["10.19.100.61:9200","10.19.143.205:9200"]
           index => "front-%{+YYYY.MM.dd}"
}
	stdout { codec => rubydebug}
    if [Level] == "ERROR" {
        email {
        port           =>    "25"
        address        =>    "mail.kong.com"
        domain         =>    "mail.kong.com"
        username       =>    "jr@kong.com"
        password       =>    "4gW/329"
        authentication =>    "plain"
        use_tls        =>    false
        from           =>    "jr@kong.com"
        subject        =>    "%{type} service  ERROR !!!"
        to             =>    "baoxue@kong.com"
        via            =>    "smtp"
        body           =>    "%{type} \n %{host} \n %{Date}\n \n  %{msg}"
    }

}

}

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 elk報警監控之sentinl 釘釘+郵件告警 ELK - Logstash連接MySQL ELK logstash 各種報錯 從0到1學會logstash的玩法(ELK) ELK應用之Logstash [elk]logstash grok原理 ELK提高篇之Logstash ELK-logstash基本用法 springboot admin郵件報警 zabbix郵件報警
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM