python3.6-Yelp/elastalert0.2.1-elk7.2.0郵件加企業微信告警

本文轉載自查看原文 2019-12-19 15:50 261 elk

0.修改時區(前提條件已經安裝好elk7.2)

rm -f /etc/localtime
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
timedatectl set-timezone Asia/Shanghai

1.升級python

# 安裝依賴
yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel
# 獲取編譯安裝python3.6.9
mkdir -p /usr/local/python3
wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz
tar xf Python-3.6.9.tgz
cd Python-3.6.9
./configure --prefix=/usr/local/python3
make && make install
ln -s /usr/local/python3/bin/python-3.6.9/bin/python3.6 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3

2.安裝virtualenv虛擬環境

pip3 install virtualenv
# 創建存放虛擬環境的目錄
mkdir -p  /usr/local/venv_py3.6_elastalert-0.2.1

# 創建純凈的虛擬環境
cd /usr/local
git clone https://github.com/Yelp/elastalert.git
cd /usr/local/elastalert

/usr/local/python3/bin/virtualenv --no-site-packages --python=/usr/local/python3/bin/python3.6 /usr/local/venv_py3.6_elastalert-0.2.1
[root@eus-kibana-elastalert-01:/usr/local/venv_py3.6_elastalert-0.2.1]# source bin/activate
(venv_py3.6_elastalert-0.2.1) [root@eus-kibana-elastalert-01:/usr/local/venv_py3.6_elastalert-0.2.1]#

3.在虛擬的python3.6環境中安裝alasticalert

# 指定庫，安裝依賴，否則可能安裝失敗
(venv_py3.6_elastalert-0.2.1) [root@eus-kibana-elastalert-01:/usr/local/elastalert]# pip install -r requirements.txt -i https://pypi.python.org/simple
# 安裝主程序，否則無法使用 elastalert-create-index 命令
(venv_py3.6_elastalert-0.2.1) [root@eus-kibana-elastalert-01:/usr/local/elastalert]# python setup.py install
# 運行 elastalert-create-index 配置
(venv_py3.6_elastalert-0.2.1) [root@eus-kibana-elastalert-01:/usr/local/elastalert]# elastalert-create-index

4.elastalert的主配置

[root@rbtnode1 elastalert]# cat config.yaml
rules_folder: example_rules
run_every:
  minutes: 1
buffer_time:
  minutes: 15
es_host: 192.168.1.156
es_port: 9200
writeback_index: elastalert_status
writeback_alias: elastalert_alerts
alert_time_limit:
  days: 2

6.用郵箱發告警的規則

[root@rbtnode1 example_rules]# cat my_rule.yaml|egrep -v '^#'
es_host: 192.168.1.156
es_port: 9200
name: eus-log-elasticsearch-cluster-alert
type: frequency
index: syslog*
num_events: 5
timeframe:
 # hours: 在多長時間內
 minutes: 1



filter:
- query_string:
    query: "message: hello"
smtp_host: smtp.163.com
smtp_port: 25
smtp_auth_file: /opt/elastalert/smtp_auth.yaml
email_reply_to: linux1634@163.com
from_addr: linux1634@163.com
alert:
- "email"
email:
- "linux163@163.com"

郵箱賬戶密碼：

[root@rbtnode1 example_rules]# cat /opt/elastalert/smtp_auth.yaml　　　　　　　　
user: "linux1634@163.com" password: "hahahhahaha" 授權碼
參考：https://www.cnblogs.com/reblue520/p/11539956.html　

7.用企業微信告警
cd /usr/local/elastalert/elastalert_modules/

wget https://raw.githubusercontent.com/anjia0532/elastalert-wechat-plugin/master/elastalert_modules/wechat_qiye_alert.py

touch __init__.py
修改wechat_qiye_alert.py

3    from MyEncoder import MyEncoder
126  response = requests.post(send_url, data=json.dumps(payload, cls=MyEncoder, indent=4, ensure_ascii=False), headers=headers)  #修改后

8.添加一個類,處理因python2，python3不兼容導致的：TypeError: Object of type 'bytes' is not JSON serializable

cd /usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-
packages
(venv_py3.6_elastalert-0.2.1) [root@rbtnode1 site-packages]# cat MyEncoder.py
import json
class MyEncoder(json.JSONEncoder):
     def default(self, obj):
         if isinstance(obj, bytes):
            return str(obj, encoding='utf-8')
         return json.JSONEncoder.default(self, obj)

cp MyEncoder.py  /usr/local/venv_py3.6_elastalert-0.2.1/lib/

cp MyEncoder.py  /usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/

8.企業微信告警規則

(venv_py3.6_elastalert-0.2.1) [root@rbtnode1 example_rules]# cat my_rule.yaml|egrep -v '^$'
es_host: 192.168.1.156
es_port: 9200
name: "eus-log-elasticsearch-cluster-alert"
use_ssl: False
type: frequency
index: syslog*
num_events: 1
timeframe:
  hours: 4
filter:
- query_string:
    query: "message: hello"
alert:
- "elastalert_modules.wechat_qiye_alert.WeChatAlerter"
alert_text_args:
  - message
corp_id: "wwwdbe2b483965af612"
secret: "6gAuFwoAvGvshiZ6RUsaL6mfobiBi3JPkO99sxw21cLw"
agent_id: 1000003
party_id: "1"
user_id: "@all"
#tag_id: ""

參考：

https://blog.csdn.net/xiaohuo0930/article/details/90373181

https://anjia0532.github.io/2017/02/16/elastalert-wechat-plugin/

https://github.com/anjia0532/elastalert-wechat-plugin

https://github.com/anjia0532/elastalert-wechat-plugin/issues/2

http://www.appblog.cn/2019/11/23/ELK%207.x%20--%20elastalert%20%E4%BC%81%E4%B8%9A%E5%BE%AE%E4%BF%A1%E5%91%8A%E8%AD%A6/

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 【ELK】elastalert 日志告警 [elk]elastalert郵箱告警 elastalert郵件告警郵件，釘釘，企業微信告警模板 ELK基於ElastAlert實現日志的微信報警 ELK基於ElastAlert實現日志的微信報警 zabbix之微信告警(python版)：微信個人報警，微信企業號告警腳本用企業微信發送告警 prometheus 通過企業微信接收告警實現Zabbix+企業微信告警