python怎么实时监控logstash日志
奇闻趣事 2022-09-17 13:41www.kangaizheng.com童年趣事
第一步,实时读取logstash日志,有异常错误keywork即触发报警。
# /usr/b/env python3
# -- codg: utf-8 --
# __author__ = caozhi
# create_time 2018-11-12,update_time 2018-11-15
# version = 1.0
# 录像高可用报警
# 1 读取日志 使用游标移动
# 2 线上业务日志文件会切割,切割后,读取上一个切割的日志
import os
import sys
import json
import requests
import time
import re
ci = conf.i'
log_file = logstash.log'
def readconf():
try:
with open(ci, 'r+') as f:
CONF = json.load(f)
except:
CONF = {"seek": 0, "ode": 922817, "last_file": logstash.log"}
writeconf(CONF=CONF)
prt('conf.i 配置文件缺失,自动创建一个新的配置文件')
return CONF
def writeconf(CONF):
with open(ci, 'w+') as e:
json.dump(CONF, e)
def read_log(log_file, seek):
try:
f = open(log_file, 'r')
except FileNotFoundError:
f = open(logstash.log', 'r')
seek = 0
prt('上一个文件读取失败了,请检查切割的日志文件')
except:
prt('日志文件打开错误,退出程序')
sys.exit()
f.seek(seek)
le = f.readle()
new_seek = f.tell()
if new_seek == seek:
prt('没有追加日志,退出程序')
sys.exit()
while le:
try:
logstash = json.loads(le)
except:
CONF = {"seek": 0, "ode": 922817, "last_file": "/data/logs/lmrs/logstash.log"}
writeconf(CONF=CONF)
prt('json数据加载错误,重新创建一个新的配置文件')
sys.exit()
#if '''re.search(time.strftime("%Y:%H:%M", time.localtime()), logstash.get('log_time')) and '''logstash.get('rtype') == 6 and logstash.get('uri') == '/publish' and logstash.get('event') == 0:
if logstash.get('rtype') == 6 and logstash.get('uri') == '/publish' and logstash.get('event') == 0:
value = 1
stream = logstash.get('name')
prt('{} {}'.format(value, stream))
record(value=value, stream=stream)
else:
value = 0
stream = 0
le = f.readle()
seek = f.tell()
f.close
return value, stream, seek
def record(value, stream):
data = []
record = {}
record['metric'] = 'recordg_high_availability_monitor'
record['endpot'] = os.uname()[1]
record['timestamp'] = t(time.time())
record['step'] = 60
record['value'] = value
record['counterType'] = 'GAUGE'
record['Tags'] = '{}={}'.format(t(time.time()), stream)
data.append(record)
if data:
prt('这是data的json数据')
prt(data)
falcon_request = requests.post("http://127.0.0.1:1988/v1/push", data=json.dumps(data))
#falcon_request = requests.post("http://127.0.0.1:1988/v1/push", json=data)
prt('json参数请求返回状态码为' + str(falcon_request.status_code))
prt('json参数请求返回为' + str(falcon_request.text))
if __name__ == '__ma__':
prt()
prt('')
prt('本次执行脚本时间{}'.format(time.strftime("%Y%m%d_%H%M", time.localtime())))
CONF = readconf()
prt('first_CONF :{}'.format(CONF))
prt('NO1.log_file',log_file)
last_ode = CONF['ode']
ode = os.stat(log_file).st_o
prt('last_ode: {} ode: {}'.format(last_ode, ode))
if ode == last_ode:
seek = CONF['seek']
next_file = 0
else:
log_file = CONF['last_file'] + time.strftime("-%Y%m%d_", time.localtime()) + str(time.strftime("%H%M", time.localtime()))[:-1] + '0'
next_file = 1
seek = CONF['seek']
prt('NO2.log_file',log_file)
value, stream, seek = read_log(log_file=log_file,seek=seek)
if next_file:
CONF['seek'] = 0
else:
CONF['seek'] = seek
CONF['ode'] = os.stat(logstash.log').st_o
writeconf(CONF=CONF)
prt('last_CONF :{}'.format(CONF))扩展代码logstash 调用exec
[elk@Vsftp logstash]$ cat t3.conf
put {
std {
}
}
filter {
grok {
match => [ "message","(?m)\s%{TIMESTAMP_ISO8601:time}\s(?(\S+))."]
}
date {
match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]
}
mutate {
add_field =>["type","tailong"]
add_field =>["messager","%{type}-%{message}"]
remove_field =>["message"]
}
}
output {
if ([Level] == "ERROR" or [messager] =~ "Exception" ) and [messager] !~ "温金服务未连接" and [messager] !~ "调用温金代理系统接口错误" and [messager] !~ "BusessException" {
exec {
mand => "/b/smail.pl \"%{messager}\" \"%{type}\" "
}
}
stdout {
codec =>rubydebug
}
}
Vsftp:/root# cat /b/smail.pl
#!/usr/b/perl
use Net::SMTP;
use HTTP::Date qw(time2iso str2time time2iso time2isoz);
use Data::Dumper;
use Get::Std;
use vars qw($opt_d );
gets('d:');
# mail_user should be your_mail@163.
$message= "@ARGV";
$env="$opt_d";
sub send_mail{
my $CurrTime = time2iso(time());
my $to_address = shift;
my $mail_user = 'zhao.yangjian@163.';
my $mail_pwd = 'xx';
my $mail_server = 'smtp.163.';
my $from = "From: $mail_user\n";
my $subject = "Subject: zjcap fo\n";
my $fo = "$CurrTime--$message";
my $message = auth($mail_user, $mail_pwd) || die "Auth Error! $!";
$smtp->mail($mail_user);
$smtp->to($to_address);
$smtp->data(); # beg the data
$smtp->datasend($from); # set user
$smtp->datasend($subject); # set subject
$smtp->datasend("\n\n");
$smtp->datasend("$message\n"); # set content
$smtp->dataend();
$smtp->quit();
};
send_mail ('zhao.yangjian@163.');
2017-01-12 10:19:19,888 jjjjj Exception
{
"@version" => "1",
"@timestamp" => "2017-01-12T02:19:19.888Z",
"host" => "Vsftp",
"time" => "2017-01-12 10:19:19,888",
"Level" => "jjjjj",
"type" => "tailong",
"messager" => "tailong-2017-01-12 10:19:19,888 jjjjj Exception"
}
上一篇:怎么将win10系统教育版更变回专业版
下一篇:长城宽带账号密码忘记了怎么办
趣事百科
- 秦海璐结过多少次婚 秦海璐有几次婚姻
- 女生身高多少算矮 女生身高多少以下算矮
- 地动仪是谁发明的 世界上第一架地动仪是谁发明
- 大兴安岭巨蛇事件 大兴安岭巨蛇事件真相
- 黄晓明宣布恋情 黄晓明公布新恋情
- 红色高跟鞋吉他谱 红色高跟鞋吉他谱G调弹唱
- 爱上黑社会老大:爱上黑社会老大的电影
- 安娜贝尔原型事件 安娜贝尔原型长什么样
- 李谷一的身高是多少 歌唱家李谷一身高多少厘米
- 霍思燕和江一燕什么关系 江一燕和霍思燕哪个更
- 三星堆为什么不敢研究了 三星堆为什么不敢挖掘
- 朱秀华事件:朱秀华事件骗局
- 方琼现任老公是谁 方琼老公个人资料
- 东来东往现状:东来东往是哪里人
- 太湖冤案事件真相 太湖冤案事件真相揭秘
- 双鱼玉佩恐怖的黑白照 双鱼玉佩黑白照片大全