filebeat+logstash通过zabbix微信报警
2024-08-22 02:09:25
一、安装软件:
1、在要收集日志的机器上安装filebeat:
1)、下载安装:
cd /usr/local/src
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.3.3-linux-x86_64.tar.gz
tar xvf filebeat-5.3.3-linux-x86_64.tar.gz -C /usr/local
rm -f filebeat-5.3.3-linux-x86_64.tar.gz 2)、增加配置文件:
mkdir -p /etc/filebeat cat >/etc/filebeat/filebeat.yml << EOF
filebeat.prospectors:
- input_type: log
paths:
- /usr/local/wintel400/log/*.log
fields:
document_type: CTI02-wintel-log
tail_files: true
ignore_olde: 24h
output.logstash:
hosts: ["192.168.22.214:5044"]
EOF
注:增加各客户端的配置文件时修改document_type的值,还有日志收集的目录。
3)、启动(调试时可以用前台启动):
/usr/local/filebeat-5.3.3-linux-x86_64/filebeat -e -c /etc/filebeat/filebeat.yml
nohup /usr/local/filebeat-5.3.3-linux-x86_64/filebeat -e -c /etc/filebeat/filebeat.yml
2、安装logstash:
1)、安装logstash(需要安装java1.8):
cd /usr/local/src
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.3.3.tar.gz
tar zxf logstash-5.3.3.tar.gz -C /usr/local/
rm -f /logstash-5.3.3.tar.gz
2)、增加配置文件:
mkdir /etc/logstash 配置文件见下面 3)、启动(调试时先用前台启动):
/usr/local/logstash-5.3.3/bin/logstash -f /etc/logstash/
nohup /usr/local/logstash-5.3.3/bin/logstash -f /etc/logstash/ & java1.8下载:
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u171-b11/512cd62ec5174c3487ac17c61aaa89e8/jdk-8u171-linux-x64.tar.gz"
logstash的配置文件:
input {beats {port => 5045}}
filter {if [fields][document_type] == "WEB01-easycti-log" {
mutate {
add_field => [ "[@metadata][zabbix_key]" , "EasyctiLog" ]
add_field => [ "[@metadata][zabbix_host]" , "HAI--WEB01" ]
}
}
else if [fields][document_type] == "WEB02-easycti-log" {
mutate {
add_field => [ "[@metadata][zabbix_key]" , "EasyctiLog" ]
add_field => [ "[@metadata][zabbix_host]" , "HAI--WEB02" ]
}
}
else if [fields][document_type] == "WEB03-easycti-log" {
mutate {
add_field => [ "[@metadata][zabbix_key]" , "EasyctiLog" ]
add_field => [ "[@metadata][zabbix_host]" , "HAI--WEB03" ]
}
}
grok {
match => {
"message" => "\[%{GREEDYDATA:logtime}\] %{DATA:context}\.%{WORD:level}: %{GREEDYDATA:msg}"
}
}
}
output {
if [level] =~ /(ERR|error|ERROR)/ {
zabbix {
zabbix_host => "[@metadata][zabbix_host]"
zabbix_key => "[@metadata][zabbix_key]"
zabbix_server_host => "192.168.22.216"
zabbix_server_port => ""
zabbix_value => "message"
}
stdout { codec => rubydebug }
}
}
easycti-log.conf
input {beats {port => 5044}}
filter { if [fields][document_type] == "CTI01-wintel-log" {
mutate {
add_field => [ "[@metadata][zabbix_key]" , "WintelLog" ]
add_field => [ "[@metadata][zabbix_host]" , "HAI--CTI01" ]
}
}
else if [fields][document_type] == "CTI02-wintel-log" {
mutate {
add_field => [ "[@metadata][zabbix_key]" , "WintelLog" ]
add_field => [ "[@metadata][zabbix_host]" , "HAI--CTI02" ]
}
}
grok {
match => {
"message" => "%{GREEDYDATA:logtime} \[%{WORD:level}] %{GREEDYDATA:msg}"
}
}
}
output {
if [level] =~ /(ERR|WARNING)/ {
zabbix {
zabbix_host => "[@metadata][zabbix_host]"
zabbix_key => "[@metadata][zabbix_key]"
zabbix_server_host => "192.168.22.216"
zabbix_server_port => ""
zabbix_value => "message"
}
stdout { codec => rubydebug }
}
}
wintel-log.conf
二、配置zabbix:
配置微信告警参考:http://www.cnblogs.com/kevingrace/p/5995875.html
1、配置zabbix,获取logstash发过来的日志:
1)、依次创建模板,应用集,监控项,触发器。
2)、创建应用集:
3)、创建监控项:
4)、创建触发器:
最新文章
- android
- mediastreamer使用教程
- 整理UWP中网络和设备信息获取的帮助类,需要的拿走。
- 解决Oracle 11g ORA-01017错误代码
- Effective Java 02 Consider a builder when faced with many constructor parameters
- android几种定时器机制及区别
- 将表中数据生成SQL语句
- [Java] MAP、LIST、SET集合解析
- Android Wear开发 - 卡片通知 - 第二节 : 自定义Wear卡片样式
- iOS 面试题 2
- android软键盘的管理和属性的设置
- winform控件背景透明问题(label..等)
- Mego(05) - 创建模型
- python(leetcode)-重复元素算法题
- 《HelloGitHub月刊》第 02 期
- Spring AOP的实现及源码解析
- Java容器类源码分析前言之集合框架结构(基于JDK8)
- gitlab11.5.4 配置邮件提醒
- scrapy 异步存储mysql
- input 清空值。(转载)