当前位置:网站首页>Logstash - logstash sends an alarm email to email

Logstash - logstash sends an alarm email to email

2022-06-26 06:05:00 Big wind

email Data output

logstash The output plug-in of provides email The data output source of . So when logstash When you encounter something that needs early warning , An alert letter can be sent by mail to a specified user .

Configurable parameters

About email The parameters of are as follows

Field Parameter type explain
addressstring Mail server address
usernamestring The user name used to verify the server
passwordstring Password used to verify the server
portnumber The port used to communicate with the mail server
authenticationstring How the server identifies itself
attachmentsarray Attachment address
bodystring Email body
ccstring CC address of the mail
bccstring BCC address of the mail
contenttypestring Set up HTML The content type and / Or character set .
debugboolean Run mail relay in debug mode
domainstring Connect to remote SMTP Server HELO / EHLO domain name
fromstring Sender
htmlbodystring E-mail HTML Text
replytostring Mail reply fields
subjectstring Email subject
tostring Email destination
use_tlsboolean Enable when communicating with the server TLS
viastringLogstash How to pass SMTP Or by calling sendmail Send email .
template_filepath For email templates [Mustache Templates ](https://mustache.github.io/) Path to file .

Take Tencent email as an example

  1. First, start relevant service support

Need to open Settings - account number

Insert picture description here

  1. Open the corresponding service

Insert picture description here

  1. Application authorization code

We need to pay attention to , After that, the mailbox password in all configurations refers to the authorization code

According to its file Introduction to

  • Receiving mail server :imap.qq.com, Use SSL, Port number 993
  • Send mail server :smtp.qq.com, Use SSL, Port number 465 or 587

Mail targeted configuration 

email {
    
	port => 587
	address => "smtp.qq.com"
	username => " mailbox @qq.com"
	password => " Authorization code "
	authentication => "plain"
	contenttype => ""
	from => " mailbox @qq.com"
	subject => " Error alarm "
	to => " mailbox @qq.com"
	use_tls => true
	via => "smtp"
	domain => "smtp.qq.com"
	body => " Error alarm :120 Error log exceeded... Seconds 3 strip , Please check "
	debug => true
}

About logstash Before sending the alarm message, I had an article Use throttle The filter sends an alert message to the nail

Use the configuration inside , Replace with the mail target. The final configuration is as follows 

input {
    
	redis {
    
		key => "logstash-email"
		host => "localhost"
		password => "dailearn"
		port => 6379
		db => "0"
		data_type => "list"
		type  => "email"
		codec => plain{
    
            	charset=>"UTF-8"
       	}
	}
}

filter {
    

	grok {
    
		match => {
     "message" => "%{TIMESTAMP_ISO8601:log_date} %{LOGLEVEL:log_info} %{DATA:thread} %{NOTSPACE} %{SPACE} %{NOTSPACE} %{JAVACLASS:log_class} %{SPACE}: %{GREEDYDATA:log_message}" }
	}
	if "_grokparsefailure" in [tags] {
    
		drop {
    }
	}
	if [log_info] == "INFO" {
    
		drop {
    }
	}
	if [log_info] == "ERROR" {
    
		throttle {
    
			before_count => -1
			after_count => 3
			period => 120
			max_age => 240
			key => "%{[log_info]}"
			add_tag => "throttled"

		}
	}
	if "throttled" in [tags] {
    
		aggregate{
    
			task_id => "%{log_info}"
			code => "event.set('throttled_time',Time.parse(event.get('log_date')).to_f*1000)
					 map['throttled_time'] ||= 0
					 event.set('throttled_time_out', (event.get('throttled_time') - map['throttled_time']) > 10000)"
		}
		if [throttled_time_out] {
    
			aggregate{
    
				task_id => "%{log_info}"
				code => "map['throttled_time'] = event.get('throttled_time')
					event.set('throttled_time_test',map['throttled_time'])"
			}
		}
	}
	
}

output {
    
	if [throttled_time_out] {
    
        email {
    
        	port => 587
        	address => "smtp.qq.com"
        	username => " mailbox @qq.com"
        	password => " Authorization code "
        	authentication => "plain"
        	contenttype => ""
        	from => " mailbox @qq.com"
        	subject => " Error alarm "
        	to => " mailbox @qq.com"
        	use_tls => true
        	via => "smtp"
        	domain => "smtp.qq.com"
        	body => " Error alarm :120 Error log exceeded... Seconds 3 strip , Please check "
        	debug => true
        }
	}
	stdout {
    
		codec => rubydebug
	}
}

Using the above configuration, you can send alert messages by email .

Insert picture description here

Possible problems

Generally, if there is a problem, you need to check whether it is turned on POP3 and SMTP service

  1. Something happen while delivering an email {:exception=>#<Net::OpenTimeout: execution expired>}

At this point, you need to pay attention to the configuration address Whether the active port is correct .

  1. Something happen while delivering an email {:exception=>#<EOFError: end of file reached>}

According to the text description, there should be something wrong with the email content or attachments , And in GitHub It was also mentioned in the problem , But in fact, the above situation is most likely caused by the timeout problem . At this time, you need to try to use non SSL Send E-mail . Or use another port ( If there is one , For example, Tencent provides 465 and 587 port )

Limited personal level , The above content may not be clearly described or wrong , If development students find , Please let me know in time , I will revise the relevant contents as soon as possible . If my article is of any help to you , Please give it to me Like it . Your praise is my driving force .

原网站

版权声明
本文为[Big wind]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/177/202206260559105882.html

边栏推荐

猜你喜欢

随机推荐