当前位置：网站首页>Logstash - logstash sends an alarm email to email

Logstash - logstash sends an alarm email to email

2022-06-26 06:05:00 【Big wind】

email Data output

logstash The output plug-in of provides email The data output source of . So when logstash When you encounter something that needs early warning , An alert letter can be sent by mail to a specified user .

Configurable parameters

About email The parameters of are as follows

Field	Parameter type	explain
address	string	Mail server address
username	string	The user name used to verify the server
password	string	Password used to verify the server
port	number	The port used to communicate with the mail server
authentication	string	How the server identifies itself
attachments	array	Attachment address
body	string	Email body
cc	string	CC address of the mail
bcc	string	BCC address of the mail
contenttype	string	Set up HTML The content type and / Or character set .
debug	boolean	Run mail relay in debug mode
domain	string	Connect to remote SMTP Server HELO / EHLO domain name
from	string	Sender
htmlbody	string	E-mail HTML Text
replyto	string	Mail reply fields
subject	string	Email subject
to	string	Email destination
use_tls	boolean	Enable when communicating with the server TLS
via	string	Logstash How to pass SMTP Or by calling sendmail Send email .
template_file	path	For email templates [Mustache Templates ]（https://mustache.github.io/） Path to file .

Take Tencent email as an example

First, start relevant service support

Need to open Settings - account number

Insert picture description here

Open the corresponding service

Insert picture description here

Application authorization code

We need to pay attention to , After that, the mailbox password in all configurations refers to the authorization code

According to its file Introduction to

Receiving mail server ：imap.qq.com, Use SSL, Port number 993
Send mail server ：smtp.qq.com, Use SSL, Port number 465 or 587

Mail targeted configuration

email {
    
	port => 587
	address => "smtp.qq.com"
	username => " mailbox @qq.com"
	password => " Authorization code "
	authentication => "plain"
	contenttype => ""
	from => " mailbox @qq.com"
	subject => " Error alarm "
	to => " mailbox @qq.com"
	use_tls => true
	via => "smtp"
	domain => "smtp.qq.com"
	body => " Error alarm ：120 Error log exceeded... Seconds 3 strip , Please check "
	debug => true
}

About logstash Before sending the alarm message, I had an article Use throttle The filter sends an alert message to the nail

Use the configuration inside , Replace with the mail target. The final configuration is as follows

input {
    
	redis {
    
		key => "logstash-email"
		host => "localhost"
		password => "dailearn"
		port => 6379
		db => "0"
		data_type => "list"
		type  => "email"
		codec => plain{
    
            	charset=>"UTF-8"
       	}
	}
}

filter {
    

	grok {
    
		match => {
     "message" => "%{TIMESTAMP_ISO8601:log_date} %{LOGLEVEL:log_info} %{DATA:thread} %{NOTSPACE} %{SPACE} %{NOTSPACE} %{JAVACLASS:log_class} %{SPACE}: %{GREEDYDATA:log_message}" }
	}
	if "_grokparsefailure" in [tags] {
    
		drop {
    }
	}
	if [log_info] == "INFO" {
    
		drop {
    }
	}
	if [log_info] == "ERROR" {
    
		throttle {
    
			before_count => -1
			after_count => 3
			period => 120
			max_age => 240
			key => "%{[log_info]}"
			add_tag => "throttled"

		}
	}
	if "throttled" in [tags] {
    
		aggregate{
    
			task_id => "%{log_info}"
			code => "event.set('throttled_time',Time.parse(event.get('log_date')).to_f*1000)
					 map['throttled_time'] ||= 0
					 event.set('throttled_time_out', (event.get('throttled_time') - map['throttled_time']) > 10000)"
		}
		if [throttled_time_out] {
    
			aggregate{
    
				task_id => "%{log_info}"
				code => "map['throttled_time'] = event.get('throttled_time')
					event.set('throttled_time_test',map['throttled_time'])"
			}
		}
	}
	
}

output {
    
	if [throttled_time_out] {
    
        email {
    
        	port => 587
        	address => "smtp.qq.com"
        	username => " mailbox @qq.com"
        	password => " Authorization code "
        	authentication => "plain"
        	contenttype => ""
        	from => " mailbox @qq.com"
        	subject => " Error alarm "
        	to => " mailbox @qq.com"
        	use_tls => true
        	via => "smtp"
        	domain => "smtp.qq.com"
        	body => " Error alarm ：120 Error log exceeded... Seconds 3 strip , Please check "
        	debug => true
        }
	}
	stdout {
    
		codec => rubydebug
	}
}

Using the above configuration, you can send alert messages by email .

Insert picture description here

Possible problems

Generally, if there is a problem, you need to check whether it is turned on POP3 and SMTP service

Something happen while delivering an email {:exception=>#<Net::OpenTimeout: execution expired>}

At this point, you need to pay attention to the configuration address Whether the active port is correct .

Something happen while delivering an email {:exception=>#<EOFError: end of file reached>}

According to the text description, there should be something wrong with the email content or attachments , And in GitHub It was also mentioned in the problem , But in fact, the above situation is most likely caused by the timeout problem . At this time, you need to try to use non SSL Send E-mail . Or use another port （ If there is one , For example, Tencent provides 465 and 587 port ）

Limited personal level , The above content may not be clearly described or wrong , If development students find , Please let me know in time , I will revise the relevant contents as soon as possible . If my article is of any help to you , Please give it to me Like it . Your praise is my driving force .

原网站

版权声明
本文为[Big wind]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/177/202206260559105882.html