成人国产在线小视频_日韩寡妇人妻调教在线播放_色成人www永久在线观看_2018国产精品久久_亚洲欧美高清在线30p_亚洲少妇综合一区_黄色在线播放国产_亚洲另类技巧小说校园_国产主播xx日韩_a级毛片在线免费

資訊專欄INFORMATION COLUMN

使用elastalert進(jìn)行錯(cuò)誤報(bào)警

douzifly / 3388人閱讀

摘要:關(guān)于是出品的一個(gè)基于的報(bào)警服務(wù),使用編寫。報(bào)警的話,提供了等。關(guān)于主要是從環(huán)境變量替換文件里頭的相關(guān)變量。配置文件啟動(dòng)關(guān)于的錯(cuò)誤是用戶被鎖定,需要在網(wǎng)易郵箱里頭設(shè)置開啟,同時(shí)設(shè)定授權(quán)碼,然后用授權(quán)碼替換密碼發(fā)郵件

關(guān)于elastalert

elastalert是yelp出品的一個(gè)基于elasticsearch的報(bào)警服務(wù),使用python編寫。整體的思路還是基于輪詢的方法,規(guī)則的話,內(nèi)置frequency、spike、flatline、blacklist/whitelist、any、change。報(bào)警的話,提供了Email、HipChat、Slack、Telegram等。

dockerfile 
# Elastalert Docker image running on ubuntu
# Based off of ivankrizsan/elastalert:latest .
FROM ubuntu:14.04

MAINTAINER Tom Ganem
ENV SET_CONTAINER_TIMEZONE false
ENV ELASTALERT_VERSION 0.0.95
ENV CONTAINER_TIMEZONE Asia/Shanghai
ENV ELASTALERT_URL https://github.com/Yelp/elastalert/archive/v${ELASTALERT_VERSION}.tar.gz
ENV ELASTALERT_DIRECTORY_NAME elastalert
ENV ELASTALERT_HOME /opt/${ELASTALERT_DIRECTORY_NAME}
ENV RULES_DIRECTORY /opt/${ELASTALERT_DIRECTORY_NAME}/rules


WORKDIR /opt

RUN apt-get update && 
    apt-get install tar curl python-dev tzdata -y

RUN curl -Lo get-pip.py https://bootstrap.pypa.io/get-pip.py && 
    python get-pip.py && 
    rm get-pip.py

RUN mkdir -p ${ELASTALERT_HOME}

RUN curl -Lo elastalert.tar.gz ${ELASTALERT_URL} && 
    tar xvf *.tar.gz -C ${ELASTALERT_HOME} --strip-components 1 && 
    rm *.tar.gz

WORKDIR ${ELASTALERT_HOME}

RUN mkdir -p ${RULES_DIRECTORY}
RUN sed -i -e "s|"elasticsearch"|"${ELASTALERT_VERSION_CONSTRAINT}"|g" setup.py
RUN python setup.py install && 
    pip install -e .
RUN pip install elasticsearch

COPY ./docker-entrypoint.sh ${ELASTALERT_HOME}/docker-entrypoint.sh
ENTRYPOINT ["/opt/elastalert/docker-entrypoint.sh"]
CMD ["python", "elastalert/elastalert.py", "--verbose"]

關(guān)于docker-entrypoint.sh

#!/bin/sh

rules_directory=${RULES_FOLDER:-/opt/elastalert/rules}
es_port=${ELASTICSEARCH_PORT:-9200}

# Render rules files
for file in $(find . -name "*.yaml" -or -name "*.yml");
do
    cat $file | sed "s|es_host: [[:print:]]*|es_host: ${ELASTICSEARCH_HOST}|g" | sed "s|es_port: [[:print:]]*|es_port: $es_port|g" | sed "s|rules_folder: [[:print:]]*|rules_folder: $rules_directory|g" > config
    cat config > $file
    rm config
done

echo "Creating Elastalert index in Elasticsearch..."
elastalert-create-index --index elastalert_status --old-index "" --no-auth;

exec "$@"

主要是從環(huán)境變量替換config文件里頭的相關(guān)變量。

配置文件 
rules_folder: /opt/elastalert/rules
run_every:
  minutes: 1

# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
  minutes: 15

# The elasticsearch hostname for metadata writeback
# Note that every rule can have it"s own elasticsearch host
es_host: 192.168.99.101
es_port: 9200

smtp_host: smtp.126.com
smtp_port: 25
smtp_auth_file: /opt/elastalert/smtp_cfg.yaml
from_addr: [email protected]

use_ssl: False

# Option basic-auth username and password for elasticsearch
#es_username: someusername
#es_password: somepassword

writeback_index: elastalert_status

# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
alert_time_limit:
  days: 2
rules 
# Alert when the rate of events exceeds a threshold

# (Optional)
# Elasticsearch host
# es_host: elasticsearch.example.com

# (Optional)
# Elasticsearch port
# es_port: 14900

# (OptionaL) Connect with SSL to elasticsearch
#use_ssl: True

# (Optional) basic-auth username and password for elasticsearch
#es_username: someusername
#es_password: somepassword

# (Required)
# Rule name, must be unique
name: Example rule

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency

# (Required)
# Index to search, wildcard supported
index: logstash-*

# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 50

# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
  hours: 4

# (Required)
# A list of elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- query:
    query_string:
      query: "field: value"

# (Required)
# The alert is use when a match is found
alert:
- "email"

# (required, email specific)
# a list of email addresses to send alerts to
email:
- "[email protected]"
啟動(dòng) 
docker run -e "ELASTICSEARCH_HOST=192.168.99.101" -e "ELASTICSEARCH_PORT=9200" -e "RULES_FOLDER=/opt/elastalert/rules" -v $PWD/rules:/opt/elastalert/rules -v $PWD/smtp_cfg.yaml:/opt/elastalert/smtp_cfg.yaml -v $PWD/config.yaml:/opt/elastalert/config.yaml -it esalert /bin/bash
關(guān)于smtp的550錯(cuò)誤

是用戶被鎖定,需要在網(wǎng)易郵箱里頭設(shè)置開啟smtp,同時(shí)設(shè)定授權(quán)碼,然后用授權(quán)碼替換密碼發(fā)郵件

docs

elastalert-docs

yelp-elastalert

Alerting with the ELK Stack and Elastalert

smtp-550

docker-elastalert

文章版權(quán)歸作者所有,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。

轉(zhuǎn)載請(qǐng)注明本文地址:http://systransis.cn/yun/45502.html

相關(guān)文章

  • 容器監(jiān)控實(shí)踐—開篇

    摘要:方案匯總一開源方案采集展示報(bào)警二商業(yè)方案三云廠商騰訊云阿里云百度云華為云四主機(jī)監(jiān)控五日志監(jiān)控六服務(wù)監(jiān)控七存儲(chǔ)后端腦圖本文為容器監(jiān)控實(shí)踐系列文章,完整內(nèi)容見 概述 隨著越來越多的線上服務(wù)docker化,對(duì)容器的監(jiān)控、報(bào)警變得越來越重要,容器監(jiān)控有多種形態(tài),有些是開源的(如promethues),而另一些則是商業(yè)性質(zhì)的(如Weave),有些是集成在云廠商一鍵部署的(Rancher、谷歌云)...

    Zack 評(píng)論0 收藏0

  • 容器監(jiān)控實(shí)踐—開篇

    摘要:方案匯總一開源方案采集展示報(bào)警二商業(yè)方案三云廠商騰訊云阿里云百度云華為云四主機(jī)監(jiān)控五日志監(jiān)控六服務(wù)監(jiān)控七存儲(chǔ)后端腦圖本文為容器監(jiān)控實(shí)踐系列文章,完整內(nèi)容見 概述 隨著越來越多的線上服務(wù)docker化,對(duì)容器的監(jiān)控、報(bào)警變得越來越重要,容器監(jiān)控有多種形態(tài),有些是開源的(如promethues),而另一些則是商業(yè)性質(zhì)的(如Weave),有些是集成在云廠商一鍵部署的(Rancher、谷歌云)...

    hellowoody 評(píng)論0 收藏0

  • ElastAlert日志告警(郵件、企業(yè)微信)

    摘要:工作原理周期性的查詢并且將數(shù)據(jù)傳遞給規(guī)則類型,規(guī)則類型定義了需要查詢哪些數(shù)據(jù)。要做根據(jù)頻率變化的告警。 ElastAlert 工作原理 It works by combining Elasticsearch with two types of components, rule types and alerts. Elasticsearch is periodically queried...

    Yuanf 評(píng)論0 收藏0

發(fā)表評(píng)論

0條評(píng)論

最新活動(dòng)
閱讀需要支付1元查看
<