logstash轻松过滤海量日志,研究下logstash的其它插件,能够轻松监控日志并报警,爽歪歪了,直接附上脚本php
监控说明:redis
一、sonp.php son-server.php 这两个URL小于100字节,状态码非200,报警 二、全部状态码非200,报警 三、全部请求超过10S,报警
邮件本机配置postfix或者sendmail,json
监控脚本bash
input { redis { host => "127.0.0.1" port => "6379" data_type => "list" key => "logstash" type => "redis-input" codec => "json" } #我这里直接是从redis取出日志,上篇有介绍,固然也能够直接从日志文件取 } filter{ mutate { convert => [ "[bytes_read]", "float" ] #为了输出编码一致,咱们这里将字节转成float } grok { match => [ "message" ,"sonp\.php|son-server\.php" ] #日志中匹配的内容, add_tag => [myurl] } } output { if [response] != "200" or [request_time] >= 10 { #监控状态码非200 或者 请求时间大于10s exec { command => "echo '%{@timestamp}: %{message}' | mail -s 'Log_error: request time or response' urname@urdomain" } } if [bytes_read] < 100 and [response] != "200"{ #监控字节数小于100和请求非200 exec { tags => [myurl] command => "echo '%{@timestamp}: %{message}' | mail -s 'Log_error: bytes and response' urname@urdomain" } } }
#logstash/bin/logstash agent -f log_monitor.conf &
后台启动脚本,静静等待邮件报警吧~~dom