logstash轻松过滤海量日志,研究下logstash的其它插件,能够轻松监控日志并报警,爽歪歪了,直接附上脚本php
监控说明:redis
一、sonp.php son-server.php 这两个URL小于100字节,状态码非200,报警 二、全部状态码非200,报警 三、全部请求超过10S,报警
邮件本机配置postfix或者sendmail,json
监控脚本bash
input {
redis {
host => "127.0.0.1"
port => "6379"
data_type => "list"
key => "logstash"
type => "redis-input"
codec => "json"
}
#我这里直接是从redis取出日志,上篇有介绍,固然也能够直接从日志文件取
}
filter{
mutate {
convert => [ "[bytes_read]", "float" ]
#为了输出编码一致,咱们这里将字节转成float
}
grok {
match => [ "message" ,"sonp\.php|son-server\.php" ]
#日志中匹配的内容,
add_tag => [myurl]
}
}
output {
if [response] != "200" or [request_time] >= 10 {
#监控状态码非200 或者 请求时间大于10s
exec {
command => "echo '%{@timestamp}: %{message}' | mail -s 'Log_error: request time or response' urname@urdomain"
}
}
if [bytes_read] < 100 and [response] != "200"{
#监控字节数小于100和请求非200
exec {
tags => [myurl]
command => "echo '%{@timestamp}: %{message}' | mail -s 'Log_error: bytes and response' urname@urdomain"
}
}
}
#logstash/bin/logstash agent -f log_monitor.conf &
后台启动脚本,静静等待邮件报警吧~~dom