需配合安装阿里云sdk和在云端控制台开启日志服务
安装所需库
pip install -U aliyun-log-python-sdk -i https://pypi.tuna.tsinghua.edu.cn/simple pip3 install pyinotify
以下为python脚本内容,因为赶工没有优化,洁癖自行优化,保持服务后台运行即可(建议用supervisor进行管控),注意要自行替换“xx”内容
#encoding: utf8 import pyinotify import logging, logging.config, os # 配置 sls_conf = {'version': 1, 'formatters': {'rawformatter': {'class': 'logging.Formatter', 'format': '%(message)s'} }, 'handlers': {'sls_handler': {'()': 'aliyun.log.QueuedLogHandler', 'level': 'ERROR', 'formatter': 'rawformatter', # custom args: 'end_point': os.environ.get('ALIYUN_LOG_SAMPLE_ENDPOINT', 'xx'), 'access_key_id': os.environ.get('ALIYUN_LOG_SAMPLE_ACCESSID', 'xx'), 'access_key': os.environ.get('ALIYUN_LOG_SAMPLE_ACCESSKEY', 'xx'), 'project': 'xx', 'log_store': "xx", 'extract_json': True } }, 'loggers': {'sls': {'handlers': ['sls_handler', ], 'level': 'ERROR', 'propagate': False} } } logging.config.dictConfig(sls_conf) logger = logging.getLogger('sls') def get_cmd_result(cmd): ret = ((os.popen(cmd)).read()).replace("\n", "") return ret class MyEventHandler(pyinotify.ProcessEvent): def process_IN_ACCESS(self, event): """ 文件被访问 :param event: :return: """ print("件被访问: ", event.pathname) def process_IN_ATTRIB(self, event): """ 文件属性被修改,如chmod、chown、touch等 :param event: :return: """ print("文件属性被修改:", event.pathname) def process_IN_CLOSE_NOWRITE(self, event): """ 不可写文件被close :param event: :return: """ print("不可写文件被close event:", event.pathname) def process_IN_CLOSE_WRITE(self, event): """ 可写文件被close :param event: :return: rsync -av /etc/passwd 192.168.204.168:/tmp/passwd.txt """ print("可写文件被close:", event.pathname) def process_IN_CREATE(self, event): """ 创建新文件 :param event: :return: """ print("创建新文件:", event.pathname) def process_IN_DELETE(self, event): """ 文件被删除 :param event: :return: """ print("文件被删除:", event.pathname) def process_IN_MODIFY(self, event): """ 文件被修改 :param event: :return: """ log_cmd = "cat /日志路径/xx.log | tail -1" mac_cmd = "ip -a addr| grep link/ether | awk '{print $2}'| head -n 1" hostname = get_cmd_result("hostname") content = get_cmd_result(log_cmd) mac_address = get_cmd_result(mac_cmd) response_data = {"hostname": hostname, "content": content, "mac_address": mac_address, "tag": "xx"} #print(response_data) logger.error(response_data) print("文件被修改:", event.pathname) def process_IN_OPEN(self, event): """ 文件被打开 :param event: :return: """ print("OPEN event:", event.pathname) if __name__ == '__main__': monitor_obj = pyinotify.WatchManager() path = "/日志路径/" # path监控的目录 monitor_obj.add_watch(path, pyinotify.ALL_EVENTS, rec=True) # event handler event_handler= MyEventHandler() # notifier monitor_loop= pyinotify.Notifier(monitor_obj, event_handler) monitor_loop.loop()
阿里云相关内容参考
https://aliyun-log-python-sdk.readthedocs.io/tutorials/tutorial_logging_handler_json.html
https://help.aliyun.com/product/28958.html
pyinotify参考
https://www.cnblogs.com/dachenzi/p/8486541.html
------
往事如烟,伴着远去的步伐而愈加朦胧。未来似雾,和着前进的风儿而逐渐清晰!
