基于Python 的关键字监控及告警
为了解决日志文件监控的问题, 使用python脚本完成了基于关键字的告警功能
环境 python 2.7
依赖包 time \ traceback \ filelock \ logging
代码如下:
#!/bin/python #coding:utf-8 import sys reload(sys) sys.setdefaultencoding('utf8') import re import os from urllib import urlencode import logging import filelock import time import traceback #config.conf #文件1:关键字A|关键字B:出现次数:告警方式:联系方式:联系组:某某异常 #文件2:关键字C|关键字D:出现次数:告警方式:联系方式:联系组:某某异常 #rc.local增加 #sudo -u monitor /bin/bash -x /home/apps/logmon-job/deploy_py.sh logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(filename)s[line:%(lineno)d] %(levelname)s %(message)s', datefmt='%a, %d %b %Y %H:%M:%S', filename='/home/logs/monitor/logmon.log', #filename='/Users/mac/Desktop/logmon/logmon.log', filemode='a') basDir='/home/apps/logmon-job/' posFiles=basDir+'/pos.log' configFile=basDir+'config.conf' def readOnly(filename): return open(filename,'r') # pass def readWrite(filename): return open(filename,'rw') # pass def writeOnly(filename): return open(filename,'w') # pass # def closesfile(): # pass def getStartPosLog(posFiles): txt=readOnly(posFiles) result={} for i in txt : filename,pos=i.split(':') if filename != '' : result[filename]=pos return result txt.close() def rematch(txt,regular): resultList=[] for t in txt.split(r'\n') : # print t # pattern = re.compile(r':') pattern = re.compile(regular) resultList=(pattern.findall(t)) try : # print '匹配结果为',resultList return len(resultList),regular , resultList[0] except Exception as e : print e return 0 , regular , '' # pass def getEndPost(f): filename=readOnly(f) try : nowpos=filename.tell() filename.seek(0,2) endpos=filename.tell() filename.seek(nowpos,0) except : endpos = 0 filename.close() return endpos # pass def getDistinct(startpos,endpos): return endpos-startpos def getText(f,startpos,endpos): filename=readOnly(f) filename.seek(startpos,0) textLength=getDistinct(startpos,endpos) text=filename.read(textLength) filename.close() return text def updatePosLog(posResult,posFiles): f=writeOnly(posFiles) # print 'posResult ',posResult for k in posResult.keys() : v=posResult[k] f.writelines('%s:%s\n' %(k,v)) f.close() pass def getAlterConfi(filename): #文件:关键字:出现次数:告警方式:联系方式:联系组 f=readOnly(filename) result={} for lines in f.readlines(): # print lines try : filename , key , count , alterType , alterAddress , alterGroup ,alterMessage= lines.strip('\n').split(":") result[filename]={} result[filename]["key"] =key result[filename]["count"] =count result[filename]["alterType"] =alterType result[filename]["alterAddress"]=alterAddress result[filename]["alterGroup"] =alterGroup result[filename]["alterMessage"]=alterMessage except Exception as e: print e print '错误的配置 %s' % (lines.strip('\n')) pass return result def sendSms(account,message): data={ 'accounts':account , 'templateName':'opalert' , 'alertcontent':message , } encodeMessage=urlencode(data) #正式时需要开启 os.system('curl -I "http://10.1.1.146:8080/sms/send?%s" ' % ( encodeMessage ) ) def main(): global posFiles global configFile AlterConfi=getAlterConfi(configFile) print AlterConfi posResult=getStartPosLog(posFiles) posResult_bak=getStartPosLog(posFiles) # print posResult for filename in AlterConfi.keys() : keyDict=AlterConfi[filename] print '开始检查文件 ',filename #print rematch(filename,r'#')[0] if not os.path.exists(filename): print 'file "%s" not exist ,pass' % (filename) # continue if os.path.exists(filename): endpos = getEndPost(filename) if endpos == 0 : print 'file "%s" is empty ,pass' % (filename) else : try : startpos= int(posResult[filename]) except : startpos = 0 print 'startpos is %.f , endpos is %.f' %(startpos ,endpos) #处理切割后,偏移量归位 if startpos > endpos : startpos = 0 text = getText(filename,startpos,endpos) # print '%s text is : '%(filename) , text #分析关键字 #print AposlterConfi[filename] matchCount , regular , resultList = rematch(text,keyDict['key']) print '匹配关键字',regular , '匹配长度为', matchCount , '关键字告警阈值' ,keyDict['count'] , '关键字' , resultList if int(matchCount) >= int(keyDict['count']) : print 'alterGroup len is ',len(keyDict['alterGroup']) print 'alterType len is ' ,len(keyDict['alterType']) if len(keyDict['alterGroup']) > 0: pass if len(keyDict['alterType']) >0: if keyDict['alterType'].upper() == 'SMS' : for account in keyDict['alterAddress'].split(',') : if len(account) >0 : sendSms(account,'发现%s 告警,关键字:%s ,出现次数:%s ' %(keyDict['alterMessage'] , resultList , matchCount )) pass #记录末尾偏移量 posResult_bak[filename]=endpos print '打印文件偏移量信息',posResult_bak #正式时需要开启 updatePosLog(posResult_bak,posFiles) if __name__ == '__main__': lock = filelock.FileLock("/home/apps/logmon-job/logmon.py.lock") if lock: logging.info("CaiWeiCheng Get Lock.start!!!") try: with lock.acquire(timeout=5): while 1 : main() time.sleep(60) # pass #except filelock.timeout : except Exception as e : print traceback.format_exc() print "timeout" logging.warning("get file lock timeout")
