[elk]elastalert邮箱告警

本次要完成以下任务:

  • 1.源码包安装elasticalert
  • 2.配置邮箱报警

原则: 先很快的通过alert报警发一份邮件,其次了解alert配置文件各个选项

源码安装elasticalert

参考:
http://elastalert.readthedocs.io/en/latest/running_elastalert.html
http://www.voidcn.com/article/p-mmtjbhjp-mm.html
https://github.com/Yelp/elastalert

已适合elasticsearch5.x

git clone https://github.com/Yelp/elastalert.git; cd elastalert

yum install gcc libffi-devel python-devel openssl-devel -y
pip install cryptography

pip install "setuptools>=11.3"  ## 这里默认你已yum install python-pip并将源指向了aliyun.
python setup.py install

配置邮箱验证

  • 配置邮箱用户名密码
$ cat /usr/local/elastalert/example_rules/email_auth.yaml
user: maotai@sina.com
password: 123456
  • 修改配置alert配置文件
$ cat example_rules/rule.yaml 
es_host: 192.168.x.x
es_port: 9200
name: For A TEST
use_strftine_index: true
type: frequency
index: filebeat-*
num_events: 1
timeframe:
  hours: 1

#filter:
# - query:
# query_string:
# query: "@message: *nioEventLoopGroup*"

filter:
- query_string: 
    query: "message: 测试一下下"

alert:
    - "email"
email:
    - "maotai@qq.com"
    - "maotai2@qq.com"
    
smtp_host: smtp.sina.com
smtp_port: 25
smtp_ssl: false
smtp_auth_file: /usr/local/elastalert/example_rules/email_auth.yaml
from_addr: maotai@sina.com

启动elasticalert测试

python -m elastalert.elastalert --verbose --rule example_rules/rule.yaml  #启动后会自动创建一个elastalert_status的索引.

elk测试环境搭建

  • 安装filebeat
  • 安装es
  • 配置filebeat
  • 启动es,filebeat,elasticalert

参考:https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html

filebeat监控文件,并且向文件里写入内容
确保es能收到.在kibana里观察索引搜到的内容.

$ cat filebeat.yml 
filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /tmp/a.txt

output.elasticsearch:
    hosts: ["http://192.168.x.x:9200"]
    setup.dashboards.enabled: true
    template.enabled: true
    template.path: "filebeat.template.json"
    template.overwrite: true

output.console:
  pretty: true

dashboards.enabled: true
$ cat /tmp/a.txt 
测试一下下
测试一下下
测试一下下
测试一下下

查看kibana

查看邮箱-已收到

alert还有kibana插件,以及elasticalert还可以容器方式启动

参考:
https://github.com/bitsensor/elastalert-kibana-plugin
插件下载慢:

https://git.bitsensor.io/front-end/elastalert-kibana-plugin/-/jobs/10874/artifacts/raw/artifact/elastalert-5.6.4-latest.zip
然后
./bin/kibana-plugin install file:///usr/local/src/elastalert-5.6.4-latest.zip

安装后效果:

微信报警:https://github.com/anjia0532/elastalert-wechat-plugin
钉钉报警:https://github.com/xuyaoqiang/elastalert-dingtalk-plugin

告警规则
告警模板
告警时间
告警方式

参考:https://xizhibei.github.io/2017/11/19/alerting-with-elastalert/

https://github.com/chenryn/ELKstack-guide-cn/blob/master/elasticsearch/other/elastalert.md

posted @ 2017-11-28 12:10  _毛台  阅读(6056)  评论(0编辑  收藏  举报