ELK logstash邮件报警

这个方法有一个问题就是我这边不能给我们公司的邮箱发邮件。还有就是我们有两个邮箱一个是腾讯企业邮箱,还有一个就是我们的集团邮箱

使用下面的这个方法是不能给我们的集团邮箱发邮件的。第二个问题就是这个方法给我们的腾讯企业邮箱发邮件的话,腾讯的企业邮箱会有一定的规则

当你一定时间发送太多邮件的话,这里就会拒收,服务器拒绝了。所以得用另外一种方法

input {
    beats {
      type => beats
      port => 5089
    }
}
filter {
        multiline {
                pattern => ".*#ELK#.*"
                negate => true
                what => "previous"
        }
            grok {
        patterns_dir => "/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns"
                match => {"message"=>"%{DATA:Date} %{LOGLEVEL:Level} %{JAVACLASS:Class} %{NOTSPACE:Thread} %{NOTSPACE:RequestId} #ELK# %{MSG:msg}"}
        remove_field => ['@version']
        remove_field => ['message']
        remove_field => ['offset']
        remove_field => ['input_type']
        remove_field => ['beat']
}
}
output {
        elasticsearch {
           hosts => ["10.19.192.69:9200","10.19.2.20:9200"]
           index => "test-web1-front-%{+YYYY.MM.dd}"
        }
    if [Level] == "ERROR" {
        exec {
             command => "echo 'pro_front %{host} %{Date}  %{msg}' | mail -s 'Log_error' [email protected]"
        }
    }

}

 

 

logstash 配置报警首先需要有mail
yum -y install mailx postfix
这里我启动失败修改以下配置,重启postfix就好了
vi  /etc/postfix/main.cf
 发现配置为:

inet_interfaces = localhost

inet_protocols = all

改成:

inet_interfaces = all

inet_protocols = all

重新启动

service postfix start

 

input {
    beats {
        port => "5191"
        codec => multiline {
            patterns_dir => ["/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns"]
            pattern => ".*#ELK#.*"
            what => "previous"
            negate => true

        }
    }
}
filter {
	        grok {
		patterns_dir => "/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns"
                match => {"message"=>"%{DATA:Date} %{LOGLEVEL:Level} %{NOTSPACE:Class} %{NOTSPACE:Thread} %{NOTSPACE:RequestId} #ELK# %{MSG:msg}"}
		remove_field => ['@version']
		remove_field => ['message']
		remove_field => ['offset']
		remove_field => ['source']
		remove_field => ['input_type']
		remove_field => ['beat']
}
            date{
                match => [
                "Date","yyyy-MM-dd HH:mm:ss.SSS"
                ]
               target => ["@timestamp"]
              }
}

output {
        elasticsearch {
           hosts => ["10.19.100.61:9200","10.19.143.205:9200"]
           index => "front-%{+YYYY.MM.dd}"
}
	stdout { codec => rubydebug}
    if [Level] == "ERROR" {
        email {
        port           =>    "25"
        address        =>    "mail.kong.com"
        domain         =>    "mail.kong.com"
        username       =>    "[email protected]"
        password       =>    "4gW/329"
        authentication =>    "plain"
        use_tls        =>    false
        from           =>    "[email protected]"
        subject        =>    "%{type} service  ERROR !!!"
        to             =>    "[email protected]"
        via            =>    "smtp"
        body           =>    "%{type} \n %{host} \n %{Date}\n \n  %{msg}"
    }

}

}

 

你可能感兴趣的:(ELK logstash邮件报警)