日志分析邮件报警脚本(crontab */10 * * * *)
很久没有分享自己写的小程序了,把近期的补上。
环境:适用通过rsyslog收集过来的日志。
水平有限,不喜勿喷,拿去参考,希望能帮助到你。
脚本正文如下:
#!/usr/bin/env q-python27
#coding:utf8
import os,sys
os.sys.path.append("/home/hailong.cui/script/python")
sys.path.append("/home/hailong.cui/script/python")
import datetime
import time
import file_seekwork
import urllib,urllib2
import json
today=datetime.date.today()
MONTH={
'Jan':1,
'Feb':2,
'Mar':3,
'Apr':4,
'May':5,
'Jun':6,
'Jul':7,
'Aug':8,
'Sep':9,
'Oct':10,
'Nov':11,
'Dec':12
}
def parse_date(datestr):
year=today.year
month,day,yearandtime=datestr.split("/")
hour,minute,second = yearandtime.split(":")
return datetime.datetime(int(year),MONTH[month],int(day),int(hour),int(minute))
#取出线上所有主机的当天message日志名称
def getfile(typehost,path):
listdir=os.listdir(path)
list=[]
for i in listdir:
if not i:
continue
else:
hosttype=[]
for k in typehost:
if k in i:
hosttype.append(i)
else:
continue
if not hosttype:
fp = os.path.join(path,i)
list.append(fp+'/%s.log'%(today))
return list
#取出10分钟内修改过日志的主机
def gettenfile(list,nowtime):
newlist=[]
for i in list:
#判断文件存在别且修改时间小于十分钟的文件
if os.path.exists(i) and (nowtime - get_stat(i))/60 < 10 and i not in newlist:
newlist.append(i)
return newlist
#获取单文件的修改时间
def get_stat(file):
file_mtime=os.stat(file).st_mtime
return file_mtime
#文件倒读获取10分钟之内的日志
def get_msg_result(time_minutes_ago,file,nologtype,nologmsg):
logdit={}
logdit[file]=[]
logtype=[]
with open(file) as fd:
y=file_seekwork.filerev(fd)
logmsg=[]
for line in y:
for i in nologmsg:
if i not in line:
continue
else:
logmsg.append(line)
if logmsg:
continue
splited_line=line.split()
datestr='/'.join(splited_line[1:4])
try:
date_str=parse_date(datestr)
except:
continue
date=date_str.strftime("%s")
print date_str, time_minutes_ago
if date_str < time_minutes_ago:
break
if line.split()[0].split(':')[0] in nologtype:
continue
else:
print "testelse"
logdit[file].append(line.strip('\n'))
print line
if line.split()[0].split(':')[0] not in logtype:
logtype.append(line.split()[0].split(':')[0])
print logdit
return logdit,logtype
def getapi(saveapi,save_dic):
data=urllib.urlencode(save_dic)
response=urllib2.urlopen(saveapi,data)
req=json.load(response)
return req
if __name__ == "__main__":
#发送邮件接口
apiurl='http://fastops.corp.xxxxx.com/sendmail'
#日志文件路径
path='/xxx/xxx/xxx'
#过滤的主机类型
typehost=[".beta.",".dev."]
#过滤的日志类型
nologtype=["xxx.xxx","daemon.xxx","xxx.xx"]
#过滤的日志内容
nologmsg=["xxxxx"]
now = datetime.datetime.now()
d = datetime.timedelta(minutes=10)
time_minutes_ago=now - d
nowtime=time.time()
#邮件标题
submsg='messages'
#邮件收件人
mailto='[email protected],[email protected]'
#邮件发送人
mailfrom='[email protected]'
filelist=getfile(typehost,path)
print len(filelist)
filelist=gettenfile(filelist,nowtime)
print len(filelist)
for file in filelist:
logdit,logtype=get_msg_result(time_minutes_ago,file,nologtype,nologmsg)
if logdit[file] and logtype:
msg=''
logtypemsg='<'
for m in logtype:
logtypemsg+='%s|'%(m)
logtypemsg+='>'
for m in logdit[file][::-1]:
msg+='%s\n'%(m)
try:
ip=file.split('/')[5]
except:
ip=file
getdic={"content":msg,"ip":ip,"nowtime":now,"submsg":submsg+logtypemsg,"mailto":mailto,'mailfrom':mailfrom}
try:
#发送报警邮件
result=getapi(apiurl,getdic)
except:
continue