摘要:關于是出品的一個基于的報警服務,使用編寫。報警的話,提供了等。關于主要是從環境變量替換文件里頭的相關變量。配置文件啟動關于的錯誤是用戶被鎖定,需要在網易郵箱里頭設置開啟,同時設定授權碼,然后用授權碼替換密碼發郵件
關于elastalert
elastalert是yelp出品的一個基于elasticsearch的報警服務,使用python編寫。整體的思路還是基于輪詢的方法,規則的話,內置frequency、spike、flatline、blacklist/whitelist、any、change。報警的話,提供了Email、HipChat、Slack、Telegram等。
dockerfile# Elastalert Docker image running on ubuntu # Based off of ivankrizsan/elastalert:latest . FROM ubuntu:14.04 MAINTAINER Tom Ganem ENV SET_CONTAINER_TIMEZONE false ENV ELASTALERT_VERSION 0.0.95 ENV CONTAINER_TIMEZONE Asia/Shanghai ENV ELASTALERT_URL https://github.com/Yelp/elastalert/archive/v${ELASTALERT_VERSION}.tar.gz ENV ELASTALERT_DIRECTORY_NAME elastalert ENV ELASTALERT_HOME /opt/${ELASTALERT_DIRECTORY_NAME} ENV RULES_DIRECTORY /opt/${ELASTALERT_DIRECTORY_NAME}/rules WORKDIR /opt RUN apt-get update && apt-get install tar curl python-dev tzdata -y RUN curl -Lo get-pip.py https://bootstrap.pypa.io/get-pip.py && python get-pip.py && rm get-pip.py RUN mkdir -p ${ELASTALERT_HOME} RUN curl -Lo elastalert.tar.gz ${ELASTALERT_URL} && tar xvf *.tar.gz -C ${ELASTALERT_HOME} --strip-components 1 && rm *.tar.gz WORKDIR ${ELASTALERT_HOME} RUN mkdir -p ${RULES_DIRECTORY} RUN sed -i -e "s|"elasticsearch"|"${ELASTALERT_VERSION_CONSTRAINT}"|g" setup.py RUN python setup.py install && pip install -e . RUN pip install elasticsearch COPY ./docker-entrypoint.sh ${ELASTALERT_HOME}/docker-entrypoint.sh ENTRYPOINT ["/opt/elastalert/docker-entrypoint.sh"] CMD ["python", "elastalert/elastalert.py", "--verbose"]
關于docker-entrypoint.sh
#!/bin/sh rules_directory=${RULES_FOLDER:-/opt/elastalert/rules} es_port=${ELASTICSEARCH_PORT:-9200} # Render rules files for file in $(find . -name "*.yaml" -or -name "*.yml"); do cat $file | sed "s|es_host: [[:print:]]*|es_host: ${ELASTICSEARCH_HOST}|g" | sed "s|es_port: [[:print:]]*|es_port: $es_port|g" | sed "s|rules_folder: [[:print:]]*|rules_folder: $rules_directory|g" > config cat config > $file rm config done echo "Creating Elastalert index in Elasticsearch..." elastalert-create-index --index elastalert_status --old-index "" --no-auth; exec "$@"
主要是從環境變量替換config文件里頭的相關變量。
配置文件rules_folder: /opt/elastalert/rules run_every: minutes: 1 # ElastAlert will buffer results from the most recent # period of time, in case some log sources are not in real time buffer_time: minutes: 15 # The elasticsearch hostname for metadata writeback # Note that every rule can have it"s own elasticsearch host es_host: 192.168.99.101 es_port: 9200 smtp_host: smtp.126.com smtp_port: 25 smtp_auth_file: /opt/elastalert/smtp_cfg.yaml from_addr: XXXX@126.com use_ssl: False # Option basic-auth username and password for elasticsearch #es_username: someusername #es_password: somepassword writeback_index: elastalert_status # If an alert fails for some reason, ElastAlert will retry # sending the alert until this time period has elapsed alert_time_limit: days: 2rules
# Alert when the rate of events exceeds a threshold # (Optional) # Elasticsearch host # es_host: elasticsearch.example.com # (Optional) # Elasticsearch port # es_port: 14900 # (OptionaL) Connect with SSL to elasticsearch #use_ssl: True # (Optional) basic-auth username and password for elasticsearch #es_username: someusername #es_password: somepassword # (Required) # Rule name, must be unique name: Example rule # (Required) # Type of alert. # the frequency rule type alerts when num_events events occur with timeframe time type: frequency # (Required) # Index to search, wildcard supported index: logstash-* # (Required, frequency specific) # Alert when this many documents matching the query occur within a timeframe num_events: 50 # (Required, frequency specific) # num_events must occur within this amount of time to trigger an alert timeframe: hours: 4 # (Required) # A list of elasticsearch filters used for find events # These filters are joined with AND and nested in a filtered query # For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html filter: - query: query_string: query: "field: value" # (Required) # The alert is use when a match is found alert: - "email" # (required, email specific) # a list of email addresses to send alerts to email: - "elastalert@example.com"啟動
docker run -e "ELASTICSEARCH_HOST=192.168.99.101" -e "ELASTICSEARCH_PORT=9200" -e "RULES_FOLDER=/opt/elastalert/rules" -v $PWD/rules:/opt/elastalert/rules -v $PWD/smtp_cfg.yaml:/opt/elastalert/smtp_cfg.yaml -v $PWD/config.yaml:/opt/elastalert/config.yaml -it esalert /bin/bash關于smtp的550錯誤
是用戶被鎖定,需要在網易郵箱里頭設置開啟smtp,同時設定授權碼,然后用授權碼替換密碼發郵件
docselastalert-docs
yelp-elastalert
Alerting with the ELK Stack and Elastalert
smtp-550
docker-elastalert
文章版權歸作者所有,未經允許請勿轉載,若此文章存在違規行為,您可以聯系管理員刪除。
轉載請注明本文地址:http://specialneedsforspecialkids.com/yun/45502.html
摘要:方案匯總一開源方案采集展示報警二商業方案三云廠商騰訊云阿里云百度云華為云四主機監控五日志監控六服務監控七存儲后端腦圖本文為容器監控實踐系列文章,完整內容見 概述 隨著越來越多的線上服務docker化,對容器的監控、報警變得越來越重要,容器監控有多種形態,有些是開源的(如promethues),而另一些則是商業性質的(如Weave),有些是集成在云廠商一鍵部署的(Rancher、谷歌云)...
摘要:工作原理周期性的查詢并且將數據傳遞給規則類型,規則類型定義了需要查詢哪些數據。要做根據頻率變化的告警。 ElastAlert 工作原理 It works by combining Elasticsearch with two types of components, rule types and alerts. Elasticsearch is periodically queried...
閱讀 1574·2021-09-23 11:21
閱讀 2345·2021-09-07 10:13
閱讀 834·2021-09-02 10:19
閱讀 1125·2019-08-30 15:44
閱讀 1720·2019-08-30 13:18
閱讀 1913·2019-08-30 11:15
閱讀 1105·2019-08-29 17:17
閱讀 2017·2019-08-29 15:31