使用Fluentd发送告警邮件
安装插件:fluent-plugin-grepcounter
td-agent-gem install fluent-plugin-grepcounter安装插件:fluent-plugin-mail
td-agent-gem install fluent-plugin-mail
<source> @type tail path /var/log/apache2/access.log # Set the location of your log file <parse> @type apache2 </parse> tag apache.access</source>
<match apache.access> @type grepcounter count_interval 3 # The time window for counting errors (in secs) input_key code # The field to apply the regular expression regexp ^5\d\d$ # The regular expression to be applied threshold 1 # The minimum number of erros to trigger an alert add_tag_prefix error_5xx # Generate tags like "error_5xx.apache.access"</match>
<match error_5xx.apache.access> @type copy <store> @type stdout # Print to stdout for debugging </store> <store> @type mail host smtp.gmail.com # Change this to your SMTP server host port 587 # Normally 25/587/465 are used for submission user USERNAME # Use your username to log in password PASSWORD # Use your login password enable_starttls_auto true # Use this option to enable STARTTLS from example@gmail.com # Set the sender address to alert@example.com # Set the recipient address subject 'HTTP SERVER ERROR' message Total 5xx error count: %s\n\nPlease check your Apache webserver ASAP message_out_keys count # Use the "count" field to replace "%s" above </store></match><source>
使用in_tail追踪Apache的access日志,并使用apache2来解析日志。
<match apache.access>
使用grepcounter对日志中的5xx状态码进行过滤和计数。
如果在count_interval指定的时间内5xx错误数达到了threshold指定的阈值,Fluentd就会产生一条tag为error_5xx.apache.access的事件,该事件会重新进入Fluentd的事件路由中,被下一个<match>处理。
<match error_5xx.apache.access>
每收到一个error_5xx.apache.access事件,这个<match>会使用mail插件来发送一封邮件到alert@example.com。
如此配置,Fluentd就成了一个邮件告警服务,可用来监测Apache的异常访问。
# for init.d users$ sudo /etc/init.d/td-agent restart
# for systemd users$ sudo systemctl restart td-agent 赞 (0)