logstash 调用脚本告警

时间:2022-06-11 23:08:27
Vsftp:/root# cat /bin/smail.pl 
#!/usr/bin/perl
use Net::SMTP;
use HTTP::Date qw(time2iso str2time time2iso time2isoz);
use Data::Dumper;
# mail_user should be your_mail@163.com

$message= "@ARGV";
sub send_mail{
my $CurrTime = time2iso(time());
my $to_address = shift;
my $mail_user = 'zhao.yangjian@163.com';
my $mail_pwd = 'zhxx4';
my $mail_server = 'smtp.163.com';

my $from = "From: $mail_user\n";
my $subject = "Subject: zjcap info\n";
my $info = "$CurrTime--$message";
my $message = <<CONTENT;
$info
CONTENT
my $smtp = Net::SMTP->new($mail_server);

$smtp->auth($mail_user, $mail_pwd) || die "Auth Error! $!";
$smtp->mail($mail_user);
$smtp->to($to_address);

$smtp->data(); # begin the data
$smtp->datasend($from); # set user
$smtp->datasend($subject); # set subject
$smtp->datasend("\n\n");
$smtp->datasend("$message\n"); # set content
$smtp->dataend();
$smtp->quit();
};


send_mail ('zhao.yangjian@163.com');
;


[elk@Vsftp logstash]$ cat t3.conf
input {
stdin {
}

}
filter {
grok {
match => [ "message","(?m)\s*%{TIMESTAMP_ISO8601:time}\s*(?<Level>(\S+)).*"]
}
date {
match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]
}
mutate {
add_field =>["messager","%{type}-%{message}"]
remove_field =>["message"]
}
}
output {
if ([Level] == "ERROR" or [messager] =~ "Exception" ) and [messager] !~ "温金服务未连接" and [messager] !~ "调用温金代理系统接口错误" and [messager] !~ "BusinessException" {
exec {
command => "/bin/smail.pl \"%{messager}\" "
}
}
stdout {
codec =>rubydebug
}
}


[elk@Vsftp logstash]$ logstash -f t3.conf
Settings: Default pipeline workers: 4
Pipeline main started
2015-05-14 10:19:19,972 ERROR aaa

{
"message" => "2015-05-14 10:19:19,972 ERROR aaa",
"@version" => "1",
"@timestamp" => "2015-05-14T02:19:19.972Z",
"host" => "Vsftp",
"time" => "2015-05-14 10:19:19,972",
"Level" => "ERROR"
}


2015-05-14 10:19:19,972 aaa Exception

{
"message" => "2015-05-14 10:19:19,972 aaa Exception",
"@version" => "1",
"@timestamp" => "2015-05-14T02:19:19.972Z",
"host" => "Vsftp",
"time" => "2015-05-14 10:19:19,972",
"Level" => "aaa"
}