ELK日志检索并邮件微信通知

简介

脚本为通过api检索日志内容，并通过邮件或者微信发送出来。

脚本

index检索脚本

#!/usr/bin/env python
# coding:utf-8

from elasticsearch import  Elasticsearch
import re
import time
import datetime

now = time.localtime()
data1 = datetime.datetime(now[0], now[1], now[2])

es=Elasticsearch("http://172.20.10.16:9200",http_auth=('Goun', r'fangjipu1314@'))


res = es.cat.indices()

l = res.strip().split()
def dindex(day=30):
    index = []
    for i in l:
        if re.search('d+.d+.d+$', i):
            itime = time.strptime(re.findall('d+.d+.d+$', i)[0], "%Y.%m.%d")
            data2 = datetime.datetime(itime[0], itime[1], itime[2])
            d = (data1-data2).days
            if int(d) > int(day):
                index.append(i)
    return index

if __name__ == '__main__':
    print dindex()

邮件报警脚本

#!/usr/bin/env python
# -*- coding:utf-8 -*-

import smtplib
from email.mime.text import MIMEText

# 定义邮件信息
User=["收件人"]
mail_host="服务器"
mail_user="用户"
mail_pass="密码"
mail_postfix="后缀"

def send_mail(to_list,sub,content):
    # 定义邮件header信息
    me="方记普"+"<"+mail_user+"@"+mail_postfix+">"
    msg = MIMEText(content,_subtype='plain',_charset='utf-8')
    msg['Subject'] = sub
    msg['From'] = me
    msg['To'] = ";".join(to_list)
    try:
        server = smtplib.SMTP()
        server.connect(mail_host)
        server.login(mail_user,mail_pass)
        server.sendmail(me, to_list, msg.as_string())
        server.close()
        return True
    except Exception, e:
        print str(e)
        return False

if __name__ == '__main__':
    if send_mail(User,"售后回复","真的好好"):
        print "发送成功"
    else:
        print "发送失败"

微信报警脚本

# -*- coding:utf-8 -*-

import requests
import json
import sys
import re

# 微信api
class Send_Message():
    def __init__(self, text):
        self.text = text
    def Token(self):
        url = 'https://qyapi.weixin.qq.com/cgi-bin/gettoken'
        params = {'corpid':'id',
        'corpsecret': r'应用id'
        }
        url = 'https://qyapi.weixin.qq.com/cgi-bin/gettoken'
        r = requests.get(url=url, params=params)
        token=json.loads(r.text)['access_token']
        return token

    def send_message(self):
        data={"touser": "@all",
        "toparty": " PartyID1 | PartyID2 ",
        "totag": " TagID1 | TagID2 ",
        "msgtype": "text",
        "agentid": '1000003',
        "text": {
            "content": r"%s" %(self.text)
        },
        "safe":0
        }
        value = json.dumps(data, ensure_ascii=False,sort_keys=True, indent=2).replace('\\', '\')
        print value
        token = self.Token()
        url = 'https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=%s' %(token)
        r = requests.post(url, data=value)
        return r.text

if __name__ == '__main__':
    #v = sys.argv[1]
    s = Send_Message(str("你好"))
    s.send_message()

检索发送脚本

#!/usr/bin/env python
# -*- coding:utf-8 -*-

import requests
import json
import time
from multiprocessing.dummy import Pool as ThreadPool
import  re
import commands
from mail import send_mail

User = ["JipuFang@huatongsilver.com"]


# request API
class ES_API:
    def __init__(self, url, data, headers):
        self.url=url
        self.data=data
        self.headers=headers

    def get(self):
        r = requests.post(url=self.url, data=json.dumps(self.data), headers=self.headers)
        v=json.loads(r.text)
        return v


    def process(self):
        v = self.get()
        if v.get('status'):
            pass
        else:
            return (v['hits']['hits'])


def get_data(index):
    date = time.strftime('%Y.%m.%d', time.localtime(time.time()))
    url="http://172.20.10.16:9200/%s-%s/_search" %(index, date)
    headers={'Content-Type':'application/json'}
    # 添加监控关键字
    data={
         "query": {
             "match": {
                 "message": {
                    "query": "400007"
                }
            }
        }
    }
    C=ES_API(url, data, headers)
    return C.process()

def data():
    indexs=['rapp', 'rweb']
    pool = ThreadPool(len(indexs))
    results = pool.map(get_data, indexs)
    pool.close()
    pool.join()
    return  results

def returnData():
    value = {}
    for i in data():
        if i:
            for x in i:
                ff = 0
                t = x['_source']['@timestamp']
                tt = re.search(r'^([0-9]{4}-[0-9]{2}-[0-9]{2})[a-zA-Z]+([0-9]{2}:[0-9]{2}:[0-9]{2}).*$', t)
                realtime = str(tt.group(1)) + str(tt.group(2))
                timeArray = time.strptime(realtime, "%Y-%m-%d%H:%M:%S")
                timeDiff = time.time() - time.mktime(timeArray)
                if int(timeDiff) < 300:
                    v = {}
                    v['time'] = str(tt.group(1)) + ' ' + str(tt.group(2))
                    v['message'] = x['_source']['message']
                    value[ff] = v
                    ff = ff + 1
    return value

def if_null():
    if returnData():
        print "准备报警发送！"
        send_mail(User, "ELK日志报警", json.dumps(returnData(), ensure_ascii=False,sort_keys=True, indent=2).replace('\\', '\'))
        print "报警发送成功！"
        print "#################################分割线#######################################"
    else:
        pass

if __name__ == '__main__':
    while True:
       if_null()
       time.sleep(300)