这个方法有一个问题就是我这边不能给我们公司的邮箱发邮件。还有就是我们有两个邮箱一个是腾讯企业邮箱,还有一个就是我们的集团邮箱
使用下面的这个方法是不能给我们的集团邮箱发邮件的。第二个问题就是这个方法给我们的腾讯企业邮箱发邮件的话,腾讯的企业邮箱会有一定的规则
当你一定时间发送太多邮件的话,这里就会拒收,服务器拒绝了。所以得用另外一种方法
input {
beats {
type => beats
port => 5089
}
}
filter {
multiline {
pattern => ".*#ELK#.*"
negate => true
what => "previous"
}
grok {
patterns_dir => "/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns"
match => {"message"=>"%{DATA:Date} %{LOGLEVEL:Level} %{JAVACLASS:Class} %{NOTSPACE:Thread} %{NOTSPACE:RequestId} #ELK# %{MSG:msg}"}
remove_field => ['@version']
remove_field => ['message']
remove_field => ['offset']
remove_field => ['input_type']
remove_field => ['beat']
}
}
output {
elasticsearch {
hosts => ["10.19.192.69:9200","10.19.2.20:9200"]
index => "test-web1-front-%{+YYYY.MM.dd}"
}
if [Level] == "ERROR" {
exec {
command => "echo 'pro_front %{host} %{Date} %{msg}' | mail -s 'Log_error' bigbao@kongz.com"
}
}
}
logstash 配置报警首先需要有mail
yum -y install mailx postfix
这里我启动失败修改以下配置,重启postfix就好了
vi /etc/postfix/main.cf
发现配置为:
inet_interfaces = localhost
inet_protocols = all
改成:
inet_interfaces = all
inet_protocols = all
重新启动
service postfix start
input {
beats {
port => "5191"
codec => multiline {
patterns_dir => ["/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns"]
pattern => ".*#ELK#.*"
what => "previous"
negate => true
}
}
}
filter {
grok {
patterns_dir => "/data/package/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.2/patterns"
match => {"message"=>"%{DATA:Date} %{LOGLEVEL:Level} %{NOTSPACE:Class} %{NOTSPACE:Thread} %{NOTSPACE:RequestId} #ELK# %{MSG:msg}"}
remove_field => ['@version']
remove_field => ['message']
remove_field => ['offset']
remove_field => ['source']
remove_field => ['input_type']
remove_field => ['beat']
}
date{
match => [
"Date","yyyy-MM-dd HH:mm:ss.SSS"
]
target => ["@timestamp"]
}
}
output {
elasticsearch {
hosts => ["10.19.100.61:9200","10.19.143.205:9200"]
index => "front-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug}
if [Level] == "ERROR" {
email {
port => "25"
address => "mail.kong.com"
domain => "mail.kong.com"
username => "jr@kong.com"
password => "4gW/329"
authentication => "plain"
use_tls => false
from => "jr@kong.com"
subject => "%{type} service ERROR !!!"
to => "baoxue@kong.com"
via => "smtp"
body => "%{type}
%{host}
%{Date}
%{msg}"
}
}
}