基于Python的关键字监控及告警
为了解决日志文件监控的问题,使用python脚本完成了基于关键字的告警功能
环境python2.7
依赖包time\traceback\filelock\logging
代码如下:
#!/bin/python
#coding:utf-8
importsys
reload(sys)
sys.setdefaultencoding('utf8')
importre
importos
fromurllibimporturlencode
importlogging
importfilelock
importtime
importtraceback
#config.conf
#文件1:关键字A|关键字B:出现次数:告警方式:联系方式:联系组:某某异常
#文件2:关键字C|关键字D:出现次数:告警方式:联系方式:联系组:某某异常
#rc.local增加
#sudo-umonitor/bin/bash-x/home/apps/logmon-job/deploy_py.sh
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s%(filename)s[line:%(lineno)d]%(levelname)s%(message)s',
datefmt='%a,%d%b%Y%H:%M:%S',
filename='/home/logs/monitor/logmon.log',
#filename='/Users/mac/Desktop/logmon/logmon.log',
filemode='a')
basDir='/home/apps/logmon-job/'
posFiles=basDir+'/pos.log'
configFile=basDir+'config.conf'
defreadOnly(filename):
returnopen(filename,'r')
#pass
defreadWrite(filename):
returnopen(filename,'rw')
#pass
defwriteOnly(filename):
returnopen(filename,'w')
#pass
#defclosesfile():
#pass
defgetStartPosLog(posFiles):
txt=readOnly(posFiles)
result={}
foriintxt:
filename,pos=i.split(':')
iffilename!='':
result[filename]=pos
returnresult
txt.close()
defrematch(txt,regular):
resultList=[]
fortintxt.split(r'\n'):
#printt
#pattern=re.compile(r':')
pattern=re.compile(regular)
resultList=(pattern.findall(t))
try:
#print'匹配结果为',resultList
returnlen(resultList),regular,resultList[0]
exceptExceptionase:
printe
return0,regular,''
#pass
defgetEndPost(f):
filename=readOnly(f)
try:
nowpos=filename.tell()
filename.seek(0,2)
endpos=filename.tell()
filename.seek(nowpos,0)
except:
endpos=0
filename.close()
returnendpos
#pass
defgetDistinct(startpos,endpos):
returnendpos-startpos
defgetText(f,startpos,endpos):
filename=readOnly(f)
filename.seek(startpos,0)
textLength=getDistinct(startpos,endpos)
text=filename.read(textLength)
filename.close()
returntext
defupdatePosLog(posResult,posFiles):
f=writeOnly(posFiles)
#print'posResult',posResult
forkinposResult.keys():
v=posResult[k]
f.writelines('%s:%s\n'%(k,v))
f.close()
pass
defgetAlterConfi(filename):
#文件:关键字:出现次数:告警方式:联系方式:联系组
f=readOnly(filename)
result={}
forlinesinf.readlines():
#printlines
try:
filename,key,count,alterType,alterAddress,alterGroup,alterMessage=lines.strip('\n').split(":")
result[filename]={}
result[filename]["key"]=key
result[filename]["count"]=count
result[filename]["alterType"]=alterType
result[filename]["alterAddress"]=alterAddress
result[filename]["alterGroup"]=alterGroup
result[filename]["alterMessage"]=alterMessage
exceptExceptionase:
printe
print'错误的配置%s'%(lines.strip('\n'))
pass
returnresult
defsendSms(account,message):
data={
'accounts':account,
'templateName':'opalert',
'alertcontent':message,
}
encodeMessage=urlencode(data)
#正式时需要开启
os.system('curl-I"http://10.1.1.146:8080/sms/send?%s"'%(encodeMessage))
defmain():
globalposFiles
globalconfigFile
AlterConfi=getAlterConfi(configFile)
printAlterConfi
posResult=getStartPosLog(posFiles)
posResult_bak=getStartPosLog(posFiles)
#printposResult
forfilenameinAlterConfi.keys():
keyDict=AlterConfi[filename]
print'开始检查文件',filename
#printrematch(filename,r'#')[0]
ifnotos.path.exists(filename):
print'file"%s"notexist,pass'%(filename)
#continue
ifos.path.exists(filename):
endpos=getEndPost(filename)
ifendpos==0:
print'file"%s"isempty,pass'%(filename)
else:
try:
startpos=int(posResult[filename])
except:
startpos=0
print'startposis%.f,endposis%.f'%(startpos,endpos)
#处理切割后,偏移量归位
ifstartpos>endpos:
startpos=0
text=getText(filename,startpos,endpos)
#print'%stextis:'%(filename),text
#分析关键字
#printAposlterConfi[filename]
matchCount,regular,resultList=rematch(text,keyDict['key'])
print'匹配关键字',regular,'匹配长度为',matchCount,'关键字告警阈值',keyDict['count'],'关键字',resultList
ifint(matchCount)>=int(keyDict['count']):
print'alterGrouplenis',len(keyDict['alterGroup'])
print'alterTypelenis',len(keyDict['alterType'])
iflen(keyDict['alterGroup'])>0:
pass
iflen(keyDict['alterType'])>0:
ifkeyDict['alterType'].upper()=='SMS':
foraccountinkeyDict['alterAddress'].split(','):
iflen(account)>0:
sendSms(account,'发现%s告警,关键字:%s,出现次数:%s'%(keyDict['alterMessage'],resultList,matchCount))
pass
#记录末尾偏移量
posResult_bak[filename]=endpos
print'打印文件偏移量信息',posResult_bak
#正式时需要开启
updatePosLog(posResult_bak,posFiles)
if__name__=='__main__':
lock=filelock.FileLock("/home/apps/logmon-job/logmon.py.lock")
iflock:
logging.info("CaiWeiChengGetLock.start!!!")
try:
withlock.acquire(timeout=5):
while1:
main()
time.sleep(60)
#pass
#exceptfilelock.timeout:
exceptExceptionase:
printtraceback.format_exc()
print"timeout"
logging.warning("getfilelocktimeout")
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持毛票票。