Docker 部署ELK之Sentinl日志报警
提示
前篇文章简单介绍了Docker 部署ELK (opens new window),以及使用filebeat收集java日志。这篇我们介绍下日志报警配置,这里我们使用Sentinl插件。
# 一、修改kibana参数
进入elk容器,修改对应参数
[root@centos-mq ~]# docker exec -it elk /bin/bash
root@70f05fc990bd:/# vim /opt/kibana/config/kibana.yml
sentinl:
settings:
email:
active: true
#ssl: true ## 云服务器时打开这注释,因为云服务器会禁用25端口
#port:465
user: *****@163.com ## 发件人
password: **** ## 授权码(不是密码)
host: smtp.163.com
report:
active: false
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
# 二、安装Sentinl插件
Sentinl版本要选择与kibana版本一致,否则会安装失败
root@70f05fc990bd:/# /opt/kibana/bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.6.0-0/sentinl-v6.6.0.zip
Attempting to transfer from https://github.com/sirensolutions/sentinl/releases/download/tag-6.6.0-0/sentinl-v6.6.0.zip
Transferring 134770542 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation completeroot@70f05fc990bd:~# /etc/init.d/kibana restart
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
安装重启完,浏览器访问kibana界面,即可看到Sentinl插件菜单
# 三、配置报警
Sentinl >> New >> Watcher Advanced
点击保存,会创建一个报警模板,修改模板内容如下:
{
"actions": {
"email_html_alarm_a784d6ef-cf2d-40e2-b132-d5ad6dbec78d": {
"name": "one平台日志异常报警",
"throttle_period": "1m",
"email_html": {
"to": "****@vanje.com.cn", ## 接收邮箱
"from": "****@163.com", ## 发送邮箱
"stateless": false,
"subject": "one业务服务生产环境日志告警",
"priority": "high",
"html": "{{payload.hits.hits.0._source.message}}" ## 邮件内容
}
}
},
"input": {
"search": {
"request": {
"index": [
"one-him*"
],
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"query": "\"获取待办\"" ## 报警触发条件
}
}
],
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-2m", ## 相对于当前时间
"lt": "now"
}
}
}
]
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total >= 1" ## 一次达到触发条件就报警
}
},
"trigger": {
"schedule": {
"later": "every 2 minutes" ## 每2分钟读取一次
}
},
"disable": true,
"report": false,
"title": "one-him账单异常",
"save_payload": false,
"spy": false,
"impersonate": false
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
配置完成后,等待设置对应的时间,是要触发设置的报警机制,会看到报警日志发送至设定的邮箱
编辑 (opens new window)
上次更新: 2023/03/13, 16:47:57