为了解决日志文件监控的问题,使用python脚本完成了基于关键字的告警功能环境python2.7依赖
为了解决日志文件监控的问题, 使用python脚本完成了基于关键字的告警功能
环境 python 2.7
依赖包 time \ traceback \ filelock \ logging
代码如下:
#!/bin/python
#coding:utf-8
import sys
reload(sys)
sys.setdefaultencoding('utf8')
import re
import os
from urllib import urlencode
import logging
import filelock
import time
import traceback
#config.conf
#文件1:关键字A|关键字B:出现次数:告警方式:联系方式:联系组:某某异常
#文件2:关键字C|关键字D:出现次数:告警方式:联系方式:联系组:某某异常
#rc.local增加
#sudo -u monitor /bin/bash -x /home/apps/logmon-job/deploy_py.sh
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(filename)s[line:%(lineno)d] %(levelname)s %(message)s',
datefmt='%a, %d %b %Y %H:%M:%S',
filename='/home/logs/monitor/logmon.log',
#filename='/Users/mac/Desktop/logmon/logmon.log',
filemode='a')
basDir='/home/apps/logmon-job/'
posFiles=basDir+'/pos.log'
configFile=basDir+'config.conf'
def readOnly(filename):
return open(filename,'r')
# pass
def readWrite(filename):
return open(filename,'rw')
# pass
def writeOnly(filename):
return open(filename,'w')
# pass
# def closesfile():
# pass
def getStartPosLog(posFiles):
txt=readOnly(posFiles)
result={}
for i in txt :
filename,pos=i.split(':')
if filename != '' :
result[filename]=pos
return result
txt.close()
def rematch(txt,regular):
resultList=[]
for t in txt.split(r'\n') :
# print t
# pattern = re.compile(r':')
pattern = re.compile(regular)
resultList=(pattern.findall(t))
try :
# print '匹配结果为',resultList
return len(resultList),regular , resultList[0]
except Exception as e :
print e
return 0 , regular , ''
# pass
def getEndPost(f):
filename=readOnly(f)
try :
nowpos=filename.tell()
filename.seek(0,2)
endpos=filename.tell()
filename.seek(nowpos,0)
except :
endpos = 0
filename.close()
return endpos
# pass
def getDistinct(startpos,endpos):
return endpos-startpos
def getText(f,startpos,endpos):
filename=readOnly(f)
filename.seek(startpos,0)
textLength=getDistinct(startpos,endpos)
text=filename.read(textLength)
filename.close()
return text
def updatePosLog(posResult,posFiles):
f=writeOnly(posFiles)
# print 'posResult ',posResult
for k in posResult.keys() :
v=posResult[k]
f.writelines('%s:%s\n' %(k,v))
f.close()
pass
def getAlterConfi(filename):
#文件:关键字:出现次数:告警方式:联系方式:联系组
f=readOnly(filename)
result={}
for lines in f.readlines():
# print lines
try :
filename , key , count , alterType , alterAddress , alterGroup ,alterMessage= lines.strip('\n').split(":")
result[filename]={}
result[filename]["key"] =key
result[filename]["count"] =count
result[filename]["alterType"] =alterType
result[filename]["alterAddress"]=alterAddress
result[filename]["alterGroup"] =alterGroup
result[filename]["alterMessage"]=alterMessage
except Exception as e:
print e
print '错误的配置 %s' % (lines.strip('\n'))
pass
return result
def sendSms(account,message):
data={
'accounts':account ,
'templateName':'opalert' ,
'alertcontent':message ,
}
encodeMessage=urlencode(data)
#正式时需要开启
os.system('curl -I "http://10.1.1.146:8080/sms/send?%s" ' % ( encodeMessage ) )
def main():
global posFiles
global configFile
AlterConfi=getAlterConfi(configFile)
print AlterConfi
posResult=getStartPosLog(posFiles)
posResult_bak=getStartPosLog(posFiles)
# print posResult
for filename in AlterConfi.keys() :
keyDict=AlterConfi[filename]
print '开始检查文件 ',filename
#print rematch(filename,r'#')[0]
if not os.path.exists(filename):
print 'file "%s" not exist ,pass' % (filename)
# continue
if os.path.exists(filename):
endpos = getEndPost(filename)
if endpos == 0 :
print 'file "%s" is empty ,pass' % (filename)
else :
try :
startpos= int(posResult[filename])
except :
startpos = 0
print 'startpos is %.f , endpos is %.f' %(startpos ,endpos)
#处理切割后,偏移量归位
if startpos > endpos :
startpos = 0
text = getText(filename,startpos,endpos)
# print '%s text is : '%(filename) , text
#分析关键字
#print AposlterConfi[filename]
matchCount , regular , resultList = rematch(text,keyDict['key'])
print '匹配关键字',regular , '匹配长度为', matchCount , '关键字告警阈值' ,keyDict['count'] , '关键字' , resultList
if int(matchCount) >= int(keyDict['count']) :
print 'alterGroup len is ',len(keyDict['alterGroup'])
print 'alterType len is ' ,len(keyDict['alterType'])
if len(keyDict['alterGroup']) > 0:
pass
if len(keyDict['alterType']) >0:
if keyDict['alterType'].upper() == 'SMS' :
for account in keyDict['alterAddress'].split(',') :
if len(account) >0 :
sendSms(account,'发现%s 告警,关键字:%s ,出现次数:%s ' %(keyDict['alterMessage'] , resultList , matchCount ))
pass
#记录末尾偏移量
posResult_bak[filename]=endpos
print '打印文件偏移量信息',posResult_bak
#正式时需要开启
updatePosLog(posResult_bak,posFiles)
if __name__ == '__main__':
lock = filelock.FileLock("/home/apps/logmon-job/logmon.py.lock")
if lock:
logging.info("CaiWeiCheng Get Lock.start!!!")
try:
with lock.acquire(timeout=5):
while 1 :
main()
time.sleep(60)
# pass
#except filelock.timeout :
except Exception as e :
print traceback.format_exc()
print "timeout"
logging.warning("get file lock timeout")
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持脚本之家。
Python关键字 Python关键字监控 Python关键字告警