环境:
elasticsearch-6.3.1.rpm
kibana-6.2.2-x86_64.rpm (kibana-6.3.1-x86_64.rpm安装sentinel失败)
td-agent-3.2.0-0.el7.x86_64.rpm
# /usr/share/kibana/bin/kibana-plugin install https://github.com/sirensolutions/sentinl/releases/download/tag-6.2.2/sentinl-v6.2.2.zip
# cat /etc/kibana/kibana.yml
sentinl:
settings:
email:
active: true
user: zhaodan@XX.cn
password: ********
host: smtp.exmail.qq.com
ssl: true
timeout: 10000
report:
active: false
# tmp_path: /tmp/
server.port: 5601
server.host: “172.x.x.x"
elasticsearch.url: "http://172.x.x.x:9200”
{
"actions": {
"apache-arm": {
"throttle_period": "0h15m0s",
"email": {
"to": "zhaodan@xxi.cn",
"from": "zhaodan@xx.cn",
"subject": "Alarm",
"priority": "high",
"body": "Found {{payload.hits.total}} Events"
}
}
},
"input": {
"search": {
"request": {
"index": [
"fluentd-apache*"
],
"body": {
"size": 100,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"from": "now-1h"
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total > 100"
}
},
"transform": {},
"trigger": {
"schedule": {
"later": "every 5 minutes"
}
},
"disable": false,
"report": false,
"title": "fluentd-apache"
}
# yum install httpd
# cat /etc/td-agent/td-agent.conf
<source>
@type forward
port 24224
</source>
####################################
<source>
@type tail
path /var/log/httpd/access_log
pos_file /var/log/td-agent/httpd-access.log.pos
tag apache.access
<parse>
@type apache2
</parse>
</source>
####################################
<match debug.**>
@type stdout
</match>
####################################
<match *.**>
@type copy
<store>
@type elasticsearch
host 172.x.x.x
port 9200
logstash_format true
logstash_prefix fluentd-${tag}
logstash_dateformat %Y%m%d
include_tag_key true
type_name access_log
tag_key @log_name
flush_interval 1s
</store>
<store>
@type stdout
</store>
</match>
image.png
image.png
image.png
image.png
网友评论