Graylog2的電子郵件通知

Question

我的客戶端設置了一個Greylog2服務器，用於彙總我們的日誌文件。我們有幾個定義的流。

我想每天發送電子郵件通知 - 至少「系統在過去24小時內收到了x個錯誤」，理想情況下是十大最常見錯誤的列表。

以前有沒有人執行過這樣的操作 - 您能提供任何提示或建議嗎？我在一些論壇帖子中看到了REST API的提及，但一直沒能找到更多信息...

Answer 1

在我的工作場所，我們已經根據rake任務+ crontab配置了警報任務。這是在graylog2-server中的警報API可用之前（plugin directory）。我們仍然使用rake任務，因爲他們讓我們使用rails模型和控制器。

以下內容被添加到general.yaml中，以便我們可以找到流ID。

# section in general.yaml 

streamalarms: 
    error_stream: 50ef145471de3516b900000d 

下面是實際的耙子任務：

namespace :gl2rake 

    # Helper method for recording how long jobs took, which is used to debug/tune the jobs. 
    def monitoring_wrapper(task) 
    btime = Time.now 
    task_name = task.name 
    task_starting(task_name) 

    if block_given? 
     yield 
    else 
     puts "No block given to monitoring_wrapper!" 
    end 

    etime = Time.now 
    duration = (etime - btime) 
    puts "Time elapsed: #{duration} seconds" 
    task_completed(task_name, duration) 
    end 

    desc "Send an email if a job is written to the error queue. If there are more than 5 errored jobs in the last 6 minutes then send sms" 
    task :error_queue => :environment do |task| 
    monitoring_wrapper(task) do 

     # the streams to check 
     # I have customised the configuration class so that all of the stream ids are available. This can be automated. 
     streams = Configuration.streamalarm_config('error_stream', '') 

     # this method has been added to app/models/configuration.rb as a convenience. 
     # def self.streamalarm_config(key, default) 
     # nested_general_config :streamalarms, key, default 
     # end 

     # get unix epoch time of 6 minutes ago 
     six_mins_ago = 6.minutes.ago 

     filters = { 
     # optionally apply a message filter to the stream 
     :message => "\"Writing job to error queue.\"", 
     :date => "from #{six_mins_ago}" 
     } 

     # get the stream 
     stream = Stream.find_by_id(stream_id) 

     if !stream 
     $stderr.puts "Invalid stream id #{stream_id}" 
     next 
     end 

     messages = MessageGateway.all_by_quickfilter(filters, nil, {:stream_id => stream_id}) 

     if messages.size > 0 

     #alert - jobs written to error queue 
     if messages.size > 5 
      # send_sms_for_stream is a custom method we wrote that hooks into an sms api. 
      send_sms_for_stream("There are #{messages.size} errored job(s) in the last 6 minutes. Check email for details", 'error_queue', stream.title) 
     end 

     message = "There are #{messages.size} errored job(s) in the last 6 minutes. (Stream #{stream.title})\n" 

     messages.each do |m| 
      message += "\t#{m.message}\n" 
     end 

     # sends an email to our designated alerting email 
     send_mail("There are #{messages.size} errored job(s)", message, 'error_queue', stream.title) 
     end 
    end 
    end 
end 

這現在可以通過一個cron作業，被稱爲：如

3-59/5 * * * * sudo rake -f /opt/graylog2-web-interface/Rakefile gl2rake:error_queue RAILS_ENV=production