版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/zzti_erlie/article/details/87624770
介绍
用logstash收集直接发送邮件
启动命令
nohup bin/logstash -f product.conf > myout.file 2>&1 &
if [ $? -eq 0 ]
then
echo "cis-ws-monitor start Success!"
else
echo "cis-ws-monitor start Faild!"
exit;
fi
配置文件product.conf
input {
file {
path => ["/data/mosh/cis-db/**/server.log","/data/mosh/cis-la/**/server.log","/data/mosh/cis-ua/**/server.log","/data/mosh/cis-ws/**/server.log","/data/mosh/cis-wxs/**/server.log"]
exclude => "/data/mosh/java"
codec => multiline {
pattern => "%{TIMESTAMP_ISO8601:logdate} \|-\s*%{LOGLEVEL}"
negate => true
what => "previous"
auto_flush_interval => 30 # 如果在规定时候内没有新的日志事件就不等待后面的日志事件
}
}
}
filter {
grok {
match => {"message" => ["%{TIMESTAMP_ISO8601:logdate} \|-\s*ERROR", "^.*failed.*$"]}
}
mutate {
split => ["path", "/"]
}
}
output {
if "_grokparsefailure" not in [tags] {
email {
port => 25
subject => "mad81 %{[path][3]}"
body => "%{message}"
from => "[email protected]"
to => "[email protected],[email protected]"
}
}
}