将Error级别日志发送邮箱

原创

wx6289ced28e34b 2022-08-04 13:02:06 博主文章分类：Java EE ©著作权

©著作权归作者所有：来自51CTO博客作者wx6289ced28e34b的原创作品，请联系作者获取转载授权，否则将追究法律责任

介绍

用logstash收集直接发送邮件
启动命令

nohup bin/logstash -f product.conf > myout.file 2>&1 &
if [ $? -eq 0 ]
then
    echo "cis-ws-monitor start Success!"
else
    echo "cis-ws-monitor start Faild!"
    exit;
fi

配置文件product.conf

input {
    file {
        path => ["/data/mosh/cis-db/**/server.log","/data/mosh/cis-la/**/server.log","/data/mosh/cis-ua/**/server.log","/data/mosh/cis-ws/**/server.log","/data/mosh/cis-wxs/**/server.log"]
        exclude => "/data/mosh/java"
        codec => multiline {
            pattern => "%{TIMESTAMP_ISO8601:logdate} \|-\s*%{LOGLEVEL}"
            negate => true
            what => "previous"
            auto_flush_interval => 30  # 如果在规定时候内没有新的日志事件就不等待后面的日志事件
        }
    }
}
filter {
    grok {
    match => {"message" => ["%{TIMESTAMP_ISO8601:logdate} \|-\s*ERROR", "^.*failed.*$"]}
    }
    mutate {
        split => ["path", "/"]
    }
}
output { 
    if "_grokparsefailure" not in [tags] {
    email {  
        port => 25
        subject => "mad81 %{[path][3]}"
        body => "%{message}"
        from => "lilimin@social-touch.com"
        to => "lilimin@social-touch.com,aaa@social-touch.com"
    }
    }
}