Shulou(Shulou.com)06/02 Report--

This article introduces the knowledge of "how to use Fluentd to send alarm email". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Alarm is an important tool to prevent system failure. At present, there are many mature schemes to carry out threshold early warning by monitoring system operation indicators.

Let's take a brief look at how to use Fluentd to implement email alerts today. The alarm of Fluentd is based on log analysis. By monitoring the business status information in the log, serious errors are identified in time and alarm messages are sent in real time.

Let's take the analysis of Apache's access log as an example to learn about the mail alarm feature provided by Fluentd. [install software]

Install td-agent

Install the plug-in: fluent-plugin-grepcounter

Td-agent-gem install fluent-plugin-grepcounter

Install the plug-in: fluent-plugin-mail

Td-agent-gem install fluent-plugin-mail [configuration instructions] below is a complete configuration file, which can be modified according to the actual situation. @ type tail path / var/log/apache2/access.log # Set the location of your log file @ type apache2 tag apache.access

@ type grepcounter count_interval 3 # The time window for counting errors (in secs) input_key code # The field to apply the regular expression regexp ^ 5\ d\ d $# The regular expression to be applied threshold 1 # The minimum number of erros to trigger an alert add_tag_prefix error_5xx # Generate tags like "error_5xx.apache.access"

@ type copy @ type stdout # Print to stdout for debugging @ type mail host smtp.gmail.com # Change this to your SMTP server host port 587 # Normally 25Accord 587 are used for submission user USERNAME # Use your username to login password PASSWORD # Use your login password enable_starttls_auto true # Use this option to enable STARTTLS from example@gmail.com # Set the sender address to alert@example.com # Set the recipient address subject 'HTTP SERVER ERROR' message Total 5xx error count:% s\ n\ nPlease check your Apache webserver ASAP message_out_keys count # Use the "count" field to replace "% s" above this configuration uses a mail server You need to ensure that the mail server is available and configured correctly. This configuration file mainly consists of three parts:

Use in_tail to track Apache's access log and use apache2 to parse the log.

Use grepcounter to filter and count the 5xx status codes in the log.

If the number of 5xx errors reaches the threshold specified by threshold within the time specified by count_interval, Fluentd will generate an event with a tag of error_5xx.apache.access, which will re-enter the event route of Fluentd and be processed next.

Each time an error_5xx.apache.access event is received, this uses the mail plug-in to send an email to alert@example.com.

With this configuration, Fluentd becomes a mail alarm service that can be used to monitor abnormal access to Apache.

[test method]

After completing the above configuration, restart td-agent. # for init.d users$ sudo / etc/init.d/td-agent restart

# for systemd users$ sudo systemctl restart td-agent if there is a 5xx error in Apache (you can also manually append a 5xx error to access.log), you will receive an alert email titled "HTTP SERVER ERROR". In practice, you may need to adjust some parameters, such as statistical intervals or thresholds, and monitor 4xx error codes. Of course, in addition to Apache,Fluentd, you can also monitor log errors in other applications such as nginx, and you can choose the appropriate parser plug-in to deal with it as needed. "how to use Fluentd to send alarm email" is introduced here, thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.