Keywords monitoring and alarm based on Python
- 2020-06-07 04:49:16
- OfStack
To solve the problem of log file monitoring, python script was used to complete the keyword-based alarm function
Environmental python 2.7
Dependency package time \ traceback \ filelock \ logging
The code is as follows:
#!/bin/python
#coding:utf-8
import sys
reload(sys)
sys.setdefaultencoding('utf8')
import re
import os
from urllib import urlencode
import logging
import filelock
import time
import traceback
#config.conf
# file 1: The keyword A| The keyword B: occurrences : The alarm way : contact : Contact group : So-and-so abnormal
# file 2: The keyword C| The keyword D: occurrences : The alarm way : contact : Contact group : So-and-so abnormal
#rc.local increase
#sudo -u monitor /bin/bash -x /home/apps/logmon-job/deploy_py.sh
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(filename)s[line:%(lineno)d] %(levelname)s %(message)s',
datefmt='%a, %d %b %Y %H:%M:%S',
filename='/home/logs/monitor/logmon.log',
#filename='/Users/mac/Desktop/logmon/logmon.log',
filemode='a')
basDir='/home/apps/logmon-job/'
posFiles=basDir+'/pos.log'
configFile=basDir+'config.conf'
def readOnly(filename):
return open(filename,'r')
# pass
def readWrite(filename):
return open(filename,'rw')
# pass
def writeOnly(filename):
return open(filename,'w')
# pass
# def closesfile():
# pass
def getStartPosLog(posFiles):
txt=readOnly(posFiles)
result={}
for i in txt :
filename,pos=i.split(':')
if filename != '' :
result[filename]=pos
return result
txt.close()
def rematch(txt,regular):
resultList=[]
for t in txt.split(r'\n') :
# print t
# pattern = re.compile(r':')
pattern = re.compile(regular)
resultList=(pattern.findall(t))
try :
# print ' The matching result is ',resultList
return len(resultList),regular , resultList[0]
except Exception as e :
print e
return 0 , regular , ''
# pass
def getEndPost(f):
filename=readOnly(f)
try :
nowpos=filename.tell()
filename.seek(0,2)
endpos=filename.tell()
filename.seek(nowpos,0)
except :
endpos = 0
filename.close()
return endpos
# pass
def getDistinct(startpos,endpos):
return endpos-startpos
def getText(f,startpos,endpos):
filename=readOnly(f)
filename.seek(startpos,0)
textLength=getDistinct(startpos,endpos)
text=filename.read(textLength)
filename.close()
return text
def updatePosLog(posResult,posFiles):
f=writeOnly(posFiles)
# print 'posResult ',posResult
for k in posResult.keys() :
v=posResult[k]
f.writelines('%s:%s\n' %(k,v))
f.close()
pass
def getAlterConfi(filename):
# file : The keyword : occurrences : The alarm way : contact : Contact group
f=readOnly(filename)
result={}
for lines in f.readlines():
# print lines
try :
filename , key , count , alterType , alterAddress , alterGroup ,alterMessage= lines.strip('\n').split(":")
result[filename]={}
result[filename]["key"] =key
result[filename]["count"] =count
result[filename]["alterType"] =alterType
result[filename]["alterAddress"]=alterAddress
result[filename]["alterGroup"] =alterGroup
result[filename]["alterMessage"]=alterMessage
except Exception as e:
print e
print ' Wrong configuration %s' % (lines.strip('\n'))
pass
return result
def sendSms(account,message):
data={
'accounts':account ,
'templateName':'opalert' ,
'alertcontent':message ,
}
encodeMessage=urlencode(data)
# It needs to be turned on when it's official
os.system('curl -I "http://10.1.1.146:8080/sms/send?%s" ' % ( encodeMessage ) )
def main():
global posFiles
global configFile
AlterConfi=getAlterConfi(configFile)
print AlterConfi
posResult=getStartPosLog(posFiles)
posResult_bak=getStartPosLog(posFiles)
# print posResult
for filename in AlterConfi.keys() :
keyDict=AlterConfi[filename]
print ' Start checking files ',filename
#print rematch(filename,r'#')[0]
if not os.path.exists(filename):
print 'file "%s" not exist ,pass' % (filename)
# continue
if os.path.exists(filename):
endpos = getEndPost(filename)
if endpos == 0 :
print 'file "%s" is empty ,pass' % (filename)
else :
try :
startpos= int(posResult[filename])
except :
startpos = 0
print 'startpos is %.f , endpos is %.f' %(startpos ,endpos)
# After processing the cut, the offset is returned to position
if startpos > endpos :
startpos = 0
text = getText(filename,startpos,endpos)
# print '%s text is : '%(filename) , text
# Analysis keywords
#print AposlterConfi[filename]
matchCount , regular , resultList = rematch(text,keyDict['key'])
print ' Match keywords ',regular , ' The matching length is ', matchCount , ' Keyword alarm threshold ' ,keyDict['count'] , ' The keyword ' , resultList
if int(matchCount) >= int(keyDict['count']) :
print 'alterGroup len is ',len(keyDict['alterGroup'])
print 'alterType len is ' ,len(keyDict['alterType'])
if len(keyDict['alterGroup']) > 0:
pass
if len(keyDict['alterType']) >0:
if keyDict['alterType'].upper() == 'SMS' :
for account in keyDict['alterAddress'].split(',') :
if len(account) >0 :
sendSms(account,' found %s Alarm, keyword :%s , occurrences :%s ' %(keyDict['alterMessage'] , resultList , matchCount ))
pass
# Record the end offsets
posResult_bak[filename]=endpos
print ' Print file offset information ',posResult_bak
# It needs to be turned on when it's official
updatePosLog(posResult_bak,posFiles)
if __name__ == '__main__':
lock = filelock.FileLock("/home/apps/logmon-job/logmon.py.lock")
if lock:
logging.info("CaiWeiCheng Get Lock.start!!!")
try:
with lock.acquire(timeout=5):
while 1 :
main()
time.sleep(60)
# pass
#except filelock.timeout :
except Exception as e :
print traceback.format_exc()
print "timeout"
logging.warning("get file lock timeout")