Logstash电子邮件从多个日志文件动态警报

时间:2015-07-07 06:03:36

标签: email elasticsearch logstash kibana

我有logstash配置文件,其中我已经为邮件中的特定文本编写了邮件警报,然后自动发送包含邮件的电子邮件。请找到配置文件(logstash.conf).`

输入{

file {

  path => [ "\\IP Address\logs/LMS.log.*_bak" ]
  start_position => "beginning"     

 }

}

输出{

elasticsearch {
        bind_host => "127.0.0.1"
        port => "9200"
        protocol => http
}

  if "ERROR" in [message]  {
 email {
        from => "logstash.alert@nowhere.com"
        subject => "logstash alert"
        to => "test.lms@gmail.com"
        via => "smtp"
        body => "Here is the event line that occured: %{message}"
    }
 }
}

` 在这里,我没有收到任何来自该配置的电子邮件。所有人都可以找到该配置为我提供解决方案,谢谢......

2 个答案:

答案 0 :(得分:1)

是的,最后我得到了在消息字段中为任何错误发送电子邮件警报的解决方案。

output {

    elasticsearch {
            bind_host => "127.0.0.1"
            port => "9200"
            protocol => http
       }

    if  "ERROR" in [message]  {
    email  {
        options => [ "smtpIporHost", "smtp.gmail.com",
         "port", "587",
         "userName", "test@gmail.com",
         "password", "your password",
         "authenticationType", "plain",
         "starttls","true"
           ]
            from => "<test@gmail.com>"
            subject => "logstash alert"
            to => "<test@gmail.com>"
            via => "smtp"
            body => "Here is the event line that occured: %{message}"
       }
    }

    stdout { codec => rubydebug }
 }

答案 1 :(得分:0)

获取此错误。

logstash_1       | [2017-08-14T07:05:57,056][ERROR][logstash.plugins.registry] Problems loading a plugin with {:type=>"output", :name=>"email", :path=>"logstash/outputs/email", :error_message=>"NameError", :error_class=>NameError, :error_backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:221:in `namespace_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:157:in `legacy_lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:133:in `lookup'", "/usr/share/logstash/logstash-core/lib/logstash/plugins/registry.rb:175:in `lookup_pipeline_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/plugin.rb:137:in `lookup'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:88:in `plugin'", "(eval):16:in `initialize'", "org/jruby/RubyKernel.java:1079:in `eval'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:60:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:139:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:277:in `create_pipeline'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:95:in `register_pipeline'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:264:in `execute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:183:in `run'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in `(root)'"]}
logstash_1       | [2017-08-14T07:05:57,108][ERROR][logstash.agent           ] Cannot load an invalid configuration {:reason=>"Couldn't find any output plugin named 'email'. Are you sure this is correct? Trying to load the email output plugin resulted in this error: Problems loading the requested plugin named email of type output. Error: NameError NameError"}
logstash_1       | 2017-08-14 07:05:57,210 Api Webserver ERROR No log4j2 configuration file found. Using default configuration: logging only errors to the console.

如果我们需要进行一些额外的配置来使用电子邮件,请查看并告诉我们。

相关问题
最新问题