1. centos7.6安装python3.6.9+elastalert
  2.  
  3. .编译安装python3..9环境
  4. # 安装依赖
  5. yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel
  6. # 获取编译安装python3.6.9
  7. mkdir -p /usr/local/python3
  8. wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz
  9. tar xf Python-3.6..tgz
  10. cd Python-3.6.
  11. ./configure --prefix=/usr/local/python3
  12. make && make install
  13. ln -s /usr/local/python3/bin/python-3.6.9/bin/python3.6 /usr/bin/python3
  14. ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
  15.  
  16. .安装virtualenv虚拟环境
  17. pip3 install virtualenv
  18. # 创建存放虚拟环境的目录
  19. mkdir -p  /usr/local/venv_py3.6_elastalert-0.2.
  20.  
  21. # 创建纯净的虚拟环境
  22. cd /usr/local
  23. git clone https://github.com/Yelp/elastalert.git
  24. cd /usr/local/elastalert
  25.  
  26. /usr/local/python-3.6./bin/virtualenv --no-site-packages --python=/usr/local/python-3.6./bin/python3. /usr/local/venv_py3.6_elastalert-0.2.
  27. [root@eus-kibana-elastalert-:/usr/local/venv_py3.6_elastalert-0.2.]# source bin/activate
  28. (venv_py3.6_elastalert-0.2.) [root@eus-kibana-elastalert-:/usr/local/venv_py3.6_elastalert-0.2.]#
  29.  
  30. .在虚拟的python3.6环境中安装alasticalert
  31. # 指定库,安装依赖,否则可能安装失败
  32.  
  33. (venv_py3.6_elastalert-0.2.) [root@eus-kibana-elastalert-:/usr/local/elastalert]# pip install -r requirements.txt -i https://pypi.python.org/simple
  34.  
  35. # 安装主程序,否则无法使用 elastalert-create-index 命令
  36. (venv_py3.6_elastalert-0.2.) [root@eus-kibana-elastalert-:/usr/local/elastalert]# python setup.py install
  37.  
  38. # 运行 elastalert-create-index 配置
  39. (venv_py3.6_elastalert-0.2.) [root@eus-kibana-elastalert-:/usr/local/elastalert]# elastalert-create-index
  40. Enter Elasticsearch host: 172.30.0.62
  41. Enter Elasticsearch port:
  42. Use SSL? t/f: f
  43. Enter optional basic-auth username (or leave blank):
  44. Enter optional basic-auth password (or leave blank):
  45. Enter optional Elasticsearch URL prefix (prepends a string to the URL of every request):
  46. New index name? (Default elastalert_status)
  47. New alias name? (Default elastalert_alerts)
  48. Name of existing index to copy? (Default None)
  49. Elastic Version: 7.3.
  50. Reading Elastic  index mappings:
  51. Reading index mapping 'es_mappings/6/silence.json'
  52. Reading index mapping 'es_mappings/6/elastalert_status.json'
  53. Reading index mapping 'es_mappings/6/elastalert.json'
  54. Reading index mapping 'es_mappings/6/past_elastalert.json'
  55. Reading index mapping 'es_mappings/6/elastalert_error.json'
  56. New index elastalert_status created
  57. Done!
  58. (venv_py3.6_elastalert-0.2.) [root@eus-kibana-elastalert-:/usr/local/elastalert]# 
  59.  
  60. # 报错
  61. (venv_py3.6_elastalert-0.2.) [root@eus-kibana-elastalert-:/usr/local/elastalert]# elastalert-test-rule example_rules/my_rule.yml
  62.  
  63.   File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/tzlocal/unix.py", line , in _get_localzone
  64.     utils.assert_tz_offset(tz)
  65.   File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/tzlocal/utils.py", line , in assert_tz_offset
  66.     raise ValueError(msg)
  67. ValueError: Timezone offset does not match system offset:  != -. Please, check your config files.
  68.  
  69. # 代码和系统时区不匹配,重新设置为上海时区
  70. (venv_py3.6_elastalert-0.2.) [root@eus-kibana-elastalert-:/usr/local/elastalert]# timedatectl set-timezone Asia/Shanghai
  71. (venv_py3.6_elastalert-0.2.) [root@eus-kibana-elastalert-:/usr/local/elastalert]# elastalert-test-rule example_rules/my_rule.yml
  72. INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
  73.             To send them but remain verbose, use --verbose instead.
  74. WARNING:elasticsearch:GET http://172.30.0.62:19200/logstash-*/_search?ignore_unavailable=true&size=1 [status:400 request:0.004s]
  75. Error running your filter:
  76. RequestError(, 'parsing_exception', {'error': {'root_cause': [{'type': 'parsing_exception', 'reason': '[term] query malformed, no start_object after query name', 'line': , 'col': }], 'type': 'parsing_exception', 'reason': '[term] query malformed, no start_object after query name', 'line': , 'col': }, 'status': })
  77. INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
  78.                 To send them but remain verbose, use --verbose instead.
  79.  rules loaded
  80. INFO:apscheduler.scheduler:Adding job tentatively -- it will be properly scheduled when the scheduler starts
  81. WARNING:elasticsearch:GET http://172.30.0.62:19200/logstash-*/_search?_source_includes=%2A%2C%40timestamp&ignore_unavailable=true&scroll=30s&size=10000 [status:400 request:0.003s]
  82. ERROR:root:Error running query: RequestError(, 'parsing_exception', '[term] query malformed, no start_object after query name')
  83.  
  84. Would have written the following documents to writeback index (default is elastalert_status):
  85.  
  86. elastalert_error - {'message': "Error running query: RequestError(400, 'parsing_exception', '[term] query malformed, no start_object after query name')", 'traceback': ['Traceback (most recent call last):', '  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elastalert-0.2.1-py3.6.egg/elastalert/elastalert.py", line 384, in get_hits', '    **extra_args', '  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 84, in _wrapped', '    return func(*args, params=params, **kwargs)', '  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/client/__init__.py", line 819, in search', '    "GET", _make_path(index, "_search"), params=params, body=body', '  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/transport.py", line 350, in perform_request', '    timeout=timeout,', '  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/connection/http_requests.py", line 156, in perform_request', '    self._raise_error(response.status_code, raw_data)', '  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/connection/base.py", line 181, in _raise_error', '    status_code, error_message, additional_info', "elasticsearch.exceptions.RequestError: RequestError(400, 'parsing_exception', '[term] query malformed, no start_object after query name')"], 'data': {'rule': 'eus-log-elasticsearch-cluster-alert', 'query': {'query': {'bool': {'filter': {'bool': {'must': [{'range': {'@timestamp': {'gt': '2019-09-17T05:06:25.831477Z', 'lte': '2019-09-17T05:21:25.831477Z'}}}, {'term': None}, {'query_string': {'query': 'message: error'}}]}}}}, 'sort': [{'@timestamp': {'order': 'asc'}}]}}}
  87.  
  88. .配置elastalert
  89. ##############全局配置
  90. [root:/usr/local/elastalert#cp  config.yaml.example config.yaml
  91. #存放elastalert 规则的文件夹,你的elastalert 放到哪里就放到哪里就行了
  92. rules_folder: /usr/local/elastalert/example_rules
  93.  
  94. #Elastalert 多久去查询一下根据定义的规则去elasticsearch 查询是否有符合规则的字段,如果有就会触发报警,如果没有就等待下一次时间再检查,时间定义的单位从周到秒都可以,具体定义方法如下。
  95. run_every:
  96.  #seconds:
  97.   minutes:
  98.   #hours:
  99.   #days:
  100.   #weeks:
  101.  
  102. #当查询开始一直到结束,最大的缓存时间。
  103. buffer_time:
  104.   minutes: 
  105.  
  106. #你的Elasticsearch ip地址
  107. es_host: 172.30.0.52
  108.  
  109. #Elasticsearch 的端口
  110. es_port: 
  111.  
  112. #这个是elastalert 在es里边写的index
  113. # The index on es_host which is used for metadata storage
  114. # This can be a unmapped index, but it is recommended that you run
  115. # elastalert-create-index to set a mapping
  116. writeback_index: elastalert_status
  117.  
  118. #如果alert当时没有发出去重试多久之后放弃发送;
  119. alert_time_limit:
  120.   days: 
  121.  
  122. [root@eus-kibana-elastalert-:/usr/local/elastalert]# egrep -v '^#|^$' config.yaml
  123. rules_folder: example_rules
  124. run_every:
  125.   minutes:
  126. buffer_time:
  127.   minutes:
  128. es_host: 172.30.0.62
  129. es_port:
  130. writeback_index: elastalert_status
  131. writeback_alias: elastalert_alerts
  132. alert_time_limit:
  133.   days: 
  134.  
  135. ##############rules 的定义
  136. [root@ws-elk-cluster01:/usr/local/elastalert]#cp example_frequency.yaml my_rule.yaml
  137. vi my_rule.yaml
  138. # Alert when the rate of events exceeds a threshold
  139. #Elasticsearch  机器
  140. es_host: 192.168.115.65
  141.  
  142. #Elasticsearch  端口
  143. es_port: 
  144.  
  145. #如果elasticsearch 有认证,填写用户名和密码的地方
  146. # (Optional) basic-auth username and password for Elasticsearch
  147. #es_username: someusername
  148. #es_password: somepassword
  149.  
  150. #rule name 必须是独一的,不然会报错,这个定义完成之后,会成为报警邮件的标题
  151. # (Required)
  152. # Rule name, must be unique
  153. name: ws-elk-cluster-alert
  154.  
  155. #配置一种数据验证的方式,有 any,blacklist,whitelist,change,frequency,spike,flatline,new_term,cardinality
  156. any:只要有匹配就报警;
  157. blacklistcompare_key字段的内容匹配上 blacklist数组里任意内容;
  158. whitelistcompare_key字段的内容一个都没能匹配上whitelist数组里内容;
  159. change:在相同query_key条件下,compare_key字段的内容,在 timeframe范围内 发送变化;
  160. frequency:在相同 query_key条件下,timeframe 范围内有num_events个被过滤出 来的异常;
  161. spike:在相同query_key条件下,前后两个timeframe范围内数据量相差比例超过spike_height。其中可以通过spike_type设置具体涨跌方向是- up,down,both 。还可以通过threshold_ref设置要求上一个周期数据量的下限,threshold_cur设置要求当前周期数据量的下限,如果数据量不到下限,也不触发;
  162. flatlinetimeframe 范围内,数据量小于threshold 阈值;
  163. new_termfields字段新出现之前terms_window_size(默认30天)范围内最多的terms_size (默认50)个结果以外的数据;
  164. cardinality:在相同 query_key条件下,timeframe范围内cardinality_field的值超过 max_cardinality 或者低于min_cardinality
  165.  
  166. # (Required)
  167. # Type of alert.
  168. # the frequency rule type alerts when num_events events occur with timeframe time
  169. #我配置的是frequency,这个需要两个条件满足,在相同 query_key条件下,timeframe 范围内有num_events个被过滤出来的异常
  170. type: frequency
  171.  
  172. #这个index 是指再kibana 里边的index,支持正则匹配,支持多个index,同时如果嫌麻烦直接* 也可以。
  173. index: customer*
  174. #index: es-nginx*,winlogbeat*
  175.  
  176. #时间出发的次数
  177. num_events: 
  178.  
  179. #和上边的参数关联,也就是说在4分钟内出发5次会报警
  180. timeframe:
  181.   minutes: 
  182.  
  183. #这个还是非常关键的地方,就是你希望程序的message里边出现了什么样的关键字就报警,这个其实就是elasticsearch 的query语句,支持 AND&OR等。
  184. filter:
  185. - query:
  186.     query_string:
  187.       query: "message: 错误  OR Error"
  188.  
  189. #一但需要报警用那种方式报警,支持如下的方式,同时官方支持自定义,我用常规的邮件方式作为报警方式。
  190. alert:
  191. - "email"
  192. #在邮件正文会显示你定义的alert_text
  193. alert_text: "Ref Log http://192.168.254.194"
  194. #报警邮箱的smtp server
  195. smtp_host: mail.chinasoft.cn
  196. #报警邮箱的smtp 端口
  197. smtp_port:
  198. #需要把认证信息写到额外配置文件里,需要user和password两个属性
  199. smtp_auth_file: /usr/local/elastalert/example_rules/smtp_auth_file.yaml
  200. email_reply_to:jack@.com
  201. from_addr: jack@.com
  202.  
  203. #接受报警邮箱的地址,可以写多个,当然后边搞个邮件组最好了。
  204. # (required, email specific)
  205. # a list of email addresses to send alerts to
  206. email:
  207. - "jack@163.com"
  208.  
  209. [root@eus-kibana-elastalert-:/usr/local/elastalert/example_rules]# egrep -v '^#|^$' my_rule.yml
  210. es_host: 172.30.0.62
  211. es_port:
  212. name: eus-log-elasticsearch-cluster-alert
  213. type: frequency
  214. index: filebeats-log*
  215. num_events:
  216. timeframe:
  217.   hours:
  218. filter:
  219. - term:
  220. - query:
  221.     query_string:
  222.       query: "message: error"
  223. alert:
  224. - "email"
  225. email:
  226. - "jack@chinasoft.cn"
  227. alert_text: "Ref Log http://172.30.0.62"
  228. smtp_host: mail.chinasoft.cn
  229. smtp_port:
  230. smtp_auth_file: /usr/local/elastalert/example_rules/smtp_auth_file.yaml
  231. email_reply_to: jack@chinasoft.cn
  232. from_addr: jack@chinasoft.cn
  233.  
  234. ######################smtp认证文件
  235. [root@ws-elk-cluster01:/usr/local/elastalert]#vi smtp_auth_file.yaml
  236. user: "jack"
  237. password: "jack123"
  238.  
  239. #通过elastalert-test-rule 测试一下我们写的rule 是否有问题
  240. [root@ws-elk-cluster01:/usr/local/elastalert/example_rules]# elastalert-test-rule my_rule.yaml
  241.  
  242. #配置检查成功之后,我们就可以把程序跑起来了,把所有的日志直接打在前端,这样方便验证
  243. /usr/local/venv_py3.6_elastalert-0.2./bin/python3. -m elastalert.elastalert --verbose --rule /usr/local/elastalert/example_rules/my_rule.yaml

centos7.6下的python3.6.9虚拟环境安装elastalert的更多相关文章

  1. windows和linux下 Python2,Python3 的环境及安装

    目录 windows和linux下 Python2,Python3 的环境及安装 window下安装 一. 手动安装 二. pip安装 linux下 安装 更新Python 笔者有话 windows和 ...

  2. python笔记:学习设置Python虚拟环境+配置 virtualenvwarpper+创建Python3.6的虚拟环境+安装numpy

    虚拟环境它是一个虚拟化,从电脑独立开辟出来的环境.就是借助虚拟机docker来把一部分内容独立出来,我们把这部分独立出来的东西称作“容器”,在这个容器中,我们可以只安装我们需要的依赖包,各个容器之间互 ...

  3. 全网最全的Windows下Python2 / Python3里正确下载安装用来向微信好友发送消息的itchat库(图文详解)

    不多说,直接上干货! 建议,你用Anaconda2或Anaconda3. 见 全网最全的Windows下Anaconda2 / Anaconda3里正确下载安装用来向微信好友发送消息的itchat库( ...

  4. centos7.x下环境搭建(一)--yum方式安装mysql5.7

    前两天因为数据库被黑客攻击,导致数据被删除,数据库被损坏,系统重新安装了一下,所以环境也需要重新再搭一遍,包括mysql.nodejs.git.nginx和redis的安装.由于之前安装的mysql安 ...

  5. centos7.4下的python3.6的安装

    1.系统环境 :centos 7.4 最小化安装 2.安装过程 yum install wget      安装下载工具 wget https://www.python.org/ftp/python/ ...

  6. centos7.2下部署 python3

    安装Python3 1.环境准备 yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel read ...

  7. Win10下创建Python3.7创建虚拟环境以及安装Flask框架

    鉴于现在看到的很多虚拟环境创建以及flask框架安装方式需要通过dos命令来做,虽然比较常用,但是每次运行都要激活虚拟环境,相对比较麻烦,而现在利用pycharm大可不必如此. 1.安装破解版pych ...

  8. centos7环境下apache2.2.34的编译安装

    .获取apache2..34的源码包 http://archive.apache.org/dist/httpd/httpd-2.2.34.tar.gz .获取apache的编译参数 apache的编译 ...

  9. ubuntu16.04下使用python3开发时,安装pip3与scrapy,升级pip3

    1)安装pip3: sudo apt-get install python3-pip 2)安装scrapy sudo pip3 install scrapy 若出现版本过低问题: pip3 insta ...

随机推荐

  1. XAMPP + PhpStorm + Xdebug本地实验环境搭建

    参考: 下载合适的XDebug 点击这里,选择合适xdebug XAMPP配置 php_xdebug-xxxx.dll 拷贝dll至 D:\XAMPP\php\ext php.ini 文末追加 [XD ...

  2. 【总结】RSS Hub使用经验

    目录 一.RSS Hub的使用 二.RSS使用 Editor: Veagau Time: 2019.10.28 一.RSS Hub的使用 力求简单,能用图形界面操作的就用图形界面操作. Fork RS ...

  3. pyecharts绘制map地图

    pyecharts的安装和地图库的安装可以参照 geo绘图:https://www.cnblogs.com/qi-yuan-008/p/12025123.html 直接进入 python的具体使用阶段 ...

  4. Linux操作系统故障排除之Grub信息被删除

    Linux操作系统故障排除之Grub信息被删除 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. [root@yinzhengjie ~]# hexdump -C /dev/sda - ...

  5. Webmin<=1.920 RCE 漏洞复现

    0x00 前言 本来前一阵就想复现来着,但是官网的版本已经更新了,直到今天才发现Docker上有环境,才进行了复现 0x01影响版本 Webmin<=1.920 ​ 0x02 环境搭建 dock ...

  6. KVM-virsh常用命令

    virsh list #在线VM virsh list --all #所有VM virsh start #开机 virsh shutdown #软关机 virsh destroy #强制关机 virs ...

  7. ARTS-week3

    Algorithm 给定一个排序数组,你需要在原地删除重复出现的元素,使得每个元素只出现一次,返回移除后数组的新长度.不要使用额外的数组空间,你必须在原地修改输入数组并在使用 O(1) 额外空间的条件 ...

  8. 格式化字符串——初级% 和format

    print '{a},{b}'.format(a='hello',b='word') st='a %s %s x y z' st1=('b','c') print st%st1 print '%s % ...

  9. 解决Android8.0系统应用打开webView报错

    由于webView存在安全漏洞,谷歌从5.1开始全面禁止系统应用使用webview,使用会导致应用崩溃错误提示:Caused by: java.lang.UnsupportedOperationExc ...

  10. java 获取对象的数据类型

    // java 获取对象的数据类型 public static String getType(Object object){ String typeName=object.getClass().get ...