{"id":1567,"date":"2023-03-25T17:42:13","date_gmt":"2023-03-25T09:42:13","guid":{"rendered":"https:\/\/www.appblog.cn\/?p=1567"},"modified":"2023-04-27T21:34:11","modified_gmt":"2023-04-27T13:34:11","slug":"elk-7-elastalert-enterprise-wechat-alert","status":"publish","type":"post","link":"https:\/\/www.appblog.cn\/index.php\/2023\/03\/25\/elk-7-elastalert-enterprise-wechat-alert\/","title":{"rendered":"ELK 7.x &#8212; elastalert \u4f01\u4e1a\u5fae\u4fe1\u544a\u8b66"},"content":{"rendered":"<h2>Elastalert_Wechat_Plugin<\/h2>\n<p>\u57fa\u4e8eElastAlert\u7684\u5fae\u4fe1\u4f01\u4e1a\u53f7\u62a5\u8b66\u63d2\u4ef6<\/p>\n<ul>\n<li>elastalert: <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/github.com\/Yelp\/elastalert\">https:\/\/github.com\/Yelp\/elastalert<\/a><\/li>\n<li>elastalert_wechat_plugin: <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/github.com\/Hello-Linux\/elastalert_wechat_plugin\">https:\/\/github.com\/Hello-Linux\/elastalert_wechat_plugin<\/a><\/li>\n<\/ul>\n<p><!-- more --><\/p>\n<h2>\u5b89\u88c5elastalert<\/h2>\n<p>\u5177\u4f53\u5b89\u88c5\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003\u5b98\u65b9\u6587\u6863\uff1a<a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/elastalert.readthedocs.io\/en\/latest\/running_elastalert.html\">https:\/\/elastalert.readthedocs.io\/en\/latest\/running_elastalert.html<\/a><\/p>\n<p>(1) \u514b\u9686\u4ee3\u7801<\/p>\n<pre><code>git clone https:\/\/github.com\/Yelp\/elastalert.git<\/code><\/pre>\n<p>(2) \u4f7f\u7528Python\u7684pip\u7ba1\u7406\u5de5\u5177\u5b89\u88c5\u4f9d\u8d56\u5305<\/p>\n<pre><code>pip install -r requirements.txt\npip install -r requirements-dev.txt<\/code><\/pre>\n<p>(3) \u6267\u884c\u5b89\u88c5<\/p>\n<pre><code>python setup.py install<\/code><\/pre>\n<h2>\u4fee\u6539\u914d\u7f6e\u6587\u4ef6<\/h2>\n<p>\u6253\u5f00<code>config\/config.yaml<\/code>\uff0c\u6309\u7167\u91cc\u9762\u7684\u8bf4\u660e\u8fdb\u884c\u914d\u7f6e<\/p>\n<p>\u5176\u4e2d\u5b98\u65b9<code>es_rules<\/code>\u4e2d\u653e\u7f6e\u7684\u662f\u4e00\u4e2awechat\u89c4\u5219\u6a21\u677f\uff0c\u53ef\u4ee5\u7b80\u5355\u4fee\u6539\u4e00\u4e0b\u7ee7\u7eed\u4f7f\u7528<\/p>\n<h2>\u5b89\u88c5elastalert_wechat_plugin<\/h2>\n<p>\u5c06<code>elastalert_wechat_plugin<\/code>\u76ee\u5f55\u4e0b\u7684\u6240\u6709\u6587\u4ef6\u62f7\u8d1d\u5230elastalert\u76ee\u5f55\u4e0b\u5373\u53ef<\/p>\n<pre><code>git clone https:\/\/github.com\/Hello-Linux\/elastalert_wechat_plugin.git<\/code><\/pre>\n<h2>\u521b\u5efaElasticsearch\u7d22\u5f15<\/h2>\n<p>\u8fdb\u5165\u9879\u76ee\u76ee\u5f55<code>.\/elastalert\/elastalert\/<\/code>\u6267\u884c<\/p>\n<pre><code>python create_index.py --config ..\/config\/config.yaml --host es_host --port ex_post --username es_username --password es_password --no-ssl --no-verify-certs<\/code><\/pre>\n<p>\u8fd9\u4e2a\u547d\u4ee4\u4f1a\u5728ElasticSearch\u521b\u5efa\u7d22\u5f15\uff0c\u4fbf\u4e8eElastAlert\u5c06\u6709\u5173\u5176\u67e5\u8be2\u53ca\u5176\u8b66\u62a5\u7684\u4fe1\u606f\u548c\u5143\u6570\u636e\u4fdd\u5b58\u56deElasticsearch\u3002\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\u6b65\u9aa4\uff0c\u4f46\u662f\u5f3a\u70c8\u5efa\u8bae\u521b\u5efa\u3002\u56e0\u4e3a\u5bf9\u4e8e\u5ba1\u8ba1\u3001\u6d4b\u8bd5\u5f88\u6709\u7528\uff0c\u5e76\u4e14\u91cd\u542felastalert\u4e0d\u5f71\u54cd\u8ba1\u6570\u548c\u53d1\u9001alert\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u521b\u5efa\u7684\u7d22\u5f15\u53eb<code>elastalert_status<\/code><\/p>\n<h2>\u542f\u52a8<\/h2>\n<pre><code>python -m elastalert.elastalert --verbose --config config\/config.yaml --rule rules\/wechart.yaml<\/code><\/pre>\n<p><code>-config<\/code>\u6307\u5b9a\u914d\u7f6e\u6587\u4ef6\u8def\u5f84\uff0c<code>-rule<\/code>\u6307\u5b9a\u5fae\u4fe1\u62a5\u8b66\u6587\u4ef6<\/p>\n<h2>\u76f8\u5173\u914d\u7f6e\u6587\u4ef6<\/h2>\n<ul>\n<li><code>config.yaml<\/code><\/li>\n<\/ul>\n<pre><code class=\"language-yml\">rules_folder: \/data\/elk\/elastalert\/rules\n\nrun_every:\n  minutes: 1\n\nbuffer_time:\n  minutes: 15\n\nes_host: appblog-elasticsearch\nes_port: 9200\n#es_url_prefix: elasticsearch\nuse_ssl: False\nverify_certs: False\n#es_send_get_body_as: GET\nes_username: elastic\nes_password: elastic\n\n#verify_certs: True\n#ca_certs: \/path\/to\/cacert.pem\n#client_cert: \/path\/to\/client_cert.pem\n#client_key: \/path\/to\/client_key.key\n\nwriteback_index: elastalert_status\nalert_time_limit:\n  days: 2<\/code><\/pre>\n<ul>\n<li><code>wechat.yaml<\/code><\/li>\n<\/ul>\n<pre><code class=\"language-yml\"># Alert test\nes_host: appblog-elasticsearch\nes_port: 9200\nes_username: elastic\nes_password: elastic\nuse_ssl: False\nname: wechat_alert\ntype: frequency\nindex: log*\nnum_events: 1\ntimeframe:\n  minutes: 5\n\nrealert:\n  minutes: 5\n\nexponential_realert:\n  hours: 1\n\nfilter:\n- term:\n    level.keyword: &quot;error&quot;\n\nalert:\n- &quot;elastalert_modules.wechat_qiye_alert.WeChatAlerter&quot;\n\nalert_text_args:\n  - name\n  - num_hits\n  - message\n\ncorp_id: &quot;wwf66d9b7ea0f9bdc6&quot;\nsecret: &quot;1STRPTXAp5VMkKETTECokf_4E1ZqbiFhWotoIJfjZUU&quot;\nagent_id: 1000002\nparty_id: &quot;1&quot;\nuser_id: &quot;@all&quot;\ntag_id: &quot;&quot;<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Elastalert_Wechat_Plugin \u57fa\u4e8eElastAlert\u7684\u5fae\u4fe1\u4f01\u4e1a\u53f7\u62a5\u8b66\u63d2\u4ef6 elastal [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[345],"tags":[393,392],"class_list":["post-1567","post","type-post","status-publish","format-standard","hentry","category-elk","tag-elastalert","tag-392"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1567","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1567"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1567\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1567"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1567"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1567"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}