AZURE 日志分析自动告警

小伙伴们好久不见,今天我们来聊聊中国 AZURE 的日志分析告警。为什么是中国 AZURE,目前中国 AZURE 的 Monitor 服务和运维相关周围服务和 Global 是有所不同的,所以有些功能和设计不能复制和套用全球版 AZURE 的架构。我们先看一下中国 AZURE 运维管理方面一些平台原生功能的缺失,1. Azure Monitor 支持新的 Metric 指标分析服务,但不支持基于新的 Metric 指标分析的告警设置,简而言之能看不能告警;2. 中国 AZURE 目前不支持 Azure Log Analytics 服务,平台原生不支持日志分析服务,无法通过原生服务进行日志分析和告警。所以对于平台原生支持的一些 Metric 或者 Log 无法通过 Azure Monitor 或 Azure Log Analytics 分析并发送告警。今天的 Demo 中以一个例子,通过 EventHub + Stream Analytics + Function 来实现流式分析实时告警。

架构图:

日志源:EventHub 原生已经支持对于 Azure 平台服务的日志消息采集能力,VM 的日志可以通过 Azure VM Diagnotics Extension 进行聚集并传入 EventHub, 对于平台的原生服务可以直接与 EventHub 集成。对于非 Azure 原生服务,比如客户自己的一些日志系统等可以通过 Logstash,Fluentd 的方式将日志注入到 EventHub, Azure 已经有相关的插件来支持和 Logstash 这种日志服务进行集成。

日志聚集:EventHub 来做日志的聚集,可以将多个日志源聚集到同一个 EventHub 下来实现日志消费下游服务的统一分发。

日志实时分析:Stream Analytics 来对 EventHub 聚集的日志进行消费,完成日志的流式实时分析,在此 Demo 中,Sream Analytics 进行应用网关 (Application Gateway)的后端服务节点的健康状态情况,当可用节点小于一个时,触发告警事件。

日志告警:通过 Function 服务,以事件驱动的方式获得 Stream Analytics 的告警,执行 Function 代码推送告警。此 Demo,以邮件告警为例,如果客户有短消息推送等其它推送需求,可以类同方式调取集成。

配置方法:

1. 配置日志源

此次 Demo 中以应用网关的 Metric 日志为例,此处忽略应用网关的相关创建动作和配置动作,下面是开启日志推送到 EventHub 的配置方法,此步执行前需要创建好 EventHub

2. 配置 EventHub

EventHub 配置方法比较简单,创建 EventHub,然后为了方便区分后端消费者,在创建好的 EventHub 下创建消费组

3. 配置 Stream Analytics 服务

此处跳过 Steam Analytics 的创建过程,直接在创建好的 Stream Analytics 服务上进行配置,分别配置 Input 和 Output,Stream Analytics 作为 EventHub 消息的消费者,首先我们需要在 Stream Analytics 中将 EventHub 配置为 Input,反之 Function 服务是 Stream Analytics 的数据消费者,所以把 Function 服务配置为  Ouput。

此 Demo 中有架构有一些微调,EventHub 和 Stream Analytics 分别对消息事件做了两次处理,流程如下:

原因是因为 Application Gateway 推送出来的 Metric 日志是以5分钟为间隔一条消息,每个消息中包含5分钟内每分钟的消息,是以 Json 嵌套数组的方式来做的,我们通过第一层的 Stream Analytics 来完成将嵌套的 Metric 日志序列化,将每分钟的 Metric 日志以独立消息的方式注入到 EventHub,然后重新在第二层的 Stream Analytics 中来进行流式分析,以5分钟为间隔来分析5分钟内性能指标的平均值,当平均触碰阈值后生成告警事件,将告警事件通知 Function 服务,通知事件内包含监控指标类型名称和现有指标5分钟平均值,Function 服务以事件驱动执行通知分发程序将告警以相应方式推送到相关责任人。

从 Application Gateway 的生成的 RAW Date 日志格式参考如下:

{"records":[{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:27:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:28:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:29:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:25:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:26:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:27:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:28:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:29:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:25:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:26:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:27:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:28:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:29:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:27:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:28:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:29:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:27:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:28:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:29:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:25:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:26:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:27:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:28:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:29:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"}],"EventProcessedUtcTime":"2018-09-10T07:38:52.6261568Z","PartitionId":0,"EventEnqueuedUtcTime":"2018-09-10T07:35:52.4790000Z"}
{"records":[{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:30:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:31:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:32:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:33:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:34:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:30:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:31:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:32:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:33:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:34:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:30:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:31:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:32:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:33:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:34:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:30:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:31:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:32:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:33:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:34:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:30:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:31:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:32:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:33:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:34:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:30:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:31:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:32:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:33:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:34:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"}],"EventProcessedUtcTime":"2018-09-10T07:42:19.8630447Z","PartitionId":0,"EventEnqueuedUtcTime":"2018-09-10T07:42:18.9160000Z"}
{"records":[{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:35:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:36:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:38:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":869,"minimum":869,"maximum":869,"average":869,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:39:00.0000000Z","metricName":"Throughput","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:35:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:36:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:38:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:39:00.0000000Z","metricName":"UnhealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:35:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:36:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:38:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:39:00.0000000Z","metricName":"HealthyHostCount","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:35:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:36:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:38:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":12,"minimum":12,"maximum":12,"average":12,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:39:00.0000000Z","metricName":"TotalRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:35:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:36:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:38:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:39:00.0000000Z","metricName":"FailedRequests","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:38:00.0000000Z","metricName":"ResponseStatus","timeGrain":"PT1M"},{"count":1,"total":12,"minimum":12,"maximum":12,"average":12,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:39:00.0000000Z","metricName":"ResponseStatus","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:35:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":0,"minimum":0,"maximum":0,"average":0,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:36:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:38:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"},{"count":1,"total":1,"minimum":1,"maximum":1,"average":1,"resourceId":"/SUBSCRIPTIONS/4507938F-A0AC-4571-978E-7CC741A60AF8/RESOURCEGROUPS/ALERTDEMO/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/ALERTDEMO","time":"2018-09-10T07:39:00.0000000Z","metricName":"CurrentConnections","timeGrain":"PT1M"}],"EventProcessedUtcTime":"2018-09-10T07:45:55.9598069Z","PartitionId":0,"EventEnqueuedUtcTime":"2018-09-10T07:45:55.8810000Z"}

第一层 StreamAnalytics 配置:

Input:第一层 EventHub (alertdemo),Ouput:第二层 EventHub (EventhubStream)

查询语句

WITH
Metric AS
(
    SELECT
        arrayElement.ArrayIndex,
        arrayElement.ArrayValue
    FROM alertdemo as event
    CROSS APPLY GetArrayElements(event.records) AS arrayElement
),
TransformedInput AS (
    SELECT
        Metric.arrayvalue.*
    FROM Metric
)
SELECT
    *
INTO EventhubStream
FROM TransformedInput

第二层 StreamAnalytics 配置:

Input:第二层 EventHub (EventhubStream),Ouput:Function (FuncOutput)

SELECT
    metricName,
    AVG(average) as avg
INTO FuncOutput
FROM EventhubStream TIMESTAMP BY time
GROUP BY
    metricName,
    TumblingWindow(minute, 5)
HAVING
    (
        avg(average) <= 1 and metricName = ‘HealthyHostCount‘
    )

4. 配置 Function 服务

这里在配置过程中有个地方需要注意:需要在 Function 服务的 SSL 部分将 TLS 版本设置为 1.0, 这个是 Function 和 Stream Analytics 服务集成的要求。

本例中以 Python Runtime 为例,创建一个 Http Trigger 触发的 Function 函数,代码如下:

import os
import json
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText

fromaddr = "******@***.com"
toaddr = "******@***.com"

postreqdata = json.loads(open(os.environ[‘req‘]).read())
if postreqdata:

    #Create Alert Message
    msg = MIMEMultipart()
    msg[‘From‘] = fromaddr
    msg[‘To‘] = toaddr
    msg[‘Subject‘] = "Alert Fire"
    body = postreqdata[0][‘metricname‘] + " fire the alert"
    msg.attach(MIMEText(body,‘plain‘))

    #Send Alert Message
    s = smtplib.SMTP(‘smtp.***.com‘)
    s.ehlo()
    s.login("*******@***.com", ‘******‘)
    s.sendmail(fromaddr, toaddr, msg.as_string())

#Prepare Success Code
returnData = {
    #HTTP Status Code:
    "status": 200,

    #Response Body:
    "body": "<h1>Azure Works :)</h1>",

    # Send any number of HTTP headers
    "headers": {
        "Content-Type": "text/html",
        "X-Awesome-Header": "YesItIs"
    }
}

# Output the response to the client
output = open(os.environ[‘res‘], ‘w‘)
output.write(json.dumps(returnData))

检查邮件告警

本文中的 Demo 只是一个简单的示例,大家可以根据自己实际的业务场景需求对流分析部分的告警策略自行定义,流式分析服务内置了很多分析能力可以满足我们不同的分析需求。

参考阅读:

1. Stream Analytics 常用语法:https://msdn.microsoft.com/zh-cn/azure/stream-analytics/reference/stream-analytics-query-language-reference

2. Stream Analytics 分析场景示例:https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-stream-analytics-query-patterns

3. Azure 平台服务日志参考:https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-supported-metrics

原文地址:https://www.cnblogs.com/wekang/p/9661224.html

时间: 2024-10-20 12:19:01

AZURE 日志分析自动告警的相关文章

一款全面高效的日志分析工具,操作更简单

一款全面高效的日志分析工具,操作更简单 Eventlog Analyzer是用来分析和审计系统及事件日志的管理软件,能够对全网范围内的主机.服务器.网络设备.数据库以及各种应用服务系统等产生的日志,进行全面收集和细致分析,通过统一的控制台进行实时可视化的呈现.通过定义日志筛选规则和策略,帮助IT管理员从海量日志数据中精确查找关键有用的事件数据,准确定位网络故障并提前识别安全威胁,从而降低系统宕机时间.提升网络性能.保障企业网络安全. 事件日志监控.分析.报表和归档软件监控和报表网络范围内的Win

Syslog日志分析与监控

Syslog日志分析与监控 网络管理工具应同时具备主动监控和被动监控能力.主动监控是指主动保持网络正常运行,即不间断扫描网络,预防宕机.被动监控是指具备强大的排除故障机制,当发生网络故障时,分析解决. Syslog监控是一个非常优秀的被动监控机制,OpManager提供基于规则 的方法,读取接收到的syslog消息,并关联告警到这些消息,通知相关的负责人.或平台.如服务器端口停止.OpManager支持各种平台的设备,它支持任意导出syslog的设备或应用,如服务器(Linux.UNIX.AIX

海量日志分析与智能运维

以下文字版根据<大咖·来了>第3期<海量日志分析与智能运维>整理,回放链接:http://aix.51cto.com/activity/10011.html?dk=wz 一.AIOps 与智能日志中心 1.1AIOps 五等级 要说智能日志中心,首先要了解什么是智能运维.目前业界对智能运维的运用,主要分为如下五个等级. 一级是最容易的,只要你有个想法试试就行,到网管监控系统里,拿一个监控指标的曲线下来,就可以尝试异常检测. 一级还没有成熟的单点应用,当有了一个成熟的单点应用,就算是

CentOS7下Elastic Stack 5.0日志分析系统搭建

一.概述 Elasticsearch是个开源分布式搜索引擎,它的特点有:分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载等. Logstash是一个开源的用于收集,分析和存储日志的工具. Kibana 也是一个开源和免费的工具,Kibana可以为 Logstash 和 ElasticSearch 提供的日志分析友好的 Web 界面,可以汇总.分析和搜索重要数据日志. Beats是elasticsearch公司开源的一款采集系统监控数据的代理ag

AWStats日志分析工具

awstats官方网站:http://awstats.sourceforge.net/ perl官方网站:http://www.perl.com/ Awstats是一个非常简洁而且强大的统计工具.它可以统计您站点的如下信息: 一:访问量,访问次数,页面浏览量,点击数,数据流量等精确到每月.每日.每小时的数据二:访问者国家.访问者IP.操作系统.浏览器等三:Robots/Spiders的统计四:纺客持续时间五:对不同Files type 的统计信息六:Pages-URL的统计七:其它信息(搜索关键

iOS崩溃日志分析-b

1名词解释 1.1. UUID 一个字符串,在iOS上每个可执行文件或库文件都包含至少一个UUID,目的是为了唯一识别这个文件. 1.2. dwarfdump 苹果提供的命令行工具,其中一些功能就是查看可执行文件或库文件的UUID.示例: dwarfdump --uuid 应用名称.app/应用名称 dwarfdump --uuid 应用名称.dSYM 1.3. symbolicatecrash 苹果提供的命令行工具,可以将crash日志符号化为可读的堆栈信息.XCode6/XCode7版本中,

Storm实时日志分析实战

项目背景 最近公司做一个项目,用户需要对网站访问者的广告点击/浏览记录进行实时统计分析,分析结果存入数据库,输出报表.我们采用了Kafka+Storm+Zookeeper的解决方案.之前没有接触过,经过一段时间的研究,最终完成了项目.接下来的内容我将介绍我们的解决方案.供大家参考.我们的系统结构如下: 总体结构介绍 业务系统把点击/浏览广告业务日志统一按规定的格式发送到Kafka集群中,不同的业务日志可以分别发送给Kafka不同的主题.Storm集群中运行了我们的实时统计拓扑,该统计拓扑分别从K

Linux下安装部署AWStats日志分析系统实例

AWStats是使用Perl语言开发的一款开放性日志分析系统,可分析Apache网站服务器的访问日志,还可以用来分析Samba.Vsftpd.IIS等日志信息.       此文章主要讲解如何在linux系统下安装部署关于对Apache网站服务站日志分析的AWStats. 实验步骤一,安装部署AWStats分析软件. 一,安装AWStats软件包. 直接将其解压到/usr/local/awstats目录下即可完成安装. 使用命令:mkdir -p /usr/local/awstats tar z

seci-log 1.04 日志分析增加 windows 日志分析

本次升级并没有增加新的告警,而是增加了window的日志分析,主要分析了windows的登录日志和操作日志,这两个比较重要的日志类型,其他日志类型可以作为通用的日志收集功能进行存储查询. Windows系统没有自带的功能支持系统日志进行syslog发送,因此需要依赖第三方工具,这里我们推荐一款非常好用的轻量级日志采集模块:Nxlog,在Windows下部署和配置均十分便捷. 注:本人测试过2008 ,2003 server,理论上2012也是可以的,其他环境没有测试,如果有问题欢迎到群里咨询.