centos7.6下的python3.6.9虚拟环境安装elastalert

centos7.6安装python3.6.9+elastalert

1.编译安装python3.6.9环境
# 安装依赖
yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel
# 获取编译安装python3.6.9
mkdir -p /usr/local/python3
wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz
tar xf Python-3.6.9.tgz
cd Python-3.6.9
./configure --prefix=/usr/local/python-3.6.9
make && make install
ln -s /usr/local/python3/bin/python-3.6.9 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3

2.安装virtualenv虚拟环境
pip3 install virtualenv
# 创建存放虚拟环境的目录
mkdir -p  /usr/local/venv_py3.6_elastalert-0.2.1

# 创建纯净的虚拟环境
cd /usr/local
git clone https://github.com/Yelp/elastalert.git
cd /usr/local/elastalert

/usr/local/python-3.6.9/bin/virtualenv --no-site-packages --python=/usr/local/python-3.6.9/bin/python3.6 /usr/local/venv_py3.6_elastalert-0.2.1
[[email protected]-kibana-elastalert-01:/usr/local/venv_py3.6_elastalert-0.2.1]# source bin/activate
(venv_py3.6_elastalert-0.2.1) [[email protected]01:/usr/local/venv_py3.6_elastalert-0.2.1]#

3.在虚拟的python3.6环境中安装alasticalert
# 指定库,安装依赖,否则可能安装失败

(venv_py3.6_elastalert-0.2.1) [[email protected]01:/usr/local/elastalert]# pip install -r requirements.txt -i https://pypi.python.org/simple

# 安装主程序,否则无法使用 elastalert-create-index 命令
(venv_py3.6_elastalert-0.2.1) [[email protected]01:/usr/local/elastalert]# python setup.py install

# 运行 elastalert-create-index 配置
(venv_py3.6_elastalert-0.2.1) [[email protected]01:/usr/local/elastalert]# elastalert-create-index
Enter Elasticsearch host: 172.30.0.62
Enter Elasticsearch port: 19200
Use SSL? t/f: f
Enter optional basic-auth username (or leave blank):
Enter optional basic-auth password (or leave blank):
Enter optional Elasticsearch URL prefix (prepends a string to the URL of every request):
New index name? (Default elastalert_status)
New alias name? (Default elastalert_alerts)
Name of existing index to copy? (Default None)
Elastic Version: 7.3.0
Reading Elastic 6 index mappings:
Reading index mapping ‘es_mappings/6/silence.json‘
Reading index mapping ‘es_mappings/6/elastalert_status.json‘
Reading index mapping ‘es_mappings/6/elastalert.json‘
Reading index mapping ‘es_mappings/6/past_elastalert.json‘
Reading index mapping ‘es_mappings/6/elastalert_error.json‘
New index elastalert_status created
Done!
(venv_py3.6_elastalert-0.2.1) [[email protected]01:/usr/local/elastalert]# 

# 报错
(venv_py3.6_elastalert-0.2.1) [[email protected]01:/usr/local/elastalert]# elastalert-test-rule example_rules/my_rule.yml

  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/tzlocal/unix.py", line 90, in _get_localzone
    utils.assert_tz_offset(tz)
  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/tzlocal/utils.py", line 38, in assert_tz_offset
    raise ValueError(msg)
ValueError: Timezone offset does not match system offset: 28800 != -25200. Please, check your config files.

# 代码和系统时区不匹配,重新设置为上海时区
(venv_py3.6_elastalert-0.2.1) [[email protected]01:/usr/local/elastalert]# timedatectl set-timezone Asia/Shanghai
(venv_py3.6_elastalert-0.2.1) [[email protected]01:/usr/local/elastalert]# elastalert-test-rule example_rules/my_rule.yml
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
            To send them but remain verbose, use --verbose instead.
WARNING:elasticsearch:GET http://172.30.0.62:19200/logstash-*/_search?ignore_unavailable=true&size=1 [status:400 request:0.004s]
Error running your filter:
RequestError(400, ‘parsing_exception‘, {‘error‘: {‘root_cause‘: [{‘type‘: ‘parsing_exception‘, ‘reason‘: ‘[term] query malformed, no start_object after query name‘, ‘line‘: 1, ‘col‘: 151}], ‘type‘: ‘parsing_exception‘, ‘reason‘: ‘[term] query malformed, no start_object after query name‘, ‘line‘: 1, ‘col‘: 151}, ‘status‘: 400})
INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent.
                To send them but remain verbose, use --verbose instead.
1 rules loaded
INFO:apscheduler.scheduler:Adding job tentatively -- it will be properly scheduled when the scheduler starts
WARNING:elasticsearch:GET http://172.30.0.62:19200/logstash-*/_search?_source_includes=%2A%2C%40timestamp&ignore_unavailable=true&scroll=30s&size=10000 [status:400 request:0.003s]
ERROR:root:Error running query: RequestError(400, ‘parsing_exception‘, ‘[term] query malformed, no start_object after query name‘)

Would have written the following documents to writeback index (default is elastalert_status):

elastalert_error - {‘message‘: "Error running query: RequestError(400, ‘parsing_exception‘, ‘[term] query malformed, no start_object after query name‘)", ‘traceback‘: [‘Traceback (most recent call last):‘, ‘  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elastalert-0.2.1-py3.6.egg/elastalert/elastalert.py", line 384, in get_hits‘, ‘    **extra_args‘, ‘  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 84, in _wrapped‘, ‘    return func(*args, params=params, **kwargs)‘, ‘  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/client/__init__.py", line 819, in search‘, ‘    "GET", _make_path(index, "_search"), params=params, body=body‘, ‘  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/transport.py", line 350, in perform_request‘, ‘    timeout=timeout,‘, ‘  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/connection/http_requests.py", line 156, in perform_request‘, ‘    self._raise_error(response.status_code, raw_data)‘, ‘  File "/usr/local/venv_py3.6_elastalert-0.2.1/lib/python3.6/site-packages/elasticsearch/connection/base.py", line 181, in _raise_error‘, ‘    status_code, error_message, additional_info‘, "elasticsearch.exceptions.RequestError: RequestError(400, ‘parsing_exception‘, ‘[term] query malformed, no start_object after query name‘)"], ‘data‘: {‘rule‘: ‘eus-log-elasticsearch-cluster-alert‘, ‘query‘: {‘query‘: {‘bool‘: {‘filter‘: {‘bool‘: {‘must‘: [{‘range‘: {‘@timestamp‘: {‘gt‘: ‘2019-09-17T05:06:25.831477Z‘, ‘lte‘: ‘2019-09-17T05:21:25.831477Z‘}}}, {‘term‘: None}, {‘query_string‘: {‘query‘: ‘message: error‘}}]}}}}, ‘sort‘: [{‘@timestamp‘: {‘order‘: ‘asc‘}}]}}}

4.配置elastalert
##############全局配置
[root:/usr/local/elastalert#cp  config.yaml.example config.yaml
#存放elastalert 规则的文件夹,你的elastalert 放到哪里就放到哪里就行了
rules_folder: /usr/local/elastalert/example_rules

#Elastalert 多久去查询一下根据定义的规则去elasticsearch 查询是否有符合规则的字段,如果有就会触发报警,如果没有就等待下一次时间再检查,时间定义的单位从周到秒都可以,具体定义方法如下。
run_every:
 #seconds:1
  minutes: 1
  #hours:1
  #days:1
  #weeks:1

#当查询开始一直到结束,最大的缓存时间。
buffer_time:
  minutes: 15

#你的Elasticsearch ip地址
es_host: 172.30.0.52

#Elasticsearch 的端口
es_port: 9200

#这个是elastalert 在es里边写的index
# The index on es_host which is used for metadata storage
# This can be a unmapped index, but it is recommended that you run
# elastalert-create-index to set a mapping
writeback_index: elastalert_status

#如果alert当时没有发出去重试多久之后放弃发送;
alert_time_limit:
  days: 2

[[email protected]-kibana-elastalert-01:/usr/local/elastalert]# egrep -v ‘^#|^$‘ config.yaml
rules_folder: example_rules
run_every:
  minutes: 1
buffer_time:
  minutes: 15
es_host: 172.30.0.62
es_port: 19200
writeback_index: elastalert_status
writeback_alias: elastalert_alerts
alert_time_limit:
  days: 2

##############rules 的定义
[[email protected]-elk-cluster01:/usr/local/elastalert]#cp example_frequency.yaml my_rule.yaml
vi my_rule.yaml
# Alert when the rate of events exceeds a threshold
#Elasticsearch  机器
es_host: 192.168.115.65

#Elasticsearch  端口
es_port: 9200

#如果elasticsearch 有认证,填写用户名和密码的地方
# (Optional) basic-auth username and password for Elasticsearch
#es_username: someusername
#es_password: somepassword

#rule name 必须是独一的,不然会报错,这个定义完成之后,会成为报警邮件的标题
# (Required)
# Rule name, must be unique
name: ws-elk-cluster-alert

#配置一种数据验证的方式,有 any,blacklist,whitelist,change,frequency,spike,flatline,new_term,cardinality
any:只要有匹配就报警;
blacklist:compare_key字段的内容匹配上 blacklist数组里任意内容;
whitelist:compare_key字段的内容一个都没能匹配上whitelist数组里内容;
change:在相同query_key条件下,compare_key字段的内容,在 timeframe范围内 发送变化;
frequency:在相同 query_key条件下,timeframe 范围内有num_events个被过滤出 来的异常;
spike:在相同query_key条件下,前后两个timeframe范围内数据量相差比例超过spike_height。其中可以通过spike_type设置具体涨跌方向是- up,down,both 。还可以通过threshold_ref设置要求上一个周期数据量的下限,threshold_cur设置要求当前周期数据量的下限,如果数据量不到下限,也不触发;
flatline:timeframe 范围内,数据量小于threshold 阈值;
new_term:fields字段新出现之前terms_window_size(默认30天)范围内最多的terms_size (默认50)个结果以外的数据;
cardinality:在相同 query_key条件下,timeframe范围内cardinality_field的值超过 max_cardinality 或者低于min_cardinality

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
#我配置的是frequency,这个需要两个条件满足,在相同 query_key条件下,timeframe 范围内有num_events个被过滤出来的异常
type: frequency

#这个index 是指再kibana 里边的index,支持正则匹配,支持多个index,同时如果嫌麻烦直接* 也可以。
index: customer*
#index: es-nginx*,winlogbeat*

#时间出发的次数
num_events: 5

#和上边的参数关联,也就是说在4分钟内出发5次会报警
timeframe:
  minutes: 4

#这个还是非常关键的地方,就是你希望程序的message里边出现了什么样的关键字就报警,这个其实就是elasticsearch 的query语句,支持 AND&OR等。
filter:
- query:
    query_string:
      query: "message: 错误  OR Error"

#一但需要报警用那种方式报警,支持如下的方式,同时官方支持自定义,我用常规的邮件方式作为报警方式。
alert:
- "email"
#在邮件正文会显示你定义的alert_text
alert_text: "Ref Log http://192.168.254.194"
#报警邮箱的smtp server
smtp_host: mail.chinasoft.cn
#报警邮箱的smtp 端口
smtp_port: 25
#需要把认证信息写到额外配置文件里,需要user和password两个属性
smtp_auth_file: /usr/local/elastalert/example_rules/smtp_auth_file.yaml
email_reply_to:[email protected]163.com
from_addr: [email protected]163.com

#接受报警邮箱的地址,可以写多个,当然后边搞个邮件组最好了。
# (required, email specific)
# a list of email addresses to send alerts to
email:
- "[email protected]"

[[email protected]-kibana-elastalert-01:/usr/local/elastalert/example_rules]# egrep -v ‘^#|^$‘ my_rule.yml
es_host: 172.30.0.62
es_port: 19200
name: eus-log-elasticsearch-cluster-alert
type: frequency
index: filebeats-log*
num_events: 5
timeframe:
  hours: 4
filter:
- term:
- query:
    query_string:
      query: "message: error"
alert:
- "email"
email:
- "[email protected]"
alert_text: "Ref Log http://172.30.0.62"
smtp_host: mail.chinasoft.cn
smtp_port: 25
smtp_auth_file: /usr/local/elastalert/example_rules/smtp_auth_file.yaml
email_reply_to: [email protected]
from_addr: [email protected]

######################smtp认证文件
[[email protected]-elk-cluster01:/usr/local/elastalert]#vi smtp_auth_file.yaml
user: "jack"
password: "jack123"

#通过elastalert-test-rule 测试一下我们写的rule 是否有问题
[[email protected]-elk-cluster01:/usr/local/elastalert/example_rules]# elastalert-test-rule my_rule.yaml

#配置检查成功之后,我们就可以把程序跑起来了,把所有的日志直接打在前端,这样方便验证
/usr/local/venv_py3.6_elastalert-0.2.1/bin/python3.6 -m elastalert.elastalert --verbose --rule /usr/local/elastalert/example_rules/my_rule.yaml

原文地址:https://www.cnblogs.com/reblue520/p/11539956.html

时间: 2024-08-30 13:35:54

centos7.6下的python3.6.9虚拟环境安装elastalert的相关文章

windows和linux下 Python2,Python3 的环境及安装

目录 windows和linux下 Python2,Python3 的环境及安装 window下安装 一. 手动安装 二. pip安装 linux下 安装 更新Python 笔者有话 windows和linux下 Python2,Python3 的环境及安装 window下安装 1.下载安装包 https://www.python.org/downloads/ 2.安装 默认安装路径:C:\python27 3.配置环境变量 [右键计算机]-->[属性]-->[高级系统设置]-->[高级

centos7.2下pip3 + python3.5 + django + nginx + uwsgi

Centos7.2 安装python 3.5及pip安装 须知:1. centos自带python2.7 2. 此教程适合大多数linux系统,本文以centos7.2为例 安装python 3.5 1.CentOS7.2 安装Python 的依赖包 yum groupinstall "Development tools"yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readlin

centos7.4下的python3.6的安装

1.系统环境 :centos 7.4 最小化安装 2.安装过程 yum install wget      安装下载工具 wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz  下载python-3.6.4的包 mv Python-3.6.4.tgz /home/ 将包移动到/home下 cd /home tar -xzf Python-3.6.4.tgz 解压缩 cd Python-3.6.4 进入python3.6.4的目

CentOS7.4下MySQL5.7.28二进制方式安装

Linux系统版本:CentOS7.4MySQL版本:5.7.28在Linux平台有RPM包.二进制包.源码包3中安装方式,这一篇文章主要是以RPM包为例来介绍如何在Linux平台下进行MySQL的安装.下载地址:https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-5.7.28-linux-glibc2.12-x86_64.tar.gz 具体安装步骤如下:(1)首先卸载mariadb,不然后面会和安装mysql需要的库冲突: [[email prot

Centos7.6下安装Python3.7

前言 话说不会开发的运维不是一个好的DBA,所以我要开始学习python了,写博客记录一下我的学习过程,另外别欺负我新来的,那个每天更博的技术流ken是我哥. 不说了,时间宝贵,开整. 1.首先来看一下系统版本 [root@python3 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) 2.更新一下yum源,yum源我这里用的都是阿里云的源 [root@python3 ~]# cd /etc/yum.repos.d

CentOS7环境下安装VIM8 并支撑python3

CentOS7环境下安装VIM8并支撑python3 在CentOS7环境下打造pythonIDE的时候发现系统自带的vim因为版本低对python的支持不够,导致安装插件的时候总是出错,所以干脆把原系统中的vim删除后源码安装vim8并配置支持python3 删除系统中原有的vim yum -y remove vim* 利用yum命令将系统中的vim删除 源码安装vim 先进入你想放安装包的路径 cd /usr/local/share 我这里就放在了这个路径下,你们视情况而定 下载vim源码包

deepin系统下部署Python3.5的开发及运行环境

1 概述 本人小白一枚,由于最近要学习python接口自动化测试,所以记录一下相关学习经过及经验,希望对跟我一样小白的朋友可以有所帮助. 2 下载 在python官网下载指定平台下的python3.5的环境 wget https://www.python.org/ftp/python/3.5.1/Python-3.5.1.tgz 例如,下载下载的文件为Python-3.5.1.tgz 3 解压 然后进行解压: tar -xvzf Python-3.5.1.tgz 生成目录Python-3.5.1

关于Python3中venv虚拟环境

Python3.3以上的版本通过venv模块原生支持虚拟环境,可以代替Python之前的virtualenv. 该venv模块提供了创建轻量级"虚拟环境",提供与系统Python的隔离支持.每一个虚拟环境都有其自己的Python二进制(允许有不同的Python版本创作环境),并且可以拥有自己独立的一套Python包.他最大的好处是,可以让每一个python项目单独使用一个环境,而不会影响python系统环境,也不会影响其他项目的环境. 优点 使不同应用开发环境独立 环境升级不影响其他应

总结一下连日来在MAC下被Python3设下的坑

当时的情况:mac下自带python2, 1.安装pyhon3: 首次从官网下载了安装包安装,安装目录在/Library/Frameworks/Python.framework/Versions/3.6/python/--下,后用pip3安装的包也在这个里面(site-package), 于是卸载了,使用homebrew安装,安装目录改在/usr/local/lib下 但同样无论如何也没能在/usr/local/bin生成环境变量,无论直接使用命令,原因:没有开启sip最高权限. 折腾了一天,选