基于Kibana的可视化监控报警插件sentinl入门
sentinl是什么
- Kibi/Kibana Alert & Reporting App
- Watching your data, 24/7/365
sentinl是一个免费的kibana预警与报告插件,与付费软件X-Pack功能相似。javascript
Some Examples for illustration:
- HIT COUNT PER HOUR
- QUESTION: How many hits does index X receive hourly?
- WATCHER: query index and return count of hits in last hour
- ACTION: Notify with number of Hits per hour
- METRIC THRESHOLDS
- QUESTION: Is any of my monitored metrics surpassing a certain value?
- WATCHER: query index and type for specific values, aggregated by an arbitrary field.
- ACTION: Notify with aggs bucket details every time a threshold is surpassed or spike anomaly detected.
- BLACKLISTS HITS
- QUESTION: Is any of my users trying to reach blacklisted destinations?
- WATCHER: query firewall logs comparing destination IPs to a blacklist.
- ACTION: Notify admin via email if any IP >= 10 matches returned
- FAILED LOGINS
- QUESTION: Are there recurring failure attempts authenticating users on my network?
- WATCHER: query active directory logs for login failures in last hour and compare to user index. .
- ACTION: Notify admin via webhook if >= 10 matches returned
- LEAK DETECTION (chain)
- QUESTION: Are there any public leaks about my data I was not aware of?
- WATCHER: query for user emails included in published leaks ingested from third parties.
- ACTION: Save hits in secondary result Index. Notify via email if leak was not known in a secondary Watcher
安装
./kibana-plugin install file:./sentinl-v6.0.1.zip
安装完成后,要重启kibanahtml
fuser -n tcp 5601 ps -ef | grep node kill -9 pid ./kibana &
使用步骤
使用包括5个步骤java
- Step 1: New Watcher
give our Watcher a name and choose an execution frequencynode
- Step 2: Input Query
es的搜索与聚合web
- Step 3: Condition
validate if the results received back are worth processingexpress
语法与x-pack script condition语法相似vim
至关于过滤条件tcp
"condition": {
"script": {
"script": "payload.hits.total>=1" //当报警条件为***出现的次数大于1
}
}
"condition": {
"script": {
"script": "payload.hits.hits[0]._source.responsetime > 0.01" // 检索条件 响应时间大于 0.01秒
}
}
- Step 4: Transform
Our data might need adjustments or post processing. Process our payload using a javascript expression/scriptide
过后处理post
- Step 5: Actions
Let's form a notification using the mustache templating language。
能够采用多种方式发送通知。
transform
How to Adapt or Post-Process data
Post Process过后的处理。
The transform script is the wild member of the family and can be used to inject simple or complex logic into the pipeline before delivery to actions using pure javascript.
From converting format types, through generating brand new payload keys and interpolating data, transform is the way up. The script expects a boolean condition to trigger actions. A false condition can be forced to stop the execution. BONUS: Transforms can be saved and used across Watchers! "transform": { "script": { "script": "payload.newvar = payload.aggs.some.values['95.0']" } }
action举例之邮件发送
kibana.yml
logging.verbose: true
sentinl:
settings:
email:
active: true
host: smtp.exmail.qq.com
ssl: false
report:
active: true
tmp_path: /tmp/
上面是官网的,下面是实践已OK
sentinl:
settings:
email:
active: true
user: tanyk@huawangtech.com
password: Dd@2016
host: smtp.exmail.qq.com
ssl: true
timeout: 10000
report:
active: true
tmp_path: /tmp/
先测试
mailx -S smtp=<smtp-server-address> -r <from-address> -s <subject> -v <to-address> < body.txt
yum -y install sendmail yum install -y sendmail-cf /etc/init.d/sendmail start chkconfig sendmail on yum install -y mailx
vim /etc/mail.rc(optional)
set from=tanyk@mail.com set smtp=smtp.exmail.qq.com set smtp-auth-user=tanyk@mail.com set smtp-auth-password=****** set smtp-auth=login set nss-config-dir="/etc/pki/nssdb/"
test
echo "This is the message body and contains the message" | mailx -v -r "tanyk@mail.com" -s "This is the subject" -S smtp="smtp.exmail.qq.com" -S smtp-use-starttls -S smtp-auth=login -S smtp-auth-user="tanyk@mail.com" -S smtp-auth-password="******" -S ssl-verify=ignore -S nss-config-dir="/etc/pki/nssdb/" tanyk@163.com
参考文献
- 基于Kibana的可视化监控报警插件 KAAE 的配置
- http://sentinl.readthedocs.io/en/latest/
- Kibana 可视化监控报警插件 KAAE 的介绍与使用
- 1. kibana-sentinl-监控报警
- 2. Kibana插件sentinl实现邮件报警
- 3. elk报警监控之sentinl 钉钉报警配置
- 4. 基于JVisualVM的可视化监控
- 5. Kibana插件sentinl使用教程
- 6. Grafana = 可视化分析 + 监控告警
- 7. Prometheus(三)监控方法、警报和通知、可视化
- 8. Kibana可视化
- 9. 基于 HTML5 的 WebGL 楼宇自控 3D 可视化监控
- 10. 基于 WebGL 的 HTML5 楼宇自控 3D 可视化监控
- 更多相关文章...
- • Memcached入门教程 - NoSQL教程
- • Maven 插件 - Maven教程
- • Git可视化极简易教程 — Git GUI使用方法
- • ☆基于Java Instrument的Agent实现
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 升级Gradle后报错Gradle‘s dependency cache may be corrupt (this sometimes occurs
- 2. Smarter, Not Harder
- 3. mac-2019-react-native 本地环境搭建(xcode-11.1和android studio3.5.2中Genymotion2.12.1 和VirtualBox-5.2.34 )
- 4. 查看文件中关键字前后几行的内容
- 5. XXE萌新进阶全攻略
- 6. Installation failed due to: ‘Connection refused: connect‘安卓studio端口占用
- 7. zabbix5.0通过agent监控winserve12
- 8. IT行业UI前景、潜力如何?
- 9. Mac Swig 3.0.12 安装
- 10. Windows上FreeRDP-WebConnect是一个开源HTML5代理,它提供对使用RDP的任何Windows服务器和工作站的Web访问