第5章 报警触发

5.1 配置

在logstash中，相关应用配置中，加入相关栏位过滤识别，例如：

output {

  #output method 1: es
  elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "syslog-%{+YYYY.MM.dd}-net"
    #document_type => "syslog" 
  }


  #output method 2: email
  if ([severity_label] == "Error" or [severity_label] == "Warning" or [severity_label] == "Alert")
  {
     email {
            to => "guofs@os-w.com"
            from => "jszc_dsd@os-w.com"
            address => "198.218.32.152"
            port => "30025"
            username => "jszc_dsd@os-w.com"
            password => "abc_*****"
            subject => "%{severity_label}/%{timestamp}--switch %{host}"
            body => "Hello,\n\n%{message},\n\n%{timestamp}"
            htmlbody => ""
     }
  }
}

5.2 测试验证