Press "Enter" to skip to content

Tag: ubuntu

logstash的drop过滤器插件

logstash在filter段对日志进行解析的时候, 可以直接筛选出我们想要的日志内容, 如果日志内容里不包括某些字段, 我们可以把整条日志直接扔掉, 下面是配置.

input {
    kafka {
        bootstrap_servers => k1.zhukun.net:6687 k2.zhukun.net:6687
        topics => ["com.prod.feedengine","com.prod.feedgateway"]
        # 如果收取多个kafaka topic里的消息也可以用下面的写法
        # topics_pattern => "zhukun.net.log.rms-api.*"
        group_id => logstash-mp-ops
        consumer_threads => 10
        decorate_events => true
        auto_offset_reset => "latest"
    }
}

filter {

    # 如果message里不以2019/2020/2021开头, 则直接丢弃整条日志
    if [message] !~ /^[2020|2021|2019]/ {
        drop { }
    }

    # 直接打印出来原始日志看看
    #ruby {
    #    code => 'puts event(message)'
    #}

    # grop正则匹配
    grok {
        match => { message => '%{TIMESTAMP_ISO8601:time_local}\s*\[%{DATA:service}\]\s*%{LOGLEVEL:loglevel}\s*%{DATA:message}$' }
        overwrite => [message]
        tag_on_failure => ["_invalid_log_format"]    # 如果解析失败则加上这个tag
    }

    # 如果日志解析成功,那么
    if !("_invalid_log_format" in [tags]) {
        mutate {
            # 如果把整条日志都解析出来以后(已经解析到各个tag之中), 原始日志应该也没什么用了, 可以考虑直接扔掉原始日志
            remove_field => [ "message" ]
            # 将kafka topic的名字作为oootype字段
            add_field => { "oootype" => "%{[@metadata][kafka][topic]}" }
            gsub => [
                "logInfo", "\t\t", ""
            ]
        }

        # 日期处理
        date {
            # 将time_local赋给@timestamp字段, 右侧是time_local的实际格式, 例如2019-03-18 08:12:45.006
            match => ["time_local", "yyyy-MM-dd HH:mm:ss.SSS"]
            # match => [ "logTime", "ISO8601" ]
            # timezone => "Asia/Shanghai"
            target => "@timestamp"    # 默认target就是@timestamp
            tag_on_failure => [ "_dateparsefailure" ]
            # remove_field => [ "time_local" ]
        }

    }
}

output {
    elasticsearch {
        hosts => [10.18.4.24:9200,10.18.4.25:9200,10.18.4.77:9200,10.18.4.78:9200, 10.11.149.69:9200,10.16.22.149:9200]
        index => zhukun.net_console.log-%{+yyyy.MM.dd}
    }
    #stdout {
    #   codec => rubydebug {
    #       metadata => true
    #    }
    #}
}

补充:
logstash可以使用条件判断来控制filter的执行。官方说明见Accessing Event Data and Fields in the Configuration。支持的运算符包括:

相等: ==, !=, <, >, <=, >=
正则: =~(匹配正则), !~(不匹配正则)
包含: in(包含), not in(不包含)
布尔操作: and(与), or(或), nand(非与), xor(非或)
一元运算: !(取反), ()(复合表达式), !()(对复合表达式结果取反)

参考文档
Drop filter plugin
Logstash Grep and Drop
Missing grep filter in logstash

1 Comment

使用python在linux终端打印二维码

其实主要就是使用qrcode.QRCode.print_ascii()方法在终端画二维码。接下来介绍使用方法。

准备python环境

sudo pip install qrcode

实际代码

$ python
Python 3.6.7 (default, Oct 22 2018, 11:32:17) 
[GCC 8.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> 
>>> import qrcode
>>> 
>>> str = 'https://www.zhukun.net'
>>> qr = qrcode.QRCode()
>>> qr.border = 1
>>> qr.add_data(str)
>>> qr.make()
>>> qr.print_ascii(out=None, tty=False, invert=False)
 ▄▄▄▄▄▄▄  ▄    ▄   ▄▄▄▄▄▄▄ 
 █ ▄▄▄ █ ██ █▄▀▀▄█ █ ▄▄▄ █ 
 █ ███ █ ▀▀▄▀▄█▀ ▄ █ ███ █ 
 █▄▄▄▄▄█ ▄▀█ █▀█ █ █▄▄▄▄▄█ 
 ▄     ▄ █▀▀  ▄▄▀ ▄▄  ▄▄▄  
  ▀▀ ▄ ▄▀█▄ ▀▄███▄█▄███▀█▄ 
  █▀█▀▀▄▀▀▀▄ ▀  ▄▀▀▄▀ ▀  █ 
 █▀ ▀▀ ▄ █▀▀ ▀ ▄█▀█▄█▄▄ █▄ 
 █ ▄▀█▄▄▀▀ ▀ █▄▄ ██▄█▄▀█ ▀ 
 ▄▄▄▄▄▄▄ ▀ █ ▄▄▀ █ ▄ █   ▄ 
 █ ▄▄▄ █  ▀▀█   ██▄▄▄█ ▄▄▄ 
 █ ███ █  ▀▀ ▀██▄▄ ▀  ▄▄▀█ 
 █▄▄▄▄▄█ ▄ █▄██ ▀██ ▀▀▄  █ 
Leave a Comment

systemd service log check

systemd服务一般使用systemctl命令来启动, 那么如果服务启动不正常, 如何查看它的日志呢?

journalctl -u myapp.service

如果想查看实时日志输出( follow logs in real time ), 可以加一个-f参数:

journalctl -u -f myapp.service

另外2个有用的参数: 

-e          直接打印到日志末尾;
--no-pager  打印全部日志(无需再翻页).

其实systemctl也是可以直接查看日志的:

systemctl -l status myapp.service
1 Comment

ansible use timestamp as vars

ansible 使用时间戳作为变量

- hosts: app_group
  remote_user: root
  gather_facts: yes    # 需要设定为yes(也可以省略),不然会提示ansible_date_time' is undefined
  vars:
    - VERSION:  v1.0.0
    - GIT_APP_NAME: HelloWorld
    - GIT_ADDR: [email protected]/yourname/helloworld.git
    - LOCAL_CODE_DIR: '/opt/ansible/yourname/code'
    - CMD_TIME: "{{ ansible_date_time.iso8601_basic_short }}"    # 获取系统时间戳
  tasks:

    - name: sync code to build server
      synchronize:
        src: "{{ LOCAL_CODE_DIR }}/{{ GIT_APP_NAME }}/" 
        dest: "/opt/src-{{ VERSION }}-{{ CMD_TIME }}"

    - name: 编译
      shell: "cd /opt/src-{{ VERSION }}-{{ CMD_TIME }}; make clean && make -j12;"

    - name: 同步新版本文件到本地
      synchronize
        src: "/opt/src-{{ VERSION }}-{{ CMD_TIME }}/helloworld"
        dest: "{{ LOCAL_CODE_DIR }}/helloworld_online/"
        mode: pull

    - name: 同步新版本文件到线上
      synchronize:
        src: "{{ LOCAL_CODE_DIR }}/helloworld_online/helloworld"
        dest: "/opt/helloworld/helloworld"

    - name: 计算线上md5值
      shell: "md5sum /opt/helloworld/helloworld |awk '{print $1}'"
      register: helloworld_online

    - name: 计算本地md5值
      shell: "md5sum {{ LOCAL_CODE_DIR }}/helloworld_online/helloworld | awk '{print $1}'"
      register: helloworld_local
      connection: local    # 表示在本地执行相关命令

    - name: md5 check
      debug:
        msg: 'remote: {{ helloworld_online.stdout }} local: {{ helloworld_local.stdout }}'

    - name: 本地与线上md5值对比成功重启服务(随机sleep 5秒,确保服务可用率)
      when: helloworld_online.stdout == helloworld_local.stdout
      shell: "sleep $((RANDOM % 5)) && cd /opt/helloworld/ && sh ./start.sh"
      args:
        executable: /bin/bash

1 Comment

failed to run aclocal: No such file or directory

错误1

autoreconf: failed to run aclocal: No such file or directory

解决办法:

yum install automake
sudo apt install automake

错误2

configure.ac:36: error: possibly undefined macro: AC_PROG_LIBTOOL

解决办法:

yum install libtool
sudo apt install libtool

Leave a Comment