Python脚本实现Zabbix多行日志监控过程解析

通过使用zabbix 日志监控 我发现一个问题 例如oracle的日志有报错的情况 ，通常不会去手动清理 这样的话当第二次有日志写进来的时候 zabbix的机制是回去检查全部日志，这样的话之前已经告警过的错误日志,又会被检查到,这样就会出现重复告警，而且zabbix的日志监控只能读到匹配当前行关键字的数据，感觉不太灵活, 比如我想要匹配到的关键字之后再当前关键字的下N行再去匹配另一个关键字这个时候就比较麻烦,在这里给大家推荐一个有效,便捷解决的方式。

通过Python脚本实现日志监控 要求 1 记录脚本检查日志位置,避免下次触发脚本的时候出现重复告警 2 关键字匹配支持正则 3 支持多个关键字查询，例如第一个关键字匹配到当之后在这个关键字的下N行再去匹配第二个关键字 具体传参格式
python3 npar.py /u03/z.txt '(ORA-|REEOR)，(04030|02011)' 2

第一个参数是日志路径 第二个参数是关键字 第三个参数为 匹配到第一个表达式这种的关键字后再去地 N(2)行去匹配第二个关键词（04030|02011）具体脚本实现如下

import os
import sys
logtxt = "logtxt.txt"
def read_txt(files, start_line):
data = []
data.append("")
with open(str(files) + "", "r",
encoding = 'UTF-8') as f:
for line in f.readlines():
line = line.strip('\n')# 去掉列表中每一个元素的换行符
data.append(line)
# 记录本次的行数
wirte_log(len(data) - 1)
if len(data) > start_line:
return data[start_line - 1: ]
else :
print("开始行数大于文本文件总行数！")
def wirte_log(lines):
global logtxt
with open(logtxt, "w") as file: #”w "代表着每次运行都覆盖内容
file.write(str(lines))
def read_log():
global logtxt
if not os.path.exists(logtxt):
with open(logtxt, "w") as file: #”w "代表着每次运行都覆盖内容
file.write(str(1))
with open(logtxt + "", "r", encoding =
'UTF-8') as f:
s_lines = f.readlines()
print("从第" + str(s_lines[0]) + "行开始")
return s_lines[0]
def deal_read_log(files, keyword,
interval_line):
keywords = keyword.replace("(", "").replace(
")", "").replace("'", "").replace('"',
'"').split(',')
start_keywords = keywords[0].split("|")
end_keywords = keywords[1].split("|")
start_line = read_log()
lines_data = read_txt(files, int(
start_line))
for_line = 1
while (for_line < len(lines_data)):
#print(for_line)
# print(lines_data[for_line])
#
if end_keywords in lines_data[for_line]:
#print(lines_data[for_line])
# print("-------------------")
# for_line = for_line + 1
#
else :
isexist = 0
for sk in start_keywords:
if sk in lines_data[for_line]:
isexist = 1
break;
if isexist == 1:
#if start_keywords[0] in lines_data[
for_line] or start_keywords[1] in
lines_data[for_line]:
#当前行有end_keywords
isexist2 = 0
for sk in end_keywords:
if sk in lines_data[for_line]:
isexist2 = 1
break;
if isexist2 == 1:
#print("行数=" + str(start_line - 1 +
for_line) + "-" + str(start_line - 1 +
for_line))
print(lines_data[for_line])
else :
#当前行没有end_keywords。 往下interval_line行去寻找
# 标记当前行数
flag_line = for_line
count = 1
for_line = for_line + 1
while (for_line < len(lines_data)):
isexist3 = 0
for sk in end_keywords:
if sk in lines_data[for_line]:
isexist3 = 1
break;
if isexist3 == 1:
#print("行数=" + str(start_line - 1 +
flag_line) + "-" + str(start_line -
1 + for_line))
for prin in range(flag_line, for_line +
1):
print(lines_data[prin])
break;
for_line = for_line + 1
if count == int(interval_line):
break;
count = count + 1
for_line = for_line - 1
for_line = for_line + 1
if name == 'main':
files = sys.argv[1]
if '.log' in files:
logtxt = files.replace(".log",
"_log.txt")
else :
logtxt = files.replace(".txt",
"_log.txt")
# files = "ora.txt"
keywords = sys.argv[2]
# keywords = "'((04030|04000)，ORA-)'"
#上下关联行数
interval_line = int(sys.argv[3])
# interval_line = 10
deal_read_log(files, keywords,
interval_line)

接下来就是添加监控了

在agent的conf 文件里面添加UserParameter

到这里监控就完成了

来源：https://blog.51cto.com/14483703/2519876