Filebeat 监控错误日志发送飞书提醒


实现思路:

  • filebeat 监控错误日志
  • 捕获每一条错误日志发送到 redis 队列
  • 用 webman 订阅 redis 队列发送消费到飞书机器人

第一步:构建 filebeat 镜像

FROM rockylinux:9.0.20220720-minimal AS build
RUN microdnf install -y tar wget
ENV FILEBEAT_VERSION 8.4.3
RUN if [ `arch` == 'aarch64' ]; then wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-linux-arm64.tar.gz; fi
RUN if [ `arch` == 'x86_64' ] ; then wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-linux-x86_64.tar.gz; fi
RUN mkdir /usr/local/filebeat && tar zxf filebeat-*.tar.gz && mv filebeat-*/* /usr/local/filebeat/

FROM rockylinux:9.0.20220720-minimal
WORKDIR /usr/local/filebeat
COPY --from=build /usr/local/filebeat /usr/local/filebeat
ENV PATH /usr/local/filebeat/:$PATH
CMD ["filebeat", "-e"]

保存为 Dockerfile 文件,然后构建镜像

docker build -t filebeat:8.4.3 .

第二步:启动 filebeat 容器,监听错误日志,发送 redis

2.1 生成 filebeat 配置文件 filebeat.yml

# == Filebeat inputs 
filebeat.inputs:
- type: filestream
  id: nginx-error-log-10000
  enabled: true
  paths:
    - /www/logs/error.log
  exclude_lines: ['^DEBUG']
  include_lines: ['^ERR', '^WARN']
# == Filebeat modules
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true
# == Outputs
output.redis:
  hosts: ["redis:6379"]
  key: "mogublog-net-error-log-10000"
  db: 1
  timeout: 10

2.2 启动 filebeat 容器

docker run --name filebeat --network wordpress -v /www/filebeat.yml:/usr/local/filebeat/filebeat.yml filebeat:8.4.3

2.3 检查 redis 队列

> redis-cli
> SELECT 1
> LLEN mogublog-net-error-log

第三步:订阅 redis 队列,发送飞书

3.1 安装 webman

mkdir error_sync_feishu && cd error_sync_feishu
composer create-project workerman/webman . 

3.2 待续