2019年11月9日

Smokeping整合Slack發送告警訊息

Smokeping工具,安裝的方式可參考官網,目前實作用Slack發出告警訊息
依照個人安裝的目錄,調整相關的設定檔路徑即可
vi /usr/local/smokeping/etc/slack_notify.sh
#!/bin/bash
function send_alert {
    # Send a SmokePing status alert to the slack channel

    alertname="$1"
    target="$2"
    losspattern="$3"
    rtt="$4"
    hostname="$5"


    case "${alertname}" in
        someloss)
      #not ideal but will continue
            color="good"
            ;;
        highloss)
    #we will live
            color="warning"
            ;;
        majorloss)
    #this is real bad.
            color="danger"
            ;;
        *)
            echo "Unsupported loss alert name"
esac

     losspattern=$(echo $losspattern | rev | cut -d',' -f 1 | rev)

    echo "Sending Slack alert, Alert: $alertname, Target: $target, Loss Pattern: $losspattern, RTT: $rtt, Hostname: $hostname" >> /tmp/smokeping.log

    data='{
            "username": "MYLAB-Smokeping",
            "icon_url": "https://a.slack-edge.com/production-standard-emoji-assets/10.2/google-large/1f383@2x.png",
            "attachments": [                                                                                                                                                                 
                {
    "title": "Alert type : '${alertname}'",
                    "color": "'${color}'"
                },
                {
                    "text": " ",
                    "fields": [
                        {
                            "title": "Packet Source",
                            "value": "'${HOSTNAME}'",
                            "short": "true"
                        },
                        {
                            "title": "Packet Destination",
                            "value": "'${target}'('${hostname}')",
                            "short": "true"
                        },
{
    "title": "Packet Loss (%)",
                            "value": "'${losspattern}'",
                            "short": "true"
},
        {
                            "title": "Graph",
                            "value": "http://192.88.34.54/smokeping?target='${target}'",
                            "short": "true"
                        }
                    ]
                }
            ],
            "channel": "#mytest-channel"
        }'

    echo $data
    curl -X POST -H "Content-type: application/json" --data "$data" https://hooks.slack.com/services/T9DKZ0S4Q/A1EJ51GEB/x1d4B7uGhbpZn7L7KAbiN5sV

}

send_alert "$1" "$2" "$3" "$4" "$5"

exit 0

存檔後離開,並將檔案改成可執行檔
chmod +x /usr/local/smokeping/etc/slack_notify.sh
調整Smokeping的設定檔的告警值
vi /usr/local/smokeping/etc/config
*** General ***
owner    =LAB-TEST
contact  = LAB-TEST@LAB-TEST.com
mailhost = my.mail.host
sendmail = /usr/sbin/sendmail
# NOTE: do not put the Image Cache below cgi-bin
# since all files under cgi-bin will be executed ... this is not
# good for images.
imgcache = /usr/local/smokeping/cache
imgurl   = cache
datadir  = /usr/local/smokeping/data
piddir  = /usr/local/smokeping/var
cgiurl   = http://192.88.34.54/smokeping.cgi
smokemail = /usr/local/smokeping/etc/smokemail.dist
tmail = /usr/local/smokeping/etc/tmail.dist
# specify this to get syslog logging
syslogfacility = local0
# each probe is now run in its own process
# disable this to revert to the old behaviour
# concurrentprobes = no

*** Alerts ***
#不用Email發送,而是在原本的信箱後面,加上 | 後調用Script執行檔案

to = |/usr/local/smokeping/etc/slack_notify.sh
from = LAB-TEST@LAB-TEST.com


+rttdetect
type = rtt
# in milliseconds
pattern = >2100,>2100,>2100
comment = There is a serious connectivity issue with this node

+someloss
type = loss
# in percent
pattern = >0%<=25%,*12*,>0%<=25%,*12*,>0%<=25%
comment = loss 3 times  in a row

+highloss
type = loss
# in percent
pattern = >25%<=50%,*12*,>25%<=50%,*12*,>25%<=50%
comment = loss 3 times  in a row

+majorloss
type        = loss
pattern     = >50%
edgetrigger = yes
comment     = host down

*** Database ***

step     = 60
pings    = 20

# consfn mrhb steps total

AVERAGE  0.5   1  1008
AVERAGE  0.5  12  4320
    MIN  0.5  12  4320
    MAX  0.5  12  4320
AVERAGE  0.5 144   720
    MAX  0.5 144   720
    MIN  0.5 144   720

*** Presentation ***
charset = utf-8
template = /usr/local/smokeping/etc/basepage.html.dist

+ charts

menu = Charts
title = The most interesting destinations

++ stddev
sorter = StdDev(entries=>4)
title = Top Standard Deviation
menu = Std Deviation
format = Standard Deviation %f

++ max
sorter = Max(entries=>5)
title = Top Max Roundtrip Time
menu = by Max
format = Max Roundtrip Time %f seconds

++ loss
sorter = Loss(entries=>5)
title = Top Packet Loss
menu = Loss
format = Packets Lost %f

++ median
sorter = Median(entries=>5)
title = Top Median Roundtrip Time
menu = by Median
format = Median RTT %f seconds

+ overview

width = 600
height = 50
range = 10h

+ detail

width = 600
height = 200
unison_tolerance = 2

"Last 3 Hours"    3h
"Last 30 Hours"   30h
"Last 10 Days"    10d
"Last 400 Days"   400d

#+ hierarchies
#++ owner
#title = Host Owner
#++ location
#title = Location

*** Probes ***

+ FPing

binary = /usr/local/sbin/fping

+ DNS

binary = /usr/bin/dig # mandatory

+ Curl
 # probe-specific variables
binary = /usr/bin/curl
forks = 5
offset = 50%
step = 60

*** Slaves ***
secrets=/usr/local/smokeping/etc/smokeping_secrets.dist
+boomer
display_name=boomer
color=0000ff

+slave2
display_name=another
color=00ff00

*** Targets ***

probe = FPing

menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing website of TEST-LAB Company. \
         Here you will learn all about the latency of our network.

+ Local_GW
menu = Local_GW
title = Local_GW
host = 192.88.34.254
alerts = someloss,highloss,majorloss

+TEST-Monitor-01
menu = TEST-Monitor-01
title = TEST-Monitor-01

++Ping_TEST-IP-1
title = 168.95.1.1
host = 168.95.1.1
alerts = someloss,highloss,majorloss

++Ping_TEST-IP-2
title = 8.8.8.8
host = 8.8.8.8

alerts = someloss,highloss,majorloss

存檔後離開,當有發生someloss,highloss,majorloss等級的掉包率時,便可發出Slack告警到指定的#channel裡面

3 則留言:

  1. hi
    跟您請教,我按照做法後設定異常故意去踩到,還是無法發到slack,但我單獨執行script可以打到slack,改回alert發mail就恢復正常。
    想問一下是否有哪邊需要調整。

    回覆刪除
  2. 如果設定都正確的話,比較有可能的就是slack_notify.sh這支shell程式的執行權限問題沒有設定正確

    回覆刪除