Pagerduty 将事件分组为一个事件
Pagerduty grouping the incidents in one single incident
我已经使用 python 编写了一个端口扫描程序,它将发送 "illegal ports open" 通知作为 pagerduty 的事件。集成工作正常,但有一个小问题困扰着我。我无法为每个具有开放端口的主机发送唯一事件。假设我的脚本扫描了 2 台主机,发现发现了非法端口,并向 pagerduty 发送通知,如下所示:
for serv in host.services:
if serv.port not in safe_port:
print ('Illegal Port open :'+str(serv.port)+'/'+str(serv.protocol)+' '+str(serv.service)+', on host=> '+str(host))
notify_slack_forbidden_port(str(serv.port),str(serv.protocol),str(serv.service),str(host))
######
notify_pagerduty_forbidden_port(str(serv.port),str(serv.protocol),str(serv.service),str(host))
else:
notify_pagerduty_forbidden_port的函数定义如下:
def notify_pagerduty_forbidden_port(a,b,c,d): ## Call this when a Forbidden port has been open up
headers = {
'Authorization': 'Token token={0}'.format(API_ACCESS_KEY),
'Content-type': 'application/json',
}
payload = json.dumps({
"service_key": API_ACCESS_KEY,
"incident_key": "illegal/port",
"event_type": "trigger",
"description": "A Illegle port was found open"+str(a)+"/ "+str(b)+" service "+str(c)+" on "+str(d)+" Found in "+str(box_name),
})
print "Sending to Pagerduty",payload
r = requests.post(
'https://events.pagerduty.com/generic/2010-04-15/create_event.json',
headers=headers,
data=payload,
)
print "Done!"
我的问题是,当它被发送到 Pagerduty 时,这被视为一个事件而不是不同的事件:
我希望对于每个主机中的每个开放端口,都会生成不同的事件。
此行为在 docs:
中有描述
incident_key - Identifies the incident to which this trigger event should be applied. If there's no open (i.e. unresolved) incident with this key, a new one will be created. If there's already an open incident with a matching key, this event will be appended to that incident's log. The event key provides an easy way to "de-dup" problem reports.
因此,如果您每次插入新问题时都使用另一个 incident_key,您将获得一个新问题 ID。
我已经使用 python 编写了一个端口扫描程序,它将发送 "illegal ports open" 通知作为 pagerduty 的事件。集成工作正常,但有一个小问题困扰着我。我无法为每个具有开放端口的主机发送唯一事件。假设我的脚本扫描了 2 台主机,发现发现了非法端口,并向 pagerduty 发送通知,如下所示:
for serv in host.services:
if serv.port not in safe_port:
print ('Illegal Port open :'+str(serv.port)+'/'+str(serv.protocol)+' '+str(serv.service)+', on host=> '+str(host))
notify_slack_forbidden_port(str(serv.port),str(serv.protocol),str(serv.service),str(host))
######
notify_pagerduty_forbidden_port(str(serv.port),str(serv.protocol),str(serv.service),str(host))
else:
notify_pagerduty_forbidden_port的函数定义如下:
def notify_pagerduty_forbidden_port(a,b,c,d): ## Call this when a Forbidden port has been open up
headers = {
'Authorization': 'Token token={0}'.format(API_ACCESS_KEY),
'Content-type': 'application/json',
}
payload = json.dumps({
"service_key": API_ACCESS_KEY,
"incident_key": "illegal/port",
"event_type": "trigger",
"description": "A Illegle port was found open"+str(a)+"/ "+str(b)+" service "+str(c)+" on "+str(d)+" Found in "+str(box_name),
})
print "Sending to Pagerduty",payload
r = requests.post(
'https://events.pagerduty.com/generic/2010-04-15/create_event.json',
headers=headers,
data=payload,
)
print "Done!"
我的问题是,当它被发送到 Pagerduty 时,这被视为一个事件而不是不同的事件:
我希望对于每个主机中的每个开放端口,都会生成不同的事件。
此行为在 docs:
中有描述incident_key - Identifies the incident to which this trigger event should be applied. If there's no open (i.e. unresolved) incident with this key, a new one will be created. If there's already an open incident with a matching key, this event will be appended to that incident's log. The event key provides an easy way to "de-dup" problem reports.
因此,如果您每次插入新问题时都使用另一个 incident_key,您将获得一个新问题 ID。