接收有关进入停止状态的任何特定 windows 服务的警报
Recieve alert on any specific windows service entered into stopped state
如果任何特定的 EC2 windows 服务进入停止状态,我需要电子邮件通知。
我配置了 CloudWatch,能够接收所有 windows 服务的日志。
创建了一个 lambda 函数,以便在任何服务进入停止状态时得到通知,但问题是我只有在单击测试函数时才会收到警报。
我收到这样的 CloudWatch 日志:
03:43:02 [System] [INFORMATION] [7036] [Service Control Manager] [mydomain.com] [The Background Intelligent Transfer Service service entered the running state.]
03:43:02 [System] [INFORMATION] [7040] [Service Control Manager] [mydomain.com] [The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.]
03:43:02 [System] [INFORMATION] [7036] [Service Control Manager] [mydomain.com] [The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.]
03:45:02 [System] [INFORMATION] [7040] [Service Control Manager] [mydomain.com] [The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.]
这是我的 lambda 函数:
import boto3
import time
client = boto3.client('logs')
sns = boto3.client('sns')
instance_name = "Development"
a1 = int(round(time.time() * 1000))
def lambda_handler(event, context):
response = client.get_log_events(
logGroupName = 'Eadev',
logStreamName = 'i-01fe1z56y790cq',
startTime = a1,
startFromHead = False
)
event01 = '[System] [INFORMATION] [7036] [Service Control Manager] [mydomain.com] [The DebtManager-Host service entered the stopped state.]'
event02 = '[System] [INFORMATION] [7036] [Service Control Manager] [mydomain.com] [The DebtManager-Controller service entered the stopped state.]'
for i in response['events']:
if event01 == i['message']:
print(event01)
sns.publish( TargetArn = "arn:aws:sns:us-east-1:3913948:testsns",Message = instance_name +" "+ event01)
if event02 == i['message']:
print(event02)
sns.publish( TargetArn = "arn:aws:sns:us-east-1:3913948:testsns",Message = instance_name +" "+ event02)
我预计任何服务停止都会收到电子邮件通知,但只有当我在 Lambda 函数中单击测试时,我才会收到警报。
看来您想要的情况是:
- Windows 实例上的 Amazon CloudWatch 代理 将日志数据发送到 Amazon CloudWatch Logs
- 当在日志文件中检测到特定条目时发送通知
您可以使用 CloudWatch Logs Filter Metrics 触发 CloudWatch 警报,而不是为每条日志消息触发 Lambda 函数:
- Collecting Metrics and Logs from Amazon EC2 Instances and On-Premises Servers with the CloudWatch Agent
- Searching and Filtering Log Data to detect the desired messages by Creating Metric Filters
- 这会将指标推送到 Amazon CloudWatch 指标
- 然后您可以在指标上创建传统的 Amazon CloudWatch 警报,并在收到一定数量的此类消息时触发它
- CloudWatch 警报可以向 Amazon SNS 主题
发送通知
有关 end-to-end 示例,请参阅:Use Amazon CloudWatch Logs Metric Filters to Send Alerts - The IT Hollow
或者,您可以使用 AWS Lambda 函数:
- Collect Metrics and Logs from Amazon EC2 Instances and On-Premises Servers with the CloudWatch Agent
- 使用Real-time Processing of Log Data with Subscriptions
- 它可以接受一个订阅过滤器来识别感兴趣的记录
- 然后它可以触发 AWS Lambda 函数,您可以对其进行编程以执行任何您想要的操作(例如向 Amazon SNS 主题发送消息)
如果任何特定的 EC2 windows 服务进入停止状态,我需要电子邮件通知。
我配置了 CloudWatch,能够接收所有 windows 服务的日志。 创建了一个 lambda 函数,以便在任何服务进入停止状态时得到通知,但问题是我只有在单击测试函数时才会收到警报。
我收到这样的 CloudWatch 日志:
03:43:02 [System] [INFORMATION] [7036] [Service Control Manager] [mydomain.com] [The Background Intelligent Transfer Service service entered the running state.]
03:43:02 [System] [INFORMATION] [7040] [Service Control Manager] [mydomain.com] [The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.]
03:43:02 [System] [INFORMATION] [7036] [Service Control Manager] [mydomain.com] [The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.]
03:45:02 [System] [INFORMATION] [7040] [Service Control Manager] [mydomain.com] [The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.]
这是我的 lambda 函数:
import boto3
import time
client = boto3.client('logs')
sns = boto3.client('sns')
instance_name = "Development"
a1 = int(round(time.time() * 1000))
def lambda_handler(event, context):
response = client.get_log_events(
logGroupName = 'Eadev',
logStreamName = 'i-01fe1z56y790cq',
startTime = a1,
startFromHead = False
)
event01 = '[System] [INFORMATION] [7036] [Service Control Manager] [mydomain.com] [The DebtManager-Host service entered the stopped state.]'
event02 = '[System] [INFORMATION] [7036] [Service Control Manager] [mydomain.com] [The DebtManager-Controller service entered the stopped state.]'
for i in response['events']:
if event01 == i['message']:
print(event01)
sns.publish( TargetArn = "arn:aws:sns:us-east-1:3913948:testsns",Message = instance_name +" "+ event01)
if event02 == i['message']:
print(event02)
sns.publish( TargetArn = "arn:aws:sns:us-east-1:3913948:testsns",Message = instance_name +" "+ event02)
我预计任何服务停止都会收到电子邮件通知,但只有当我在 Lambda 函数中单击测试时,我才会收到警报。
看来您想要的情况是:
- Windows 实例上的 Amazon CloudWatch 代理 将日志数据发送到 Amazon CloudWatch Logs
- 当在日志文件中检测到特定条目时发送通知
您可以使用 CloudWatch Logs Filter Metrics 触发 CloudWatch 警报,而不是为每条日志消息触发 Lambda 函数:
- Collecting Metrics and Logs from Amazon EC2 Instances and On-Premises Servers with the CloudWatch Agent
- Searching and Filtering Log Data to detect the desired messages by Creating Metric Filters
- 这会将指标推送到 Amazon CloudWatch 指标
- 然后您可以在指标上创建传统的 Amazon CloudWatch 警报,并在收到一定数量的此类消息时触发它
- CloudWatch 警报可以向 Amazon SNS 主题 发送通知
有关 end-to-end 示例,请参阅:Use Amazon CloudWatch Logs Metric Filters to Send Alerts - The IT Hollow
或者,您可以使用 AWS Lambda 函数:
- Collect Metrics and Logs from Amazon EC2 Instances and On-Premises Servers with the CloudWatch Agent
- 使用Real-time Processing of Log Data with Subscriptions
- 它可以接受一个订阅过滤器来识别感兴趣的记录
- 然后它可以触发 AWS Lambda 函数,您可以对其进行编程以执行任何您想要的操作(例如向 Amazon SNS 主题发送消息)