程序目录日志积压告警企业微信shell脚本

#!/bin/bash

# 程序目录积压告警脚本
# 请先将设备主机名设置全机房唯一
# ysw 20231205



# 添加定时任务 每5分钟执行1次
# */5 * * * *  /bin/bash /shell/push_backlog_alarm.sh  > /dev/null 2>&1

#-------------------------------------------------------------------------------------------------------------------------------------------

.  /etc/profile
. ~/.bash_profile

curl_proxy=192.168.60.31:55555             # 若网络无代理设置为 False; 若网络有代理置为具体值 IP:PORT 例如： 192.168.200.102:80

report_api="https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=5d71ee4a-f0xx-4aae-88ee-e9b664cf03xx" # 告警机器人地址


# 告警/恢复 阈值配置
# err 代表积压触发推送的阈值
# ok 代表不积压触发推送的阈值

threshold_err_is_access_log=200
threshold_ok_is_access_log=20

threshold_err_is_malware_pkt_attach=200
threshold_ok_is_malware_pkt_attach=20

threshold_err_is_malware_pkt_log=200
threshold_ok_is_malware_pkt_log=20

threshold_err_is_malware_samples=200
threshold_ok_is_malware_samples=20

threshold_err_is_manager_attach=200
threshold_ok_is_manager_attach=20

threshold_err_is_manager_log=200
threshold_ok_is_manager_log=20

threshold_err_is_pcaper_file=200
threshold_ok_is_pcaper_file=20

threshold_err_is_pcaper_log=200
threshold_ok_is_pcaper_log=20

threshold_err_is_threat_monitor_log=200
threshold_ok_is_threat_monitor_log=20

threshold_err_ds_data_identify=200
threshold_ok_ds_data_identify=20

threshold_err_ds_data_monitor=200
threshold_ok_ds_data_monitor=20

threshold_err_ds_evidence_file=200
threshold_ok_ds_evidence_file=20

threshold_err_ns_malware_file_log=200
threshold_ok_ns_malware_file_log=20

threshold_err_ns_malware_samples=200
threshold_ok_ns_malware_samples=20

threshold_err_ns_threat_monitor_log=200
threshold_ok_ns_threat_monitor_log=20

threshold_err_ds_pcaper_file=200
threshold_ok_ds_pcaper_file=20

threshold_err_ds_pcaper_log=200
threshold_ok_ds_pcaper_log=20

threshold_err_ns_pcaper_file=200
threshold_ok_ns_pcaper_file=20

threshold_err_ns_pcaper_log=200
threshold_ok_ns_pcaper_log=20


#-------------------------------------------------------------------------------------------------------------------------------------------

log=/tmp/backlog_file.log    # 积压目录日志文件，写绝对路径
time_now=$(date "+%Y%m%d %H:%M:%S")
dev_name=`hostname`
# 获取本脚本开关配置
curl_proxy=`cat $0 | grep curl_proxy | head -n 1 | awk '{print $1}' | awk -F \= '{print $2}'|sed 's/\"//g'`
[ ! -f $log ] && touch $log

# 判断是否开启代理告警模式
if [ $curl_proxy == "False" ];then
        qy_curl="curl"
else
        qy_curl="curl --proxy ${curl_proxy}"
fi

qiyeweixin_err(){
cat > sendweb.sh<< EOF
$qy_curl $report_api \
   -H 'Content-Type: application/json' \
   -d '
{
  "msgtype": "markdown",
  "markdown": {
    "content": " #### <font color=\"red\">【告警】${dev_name}</font> \n \
>积压目录：<font color=\"red\">$1</font>\n \
>积压数量：<font color=\"red\">$2</font>\n \
>告警时间：<font color=\"comment\">${time_now}</font>\n
"
  }
}'
EOF
sh sendweb.sh 2>/dev/null && rm -rf sendweb.sh
}

qiyeweixin_ok(){
cat > sendweb.sh<< EOF
$qy_curl $report_api \
   -H 'Content-Type: application/json' \
   -d '
{
  "msgtype": "markdown",
  "markdown": {
    "content": " #### <font color=\"green\">【恢复】${dev_name}</font> \n \
>恢复目录：<font color=\"green\">$1</font>\n \
>当前数量：<font color=\"green\">$2</font>\n \
>恢复时间：<font color=\"comment\">${time_now}</font>\n
"
  }
}'
EOF
sh sendweb.sh 2>/dev/null && rm -rf sendweb.sh
}


#--------------------------------------------------------- is_access_log -----------------------------------------------------------------------
if [ -d "/home/udpi_log/is_access_log" ];then
    is_access_log=`find /home/udpi_log/is_access_log -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $is_access_log -gt $threshold_err_is_access_log ];then
        if ! grep -wq "is_access_log" $log;then
            echo is_access_log $is_access_log >> $log
            qiyeweixin_err is_access_log $is_access_log
        fi
    else
        if grep -wq "is_access_log" $log;then
            if [ $is_access_log -lt $threshold_ok_is_access_log ];then
                sed -i '/is_access_log/d' $log
                qiyeweixin_ok is_access_log $is_access_log
            fi
        fi
    fi
fi
#--------------------------------------------------------- is_malware_pkt_attach -----------------------------------------------------------------------
if [ -d "/home/udpi_log/is_malware_pkt_attach" ];then
    is_malware_pkt_attach=`find /home/udpi_log/is_malware_pkt_attach -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $is_malware_pkt_attach -gt $threshold_err_is_malware_pkt_attach ];then
        if ! grep -wq "is_malware_pkt_attach" $log;then
            echo is_malware_pkt_attach $is_malware_pkt_attach >> $log
            qiyeweixin_err is_malware_pkt_attach $is_malware_pkt_attach
        fi
    else
        if grep -wq "is_malware_pkt_attach" $log;then
            if [ $is_malware_pkt_attach -lt $threshold_ok_is_malware_pkt_attach ];then
                sed -i '/is_malware_pkt_attach/d' $log
                qiyeweixin_ok is_malware_pkt_attach $is_malware_pkt_attach
            fi
        fi
    fi
fi
#--------------------------------------------------------- is_malware_pkt_log -----------------------------------------------------------------------
if [ -d "/home/udpi_log/is_malware_pkt_log" ];then
    is_malware_pkt_log=`find /home/udpi_log/is_malware_pkt_log -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $is_malware_pkt_log -gt $threshold_err_is_malware_pkt_log ];then
        if ! grep -wq "is_malware_pkt_log" $log;then
            echo is_malware_pkt_log $is_malware_pkt_log >> $log
            qiyeweixin_err is_malware_pkt_log $is_malware_pkt_log
        fi
    else
        if grep -wq "is_malware_pkt_log" $log;then
            if [ $is_malware_pkt_log -lt $threshold_ok_is_malware_pkt_log ];then
                sed -i '/is_malware_pkt_log/d' $log
                qiyeweixin_ok is_malware_pkt_log $is_malware_pkt_log
            fi
        fi
    fi
fi
#--------------------------------------------------------- is_malware_samples -----------------------------------------------------------------------
if [ -d "/home/udpi_log/is_malware_samples" ];then
    is_malware_samples=`find /home/udpi_log/is_malware_samples -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $is_malware_samples -gt $threshold_err_is_malware_samples ];then
        if ! grep -wq "is_malware_samples" $log;then
            echo is_malware_samples $is_malware_samples >> $log
            qiyeweixin_err is_malware_samples $is_malware_samples
        fi
    else
        if grep -wq "is_malware_samples" $log;then
            if [ $is_malware_samples -lt $threshold_ok_is_malware_samples ];then
                sed -i '/is_malware_samples/d' $log
                qiyeweixin_ok is_malware_samples $is_malware_samples
            fi
        fi
    fi
fi
#--------------------------------------------------------- is_manager_attach -----------------------------------------------------------------------

if [ -d "/home/udpi_log/is_manager_attach" ];then
    is_manager_attach=`find /home/udpi_log/is_manager_attach -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $is_manager_attach -gt $threshold_err_is_manager_attach ];then
        if ! grep -wq "is_manager_attach" $log;then
            echo is_manager_attach $is_manager_attach >> $log
            qiyeweixin_err is_manager_attach $is_manager_attach
        fi
    else
        if grep -wq "is_manager_attach" $log;then
            if [ $is_manager_attach -lt $threshold_ok_is_manager_attach ];then
                sed -i '/is_manager_attach/d' $log
                qiyeweixin_ok is_manager_attach $is_manager_attach
            fi
        fi
    fi
fi
#--------------------------------------------------------- is_manager_log -----------------------------------------------------------------------
if [ -d "/home/udpi_log/is_manager_log" ];then

    is_manager_log=`find /home/udpi_log/is_manager_log -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $is_manager_log -gt $threshold_err_is_manager_log ];then
        if ! grep -wq "is_manager_log" $log;then
            echo is_manager_log $is_manager_log >> $log
            qiyeweixin_err is_manager_log $is_manager_log
        fi
    else
        if grep -wq "is_manager_log" $log;then
            if [ $is_manager_log -lt $threshold_ok_is_manager_log ];then
                sed -i '/is_manager_log/d' $log
                qiyeweixin_ok is_manager_log $is_manager_log
            fi
        fi
    fi
fi
#--------------------------------------------------------- is_pcaper_file -----------------------------------------------------------------------

if [ -d "/home/udpi_log/is_pcaper_file" ];then

    is_pcaper_file=`find /home/udpi_log/is_pcaper_file -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $is_pcaper_file -gt $threshold_err_is_pcaper_file ];then
        if ! grep -wq "is_pcaper_file" $log;then
            echo is_pcaper_file $is_pcaper_file >> $log
            qiyeweixin_err is_pcaper_file $is_pcaper_file
        fi
    else
        if grep -wq "is_pcaper_file" $log;then
            if [ $is_pcaper_file -lt $threshold_ok_is_pcaper_file ];then
                sed -i '/is_pcaper_file/d' $log
                qiyeweixin_ok is_pcaper_file $is_pcaper_file
            fi
        fi
    fi
fi
#--------------------------------------------------------- is_pcaper_log -----------------------------------------------------------------------

if [ -d "/home/udpi_log/is_pcaper_log" ];then
    is_pcaper_log=`find /home/udpi_log/is_pcaper_log -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $is_pcaper_log -gt $threshold_err_is_pcaper_log ];then
        if ! grep -wq "is_pcaper_log" $log;then
            echo is_pcaper_log $is_pcaper_log >> $log
            qiyeweixin_err is_pcaper_log $is_pcaper_log
        fi
    else
        if grep -wq "is_pcaper_log" $log;then
            if [ $is_pcaper_log -lt $threshold_ok_is_pcaper_log ];then
                sed -i '/is_pcaper_log/d' $log
                qiyeweixin_ok is_pcaper_log $is_pcaper_log
            fi
        fi
    fi
fi
#--------------------------------------------------------- is_threat_monitor_log -----------------------------------------------------------------------

if [ -d "/home/udpi_log/is_threat_monitor_log" ];then
    is_threat_monitor_log=`find /home/udpi_log/is_threat_monitor_log -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $is_threat_monitor_log -gt $threshold_err_is_threat_monitor_log ];then
        if ! grep -wq "is_threat_monitor_log" $log;then
            echo is_threat_monitor_log $is_threat_monitor_log >> $log
            qiyeweixin_err is_threat_monitor_log $is_threat_monitor_log
        fi
    else
        if grep -wq "is_threat_monitor_log" $log;then
            if [ $is_threat_monitor_log -lt $threshold_ok_is_threat_monitor_log ];then
                sed -i '/is_threat_monitor_log/d' $log
                qiyeweixin_ok is_threat_monitor_log $is_threat_monitor_log
            fi
        fi
    fi
fi

#--------------------------------------------------------- ds_data_identify -----------------------------------------------------------------------

if [ -d "/home/udpi_log/ds_data_identify" ];then
    ds_data_identify=`find /home/udpi_log/ds_data_identify -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $ds_data_identify -gt $threshold_err_ds_data_identify ];then
        if ! grep -wq "ds_data_identify" $log;then
            echo ds_data_identify $ds_data_identify >> $log
            qiyeweixin_err ds_data_identify $ds_data_identify
        fi
    else
        if grep -wq "ds_data_identify" $log;then
            if [ $ds_data_identify -lt $threshold_ok_ds_data_identify ];then
                sed -i '/ds_data_identify/d' $log
                qiyeweixin_ok ds_data_identify $ds_data_identify
            fi
        fi
    fi
fi
#--------------------------------------------------------- ds_data_monitor -----------------------------------------------------------------------
if [ -d "/home/udpi_log/ds_data_monitor" ];then

    ds_data_monitor=`find /home/udpi_log/ds_data_monitor -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $ds_data_monitor -gt $threshold_err_ds_data_monitor ];then
        if ! grep -wq "ds_data_monitor" $log;then
            echo ds_data_monitor $ds_data_monitor >> $log
            qiyeweixin_err ds_data_monitor $ds_data_monitor
        fi
    else
        if grep -wq "ds_data_monitor" $log;then
            if [ $ds_data_monitor -lt $threshold_ok_ds_data_monitor ];then
                sed -i '/ds_data_monitor/d' $log
                qiyeweixin_ok ds_data_monitor $ds_data_monitor
            fi
        fi
    fi
fi
#--------------------------------------------------------- ds_evidence_file -----------------------------------------------------------------------

if [ -d "/home/udpi_log/ds_evidence_file" ];then
    ds_evidence_file=`find /home/udpi_log/ds_evidence_file -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $ds_evidence_file -gt $threshold_err_ds_evidence_file ];then
        if ! grep -wq "ds_evidence_file" $log;then
            echo ds_evidence_file $ds_evidence_file >> $log
            qiyeweixin_err ds_evidence_file $ds_evidence_file
        fi
    else
        if grep -wq "ds_evidence_file" $log;then
            if [ $ds_evidence_file -lt $threshold_ok_ds_evidence_file ];then
                sed -i '/ds_evidence_file/d' $log
                qiyeweixin_ok ds_evidence_file $ds_evidence_file
            fi
        fi
    fi
fi
#--------------------------------------------------------- ns_malware_file_log -----------------------------------------------------------------------

if [ -d "/home/udpi_log/ns_malware_file_log" ];then
    ns_malware_file_log=`find /home/udpi_log/ns_malware_file_log -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $ns_malware_file_log -gt $threshold_err_ns_malware_file_log ];then
        if ! grep -wq "ns_malware_file_log" $log;then
            echo ns_malware_file_log $ns_malware_file_log >> $log
            qiyeweixin_err ns_malware_file_log $ns_malware_file_log
        fi
    else
        if grep -wq "ns_malware_file_log" $log;then
            if [ $ns_malware_file_log -lt $threshold_ok_ns_malware_file_log ];then
                sed -i '/ns_malware_file_log/d' $log
                qiyeweixin_ok ns_malware_file_log $ns_malware_file_log
            fi
        fi
    fi
fi

#--------------------------------------------------------- ns_malware_samples -----------------------------------------------------------------------
if [ -d "/home/udpi_log/ns_malware_samples" ];then
    ns_malware_samples=`find /home/udpi_log/ns_malware_samples -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $ns_malware_samples -gt $threshold_err_ns_malware_samples ];then
        if ! grep -wq "ns_malware_samples" $log;then
            echo ns_malware_samples $ns_malware_samples >> $log
            qiyeweixin_err ns_malware_samples $ns_malware_samples
        fi
    else
        if grep -wq "ns_malware_samples" $log;then
            if [ $ns_malware_samples -lt $threshold_ok_ns_malware_samples ];then
                sed -i '/ns_malware_samples/d' $log
                qiyeweixin_ok ns_malware_samples $ns_malware_samples
            fi
        fi
    fi
fi
#--------------------------------------------------------- ns_threat_monitor_log -----------------------------------------------------------------------
if [ -d "/home/udpi_log/ns_threat_monitor_log" ];then
    ns_threat_monitor_log=`find /home/udpi_log/ns_threat_monitor_log -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

    if [ $ns_threat_monitor_log -gt $threshold_err_ns_threat_monitor_log ];then
        if ! grep -wq "ns_threat_monitor_log" $log;then
            echo ns_threat_monitor_log $ns_threat_monitor_log >> $log
            qiyeweixin_err ns_threat_monitor_log $ns_threat_monitor_log
        fi
    else
        if grep -wq "ns_threat_monitor_log" $log;then
            if [ $ns_threat_monitor_log -lt $threshold_ok_ns_threat_monitor_log ];then
                sed -i '/ns_threat_monitor_log/d' $log
                qiyeweixin_ok ns_threat_monitor_log $ns_threat_monitor_log
            fi
        fi
    fi
fi

#--------------------------------------------------------- ds_pcaper_file -----------------------------------------------------------------------
if [ -d "/home/udpi_log/ds_pcaper_file" ];then
    if [ -d "/home/udpi_log/ds_pcaper_file" ];then
        ds_pcaper_file=`find /home/udpi_log/ds_pcaper_file -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

        if [ $ds_pcaper_file -gt $threshold_err_ds_pcaper_file ];then
            if ! grep -wq "ds_pcaper_file" $log;then
                echo ds_pcaper_file $ds_pcaper_file >> $log
                qiyeweixin_err ds_pcaper_file $ds_pcaper_file
            fi
        else
            if grep -wq "ds_pcaper_file" $log;then
                if [ $ds_pcaper_file -lt $threshold_ok_ds_pcaper_file ];then
                    sed -i '/ds_pcaper_file/d' $log
                    qiyeweixin_ok ds_pcaper_file $ds_pcaper_file
                fi
            fi
        fi
    fi
fi
#--------------------------------------------------------- ds_pcaper_log -----------------------------------------------------------------------
if [ -d "/home/udpi_log/ds_pcaper_log" ];then
    if [ -d "/home/udpi_log/ds_pcaper_log" ];then
        ds_pcaper_log=`find /home/udpi_log/ds_pcaper_log -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

        if [ $ds_pcaper_log -gt $threshold_err_ds_pcaper_log ];then
            if ! grep -wq "ds_pcaper_log" $log;then
                echo ds_pcaper_log $ds_pcaper_log >> $log
                qiyeweixin_err ds_pcaper_log $ds_pcaper_log
            fi
        else
            if grep -wq "ds_pcaper_log" $log;then
                if [ $ds_pcaper_log -lt $threshold_ok_ds_pcaper_log ];then
                    sed -i '/ds_pcaper_log/d' $log
                    qiyeweixin_ok ds_pcaper_log $ds_pcaper_log
                fi
            fi
        fi
    fi
fi
#--------------------------------------------------------- ns_pcaper_file -----------------------------------------------------------------------
if [ -d "/home/udpi_log/ns_pcaper_file" ];then
    if [ -d "/home/udpi_log/ns_pcaper_file" ];then
        ns_pcaper_file=`find /home/udpi_log/ns_pcaper_file -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

        if [ $ns_pcaper_file -gt $threshold_err_ns_pcaper_file ];then
            if ! grep -wq "ns_pcaper_file" $log;then
                echo ns_pcaper_file $ns_pcaper_file >> $log
                qiyeweixin_err ns_pcaper_file $ns_pcaper_file
            fi
        else
            if grep -wq "ns_pcaper_file" $log;then
                if [ $ns_pcaper_file -lt $threshold_ok_ns_pcaper_file ];then
                    sed -i '/ns_pcaper_file/d' $log
                    qiyeweixin_ok ns_pcaper_file $ns_pcaper_file
                fi
            fi
        fi
    fi
fi
#--------------------------------------------------------- ns_pcaper_log -----------------------------------------------------------------------
if [ -d "/home/udpi_log/ns_pcaper_log" ];then
    if [ -d "/home/udpi_log/ns_pcaper_log" ];then
        ns_pcaper_log=`find /home/udpi_log/ns_pcaper_log -maxdepth 2  -type f -and ! -name "*.json" |wc -l`

        if [ $ns_pcaper_log -gt $threshold_err_ns_pcaper_log ];then
            if ! grep -wq "ns_pcaper_log" $log;then
                echo ns_pcaper_log $ns_pcaper_log >> $log
                qiyeweixin_err ns_pcaper_log $ns_pcaper_log
            fi
        else
            if grep -wq "ns_pcaper_log" $log;then
                if [ $ns_pcaper_log -lt $threshold_ok_ns_pcaper_log ];then
                    sed -i '/ns_pcaper_log/d' $log
                    qiyeweixin_ok ns_pcaper_log $ns_pcaper_log
                fi
            fi
        fi
    fi
fi

添加定时任务，每2分钟执行

[root@HS-ISP-IS-60-34 ~]# crontab -l|grep push_backlog_alarm
#Ansible: push_backlog_alarm
*/2 * * * * cd /shell/;sh push_backlog_alarm.sh >/dev/null 2>&1
[root@HS-ISP-IS-60-34 ~]#