Splunk通过企业微信实现微信告警
1、准备条件:
注册企业微信--创建应用,获取相关的corpId 和secret等信息。
2、编写python脚本,使用Python实现企业微信通知功能,可自定义告警信息。
代码demo:
#!/usr/bin/python # -*- coding: utf-8 -*- import sys,gzip,csv,json import requests import time import urllib3 urllib3.disable_warnings() proxies={ "http":"192.168.99.19:808", "https":"192.168.99.19:808" } def get_token(corp_id, secret): url = "https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=%s&corpsecret=%s" % (corp_id, secret) r = requests.get(url=url,verify=False,proxies=proxies) token = r.json()['access_token'] return token def send_message(message, tag_id, agent_id, token): url = "https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=%s" % token Header = "【安全告警】您有一条新的安全告警信息!\n" data = { "totag": tag_id, "msgtype": "text", "agentid": agent_id, "text": { "content":Header+'\n' + message }, "safe":"0" } r = requests.post(url=url, data=json.dumps(data), verify=False,proxies=proxies) print(r.json()) if __name__ == '__main__': corp_id = "xxxxxxxxxxx" secret = "xxxxxxxxxxxxxxx" tag_id = "1" agent_id = "1000002" token = get_token(corp_id, secret) time_now = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) Time = "告警时间:"+time_now+"\n" Name = "触发告警:"+sys.argv[4]+"\n" gzip_file = sys.argv[8] csv_file = gzip.open(gzip_file) csv_read = csv.reader(csv_file) for i,row in enumerate(csv_read): if i>0: Splunk_result = "告警信息:"+row[3] message =Time+ Name+Splunk_result send_message(message, tag_id, agent_id, token)
3、将脚本复制到执行位置
/data/splunk/bin/scripts/splunk.py
4、创建告警时,选择运行脚本,填写对应的脚本名称:
5、企业微信告警效果
本文由Bypass整理发布,转载请保留出处。
欢迎关注我的个人微信公众号:Bypass--,浏览更多精彩文章。