Splunk通过企业微信实现微信告警

1、准备条件：

　 注册企业微信--创建应用，获取相关的corpId 和secret等信息。

2、编写python脚本，使用Python实现企业微信通知功能，可自定义告警信息。

代码demo：

#!/usr/bin/python
# -*- coding: utf-8 -*-

import sys,gzip,csv,json
import requests
import time
import urllib3
urllib3.disable_warnings()

proxies={
    "http":"192.168.99.19:808",
    "https":"192.168.99.19:808"
}

def get_token(corp_id, secret):
    url = "https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=%s&corpsecret=%s" % (corp_id, secret)
    r = requests.get(url=url,verify=False,proxies=proxies)
    token = r.json()['access_token']
    return token


def send_message(message, tag_id, agent_id, token):
    url = "https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=%s" % token
    Header = "【安全告警】您有一条新的安全告警信息！\n"
    data = {
        "totag": tag_id,
        "msgtype": "text",
        "agentid": agent_id,
        "text": {
            "content":Header+'\n' + message
        },
        "safe":"0"
    }
    r = requests.post(url=url, data=json.dumps(data), verify=False,proxies=proxies)
    print(r.json())

if __name__ == '__main__':

    corp_id = "xxxxxxxxxxx"
    secret = "xxxxxxxxxxxxxxx"
    tag_id = "1"
    agent_id = "1000002"
    token = get_token(corp_id, secret)
    
 
    time_now = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())    
    Time = "告警时间："+time_now+"\n"   
    Name = "触发告警："+sys.argv[4]+"\n"
    gzip_file = sys.argv[8]
    csv_file = gzip.open(gzip_file)
    csv_read = csv.reader(csv_file)
    for i,row in enumerate(csv_read):
        if i>0:
                Splunk_result = "告警信息："+row[3] 
                message =Time+ Name+Splunk_result
                send_message(message, tag_id, agent_id, token)

 3、将脚本复制到执行位置

/data/splunk/bin/scripts/splunk.py

 4、创建告警时，选择运行脚本，填写对应的脚本名称：

5、企业微信告警效果

 

 

 参考文章：http://hzhcontrols.com/new-624629.html