在zabbix的和业务系统的日常维护中免不了要频繁屏蔽掉告警,这里最方便的就是禁用掉相应的告警动作,由于要相当频繁的进行屏蔽,如果日常工作繁杂的话很容易忽略掉恢复,这里会有很大的隐患,今天笔者将带来一款对zabbix的告警动作进行审计的脚本,如下所示:
#!/usr/bin/env python
# encoding=utf-8
import logging
import requests
import time
from conf import action_id_list
import json
import sys
def logger_getter():
today = time.strftime("%Y-%m-%d", time.localtime())
logger = logging.getLogger()
if not len(logger.handlers):
logger.setLevel(logging.DEBUG)
formatter = logging.Formatter("%(asctime)s ||| %(levelname)s ||| %(lineno)d ||| %(funcName)s ||| %(message)s",
datefmt='%Y-%m-%d %H:%M:%S')
file_handler = logging.FileHandler('./logs/debug.log' + '.' + today)
file_handler.setLevel(logging.DEBUG)
file_handler.setFormatter(formatter)
logger.addHandler(file_handler)
return logger
def send_msg_to_wework(chat_id, content):
print("hello")
diag = {"chatid": chat_id,
"msgtype": "markdown",
"markdown": {
"content": content}}
headers = {"Content-Type": "application/json"}
diag = json.dumps(diag)
requests.post('http://xxx.weixin.qq.com/cgi-bin/webhook/send?key=xxxxx',
data=diag, headers=headers)
def auth(api_url):
post_data_login = {
"jsonrpc" : "2.0",
"method" : "user.login",
"params" : {
"user" : "xxxxx",
"password" : "xxxxxxxx"
},
"id" : 1
}
"""获取 zabbix 登录令牌"""
ret = requests.post(api_url, data = json.dumps(post_data_login), headers = post_headers)
if 'result' in ret.text:
login_code = json.loads(ret.text).get("result")
print('auth success! , zabbix login code: %s' %login_code)
logger_getter().info('auth success! , zabbix login code: %s' %login_code)
return str(login_code)
elif 'error' in ret.text:
print('auth fails! , exiting')
logger_getter().error('auth fails! , exiting')
sys.exit(-1)
def zabbix_action_status_get(auth_code):
post_update_action = {
"jsonrpc": "2.0",
"method": "action.get",
"params": {
"output": "extend",
"selectOperations": "extend",
"selectRecoveryOperations": "extend",
"selectFilter": "extend"
},
"auth": auth_code,
"id": 1
}
ret = requests.post(url, data = json.dumps(post_update_action), headers = post_headers)
result=json.loads(ret.text)
return result
if __name__ == '__main__':
url = 'http://192.168.2.1/zabbix/api_jsonrpc.php'
post_headers = {'Content-Type': 'application/json'}
chat_id_prod = "xxxxxxxxxx"
auth_code = auth(url)
disabled_action_list = []
all_action_list = zabbix_action_status_get(auth_code)['result']
# print(all_action_list)
for action_specified_id in action_id_list:
for action_all in all_action_list:
# print("***")
action_all_id = action_all['actionid']
action_all_name = action_all['name']
action_all_status = action_all['status']
if action_specified_id == action_all_id and action_all_status == '1':
disabled_action_list.append('触发器名字:' + action_all_name)
if not disabled_action_list:
send_msg_to_wework(chat_id_prod,"# <font color='info'>** Zabbix告警动作审计正常! <@xxxx> <@xxxx><@xxxx>**</font>")
else:
send_msg_to_wework(chat_id_prod,"# <font color='warning'>** 以下Zabbix告警动作审计异常,请及时进行绑定!<@xxxx> <@xxxx><@xxxx>**</font>\n{0}".format('\n'.join(disabled_action_list)))上述脚本将对禁用掉的告警动作通过企业微信机器人发出消息通知。
你需要准备一个叫conf.py的配置文件,里面配置上你需要进行审计的告警动作的id,如下:
action_id_list = ['11','23','34','45']然后修改上述脚本的如下内容:
-
send_msg_to_wework()函数中企业微信机器人的api地址
-
auth()函数中zabbix的用户名和密码
-
第79行的zabbix server的api地址
-
第81行企业微信群的群聊id
-
倒数最后四行中你需要at的同事的企业微信英文名