salt收集windows服务器日志时间

Posted hanshanxiaoheshang

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了salt收集windows服务器日志时间相关的知识,希望对你有一定的参考价值。

定义收集时间区间: time.ps1

$day = get-date -format dd
$bday = $day-1
$btime = get-date -format yyyy-M-
$qtime = $btime+$bday

$htime = get-date -format yyyy-M-d
$a = T00:00:00
$b = T23:59:00

$A = $qtime+$a
$B = $htime+$b

get-eventlog -logname system -after $A -before $B | where {$_.eventID -eq 1} | Format-List

使用salt分发time.ps1文件到各Windows sever中:copydir.sls

copy_dir:
  file.managed:
    - name: C:opstools	ime.ps1 
    - source: salt://zhouz/time.ps1
    - makedirs: True
  cmd.run:
    - name: powershell.exe C:opstools	ime.ps1

使用脚本收集日志并分析

#!/bin/bash
#

fdir="/tmp/first"
sdir="/tmp/second"
tdir="/tmp/third"
fodir="/tmp/forth"

ColLogs() {
    echo "收集原始系统日志:"
    [ -d $fdir ] && rm -rf $fdir && mkdir $fdir || mkdir $fdir 
    #weblist=`salt "主机名" test.ping | grep -v "True" | awk -F : {print $1}`
    #list="`salt "主机名" test.ping | grep -v "True" | awk -F ‘:‘ ‘{print $1}‘ | xargs echo`"
    list="`salt "主机名" test.ping | grep -v "True" | xargs echo | sed "s/://g"`"
    for i in $list; do   
       salt "$i" state.sls zhouz.copydir &> $fdir/$i
       echo "$i is ok"
    done
}

TreatLogsA() {
   echo "整理初始化日志(为对比天、小时、分钟、秒钟等字符串是否一致做准备):"
   [ -d $tdir ] && rm -rf $tdir && mkdir $tdir || mkdir $tdir 
   cd $fdir
   for i in $(ls BX*); do
       grep -A 1 ReplacementStrings $i | xargs echo >$tdir/$i
       cd $tdir
       sed -i s/--/&
/g $i
       sed -i s/--|{|}|[[:space:]]//g $i
      #sed -i s/,/ /g $i
       sed -i s/,/./g $i
       sed -i s/Z//g $i
      #sed -i s/./:/g $i
       sed -i s/ReplacementStrings://g $i
      #sed -i s/T/:/g $i
      #sed -i s/2019-07-[0-9][0-9]T//g $i
      #sed -i s/.[0-9]{4,10}Z//g $i
       echo "$i is ok"
       cd $fdir
    done
}

TreatLogsB() {
   echo "对收集的初始系统日志进行整理(为对比 毫秒差值 做准备):"
   [ -d $sdir ] && rm -rf $sdir && mkdir $sdir || mkdir $sdir
   cd $fdir
   for i in $(ls BX*); do
       grep -A 1 "ReplacementStrings" $i | xargs echo >$sdir/$i
       cd $sdir
       sed -i s/--/&
/g $i
       sed -i s/--|{|}|[[:space:]]|Z//g $i
       sed -i s/,/:/g $i
       sed -i s/, 1//g $i
     # sed -i s/./:/g $i  此处将 . 去掉
       sed -i s/.//g $i
       sed -i s/ReplacementStrings://g $i
       sed -i s/T/:/g $i 
     # sed -i s/2019-07-[0-9][0-9]T//g $i
       echo "$i is ok"
       cd $fdir
    done
}

TreatLogsC() {
   echo "对收集的初始系统日志进行整理(为对比 秒差值 做准备):"
   [ -d $fodir ] && rm -rf $fodir && mkdir $fodir || mkdir $fodir
   cd $fdir
   for i in $(ls BX*); do
       grep -A 1 ReplacementStrings $i | xargs echo >$fodir/$i
       cd $fodir
       sed -i s/--/&
/g $i
       sed -i s/--|{|}|[[:space:]]|Z//g $i
       sed -i s/,/:/g $i
       sed -i s/./:/g $i 
      #sed -i s/.//g $i
       sed -i s/ReplacementStrings://g $i
       sed -i s/T/:/g $i
      #sed -i s/2019-07-[0-9][0-9]T//g $i
       echo "$i is ok"
       cd $fdir
    done
}

LogsDay() {
    echo "对比两列数据中秒钟是否一致:"
    cd $fodir
    mkdir $fodir/dtime &>/dev/null
    for i in $(ls BX*); do
       #cat $i | awk -F ":" {print $1,":"$2,":"$3,($4-$9)} >$fodir/dtime/$i
       cat $i | awk -F ":" {print ($4-$9)} >$fodir/dtime/$i
       cd $fodir/dtime
       #count=`grep -E -v "0|1" $i | wc -l`
       count=`grep -E -v "0" $i | wc -l`
       if [ $count -ge 1 ]; then
           echo "$i have problem"
           grep -v 0 $i
       else 
           echo "$i is ok"
       fi
       cd $fodir
    done
}

DisTimePeriodA() {
   echo "对比天、小时、分钟、秒钟等字符串是否一致(批量)"
   cd $tdir
   mkdir $tdir/dtime &>/dev/null
   read_file=BX*
   for file in ${read_file}; do
      echo "$file"
      for ((i=1;i<=$(cat $file| wc -l);i++)); do
         #first="$(sed -n ${i}p $file| awk ‘{print $1}‘)"
         first="$(sed -n ${i}p $file| awk -F "." ‘{print $1}‘)"
         #second="$(sed -n ${i}p $file | awk ‘{print $2}‘)"
         second="$(sed -n ${i}p $file | awk -F "." ‘{print $3}‘)"
         #echo "${first}"
         #echo "${second}"
         if [ "${first}" == "${second}" ]; then
            echo "${first} = ${second}" &>/dev/null
         else
            A="$(grep $first $file)" 
            #B="$(grep $second $file)" 
            #echo "  ${first} != ${second}"
            echo "  ${A}"
         fi
      done
      echo " "
   done
}


DisTimePeriodB() {
   echo "对比天、小时、分钟、秒钟等字符串是否一致(只查询有问题的主机)"
   cd $tdir
   mkdir $tdir/dtime &>/dev/null
   #read_file=BX*
   #for file in ${read_file}; do
 
      read -p "请输入有问题的主机名: " file
      echo "$file" >>$tdir/dtime/$file
      for ((i=1;i<=$(cat $file| wc -l);i++)); do
        #first="$(sed -n ${i}p $file| awk ‘{print $1}‘)"
         first="$(sed -n ${i}p $file| awk -F "." ‘{print $1}‘)"
        #second="$(sed -n ${i}p $file | awk ‘{print $2}‘)"
         second="$(sed -n ${i}p $file | awk -F "." ‘{print $3}‘)"
         if [ "${first}" == "${second}" ]; then
            echo "${first} = ${second}" &>/dev/null
         else
            #echo "  ${first} != ${second}" >>$tdir/dtime/$file
            A="$(grep $first $file)" 
            echo " ${A}"
         fi
      #   echo " " >>$tdir/dtime/$file
      done
   #done
}


LogsMillisecond() {
    echo "对比两列数据中 毫秒 是否一致:"
    cd $sdir
    mkdir $sdir/mtime &>/dev/null
    for i in $(ls BX*); do
       cat $i | awk -F ":" {print $1,":"$2,":"$3,($4-$8)} | sort -t $  -k4 -n >$sdir/mtime/$i
       cd $sdir/mtime
       echo "=================================================="
       echo "$i 两列毫秒为正数的数值最高的10个"
       cat  $i |tail 
       #echo "=================================================="
       #echo "$i 两列毫秒为正数的数值最小的10个"
       #cat $i |grep -v -[0-9][0-9][0-9][0-9][0-9] |head -15
       echo "=================================================="
       echo "$i 两列毫秒为负数的数值最大的10个"
       cat $i |grep -[0-9][0-9][0-9][0-9] | head 
       #echo "=================================================="
       #echo "$i 两列毫秒为负数的数值最小的10个"
       #cat $i |grep -[0-9][0-9][0-9][0-9] | tail
       cd $sdir
    done
}


#ColLogs
a="ColLogs"
b="TreatLogsA"
c="TreatLogsB"
d="TreatLogsC"
e="LogsDay"
f="DisTimePeriodA"
g="DisTimePeriodB"
h="LogsMillisecond"

echo "请选择你想要执行的功能:
 a: ColLog           收集windows server初始日志;
 b: TreatLogsA       整理初始化日志(为对比天、小时、分钟、秒钟等字符串是否一致做准备);
 c: TreatLogsB       整理初始化日志(为对比  毫秒  差值做准备);
 d: TreatLogsC       整理初始化日志(为对比  秒  差值做准备);
 e: LogsDay          对比两列数据中<< 秒 >>是否一致;
 f: DisTimePeriodA   对比天、小时、分钟、秒钟等字符串是否一致(批量显示);
 g: DisTimePeriodB   对比天、小时、分钟、秒钟等字符串是否一致(只查询有问题的主机);
 h: LogsMillisecond  对比两列数据中<< 毫秒 >>是否一致."

read -n3 -p "请输入:" opt
case $opt in
  a)
    $a ;;
  b)
    $b ;;
  c)
    $c ;;
  d)
    $d ;;
  e)
    $e ;;
  f)
    $f ;;
  g)
    $g ;;
  h) 
    $h ;;
  *)
   echo "No opt"
   exit 1
esac

待补充

 

以上是关于salt收集windows服务器日志时间的主要内容,如果未能解决你的问题,请参考以下文章

业务日志收集方案

基于logstash+elasticsearch+kibana的日志收集分析方案(Windows)

Syslog和Windows事件日志收集

salt控制windows 窗口不显示

如何收集Windows cluster日志

logstash--使用ngxlog收集windows日志