linuxÇéÐÎϵÄÈÕÖ¾ÆÊÎöÓëÍþв¼ì²â

СÐò£º

Ëæ×Å»¥ÁªÍøµÄ¿ìËÙÉú³¤£¬ÍøÂç¹¥»÷ÒѾ­³ÉΪһ¸ö²»¿ÉºöÊÓµÄÎÊÌ⡣ΪÁ˱£»¤ÎÒÃǵÄÍøÂçºÍϵͳÃâÊܹ¥»÷£¬ÎÒÃÇÐèÒª¶ÔÈÕÖ¾¾ÙÐÐÆÊÎö²¢¾ÙÐÐÍþв¼ì²â¡£±¾ÎĽ«ÏÈÈÝÔõÑùÔÚLinuxÇéÐÎϾÙÐÐÈÕÖ¾ÆÊÎöºÍÍþв¼ì²â£¬²¢ÌṩһЩ´úÂëʾÀý¡£

Ò»¡¢ÈÕÖ¾ÆÊÎö¹¤¾ßÏÈÈÝ

ÔÚLinuxÇéÐÎÖУ¬ÎÒÃÇͨ³£Ê¹ÓÃһЩ¿ªÔ´µÄÈÕÖ¾ÆÊÎö¹¤¾ßÀ´×ÊÖúÎÒÃÇÆÊÎöÈÕÖ¾Îļþ¡£ÆäÖÐ×î³£ÓõŤ¾ß°üÀ¨£º

Logstash£ºLogstashÊÇÒ»¸ö¿ªÔ´µÄÊý¾ÝÍøÂçÒýÇ棬Ëü¿ÉÒÔ´Ó²î±ðµÄȪԴÍøÂçÈÕÖ¾Êý¾Ý£¬ÈçÎļþ¡¢ÍøÂçµÈ£¬²¢½«ËüÃÇת»»Îª½á¹¹»¯µÄÊý¾Ý¹©ºóÐø´¦Àí¡£

Elasticsearch£ºElasticsearchÊÇÒ»¸ö¿ªÔ´µÄËÑË÷ºÍÆÊÎöÒýÇ棬Ëü¿ÉÒÔ¿ìËÙ´¦ÀíºÍÆÊÎöº£Á¿µÄÊý¾Ý¡£

Kibana£ºKibanaÊÇÒ»¸ö¿ªÔ´µÄÊý¾Ý¿ÉÊÓ»¯¹¤¾ß£¬Ëü¿ÉÒÔÓëElasticsearchÅäºÏʹÓÃÀ´Õ¹Ê¾ºÍÆÊÎöÊý¾Ý¡£

¶þ¡¢ÈÕÖ¾ÆÊÎöºÍÍþв¼ì²âÁ÷³Ì

ÍøÂçÈÕÖ¾

Ê×ÏÈ£¬ÎÒÃÇÐèÒªÍøÂçϵͳºÍÓ¦ÓóÌÐò±¬·¢µÄÈÕÖ¾¡£ÔÚLinuxϵͳÖУ¬ÈÕÖ¾Îļþͨ³£´æ´¢ÔÚ/var/logĿ¼Ï¡£ÎÒÃÇ¿ÉÒÔʹÓÃLogstashÀ´ÍøÂçÕâЩÈÕÖ¾Îļþ£¬²¢½«ËüÃÇ·¢Ë͵½Elasticsearch¾ÙÐкóÐøÆÊÎö¡£

ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄLogstashÉèÖÃÎļþʾÀý£º

input {
  file {
    path => "/var/log/*.log"
  }
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
  }
}

µÇ¼ºó¸´ÖÆ

Õâ¸öÉèÖÃÎļþÖ¸¶¨ÁËLogstashÓ¦¸ÃÍøÂç/var/logĿ¼ÏµÄËùÓÐÈÕÖ¾Îļþ£¬²¢½«ËüÃÇ·¢Ë͵½ÍâµØÔËÐеÄElasticsearchʵÀý¡£

ÆÊÎöÈÕÖ¾

Ò»µ©ÈÕÖ¾Êý¾Ý±»·¢Ë͵½Elasticsearch£¬ÎÒÃÇ¿ÉÒÔʹÓÃKibanaÀ´¶ÔÊý¾Ý¾ÙÐÐÆÊÎöºÍ¿ÉÊÓ»¯¡£

ÎÒÃÇ¿ÉÒÔÔÚKibanaµÄ½çÃæÉϽ¨ÉèÒ»¸öеÄDashboard£¬È»ºóÑ¡ÔñÊʵ±µÄ¿ÉÊÓ»¯·½·¨À´ÆÊÎöÈÕÖ¾Êý¾Ý¡£ÀýÈ磬ÎÒÃÇ¿ÉÒÔ½¨ÉèÒ»¸ö±ýͼÀ´ÏÔʾ²î±ðÀàÐ͵Ĺ¥»÷£¬»òÕß½¨ÉèÒ»¸ö±í¸ñÀ´ÏÔʾ×î³£¼ûµÄ¹¥»÷IPµØµã¡£

Íþв¼ì²â

³ýÁËÆÊÎöÈÕÖ¾ÒÔ¼ì²âÒÑÖªÍþв֮Í⣬ÎÒÃÇ»¹¿ÉÒÔʹÓûúеѧϰºÍÐÐΪÆÊÎöµÈÊÖÒÕÀ´¼ì²âδ֪Íþв¡£

ÒÔÏÂÊÇÒ»¸öʹÓÃPython±àдµÄ¼òÆÓµÄÍþв¼ì²âʾÀý´úÂ룺

import pandas as pd
from sklearn.ensemble import IsolationForest

# ¼ÓÔØÈÕÖ¾Êý¾Ý
data = pd.read_csv("logs.csv")

# ÌáÈ¡ÌØÕ÷
features = data.drop(["label", "timestamp"], axis=1)

# ʹÓÃÁæØêÉ­ÁÖËã·¨¾ÙÐÐÍþв¼ì²â
model = IsolationForest(contamination=0.1)
model.fit(features)

# Õ¹ÍûÒì³£Ñù±¾
predictions = model.predict(features)

# Êä³öÒì³£Ñù±¾
outliers = data[predictions == -1]
print(outliers)

µÇ¼ºó¸´ÖÆ

Õâ¸öʾÀý´úÂëʹÓÃÁËÁæØêÉ­ÁÖËã·¨À´¾ÙÐÐÍþв¼ì²â¡£ËüÊ×ÏÈ´ÓÈÕÖ¾Êý¾ÝÖÐÌáÈ¡ÌØÕ÷£¬È»ºóʹÓÃIsolationForestÄ£×ÓÀ´Ê¶±ðÒì³£Ñù±¾¡£

½áÂÛ£º

ͨ¹ýʹÓÃLinuxÇéÐÎϵÄÈÕÖ¾ÆÊÎö¹¤¾ßºÍÍþв¼ì²âÊÖÒÕ£¬ÎÒÃÇ¿ÉÒÔ¸üºÃµØ±£»¤ÎÒÃǵÄϵͳºÍÍøÂçÃâÊܹ¥»÷¡£ÎÞÂÛÊÇÆÊÎöÒÑÖªÍþвÕվɼì²âδ֪Íþв£¬ÈÕÖ¾ÆÊÎöºÍÍþв¼ì²â¶¼ÊÇÍøÂçÇå¾²Öв»¿É»òȱµÄÒ»²¿·Ö¡£

²Î¿¼ÎÄÏ×£º

Elastic. Logstash – Collect, Parse, and Enrich Data. https://www.elastic.co/logstash.

Elastic. Elasticsearch – Fast, Distributed, and Highly Available Search Engine. https://www.elastic.co/elasticsearch.

Elastic. Kibana – Explore & Visualize Your Data. https://www.elastic.co/kibana.

Scikit-learn. Isolation Forest. https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.IsolationForest.html.

ÒÔÉϾÍÊÇLinuxÇéÐÎϵÄÈÕÖ¾ÆÊÎöÓëÍþв¼ì²âµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡