Sumo jira example
Jump to navigation
Jump to search
Sumo, Pagerduty, Jira Automation based on logs per seconds
Requirements
pip install requests
Service via Systemd
/etc/systemd/system/sumo-monitor
[Unit] Description=Sumo Logic Monitor Service After=network.target [Service] ExecStart=/usr/bin/python3 /path/to/sumo-monitor.py Restart=always User=nobody Group=nogroup [Install] WantedBy=multi-user.target
Pagerduty, Jira, Sumo
import requests import time from requests.auth import HTTPBasicAuth # Configuration SUMO_API_URL = "https://api.sumologic.com/api/v1/collectors" SUMO_SEARCH_URL = "https://api.sumologic.com/api/v1/logs/search" SUMO_ACCESS_ID = "your_sumo_access_id" SUMO_ACCESS_KEY = "your_sumo_access_key" COLLECTOR_ID = "your_collector_id" SEARCH_QUERY = '_sourceCategory=your_source_category | count by _sourceHost' CHECK_INTERVAL = 600 # 600 seconds PAGERDUTY_API_URL = "https://events.pagerduty.com/v2/enqueue" PAGERDUTY_ROUTING_KEY = "your_pagerduty_routing_key" def check_collector_health(): headers = { 'Content-Type': 'application/json', 'Authorization': f'Basic {SUMO_ACCESS_ID}:{SUMO_ACCESS_KEY}' } response = requests.get(f"{SUMO_API_URL}/{COLLECTOR_ID}", headers=headers) if response.status_code == 200: collector = response.json() return collector['collector']['alive'] else: print(f"Failed to get collector health: {response.status_code}") return False def check_log_count(): headers = { 'Content-Type': 'application/json', 'Authorization': f'Basic {SUMO_ACCESS_ID}:{SUMO_ACCESS_KEY}' } params = { 'q': SEARCH_QUERY, 'from': 'now-10m', 'to': 'now' } response = requests.get(SUMO_SEARCH_URL, headers=headers, params=params) if response.status_code == 200: logs = response.json() return logs['count'] > 10 else: print(f"Failed to get log count: {response.status_code}") return False def create_pagerduty_alert(): headers = { 'Content-Type': 'application/json' } data = { "routing_key": PAGERDUTY_ROUTING_KEY, "event_action": "trigger", "payload": { "summary": "Log count below threshold", "severity": "critical", "source": "sumo_monitor.py", "component": "log_monitor", "group": "log_group", "class": "log_class", "custom_details": { "description": "The log count is below 10 in the last 600 seconds." } } } response = requests.post(PAGERDUTY_API_URL, headers=headers, json=data) if response.status_code == 202: print("PagerDuty alert created successfully.") else: print(f"Failed to create PagerDuty alert: {response.status_code} - {response.text}") def main(): while True: collector_health = check_collector_health() log_count_ok = check_log_count() if collector_health and log_count_ok: print("Collector health is good and log count is sufficient.") else: print("Collector health or log count check failed.") if not log_count_ok: create_pagerduty_alert() time.sleep(CHECK_INTERVAL) if __name__ == "__main__": main()
NO PD
sudo systemctl daemon-reload sudo systemctl enable sumo-monitor.service sudo systemctl start sumo-monitor.service sudo systemctl status sumo-monitor.service
sumo-monitor.py
import requests import time from requests.auth import HTTPBasicAuth # Configuration SUMO_API_URL = "https://api.sumologic.com/api/v1/collectors" SUMO_SEARCH_URL = "https://api.sumologic.com/api/v1/logs/search" SUMO_ACCESS_ID = "your_sumo_access_id" SUMO_ACCESS_KEY = "your_sumo_access_key" COLLECTOR_ID = "your_collector_id" SEARCH_QUERY = '_sourceCategory=your_source_category | count by _sourceHost' CHECK_INTERVAL = 600 # 600 seconds JIRA_API_URL = "https://your_jira_instance.atlassian.net/rest/api/2/issue" JIRA_USERNAME = "your_jira_username" JIRA_API_TOKEN = "your_jira_api_token" JIRA_PROJECT_KEY = "your_project_key" JIRA_ISSUE_TYPE = "Task" def check_collector_health(): headers = { 'Content-Type': 'application/json', 'Authorization': f'Basic {SUMO_ACCESS_ID}:{SUMO_ACCESS_KEY}' } response = requests.get(f"{SUMO_API_URL}/{COLLECTOR_ID}", headers=headers) if response.status_code == 200: collector = response.json() return collector['collector']['alive'] else: print(f"Failed to get collector health: {response.status_code}") return False def check_log_count(): headers = { 'Content-Type': 'application/json', 'Authorization': f'Basic {SUMO_ACCESS_ID}:{SUMO_ACCESS_KEY}' } params = { 'q': SEARCH_QUERY, 'from': 'now-10m', 'to': 'now' } response = requests.get(SUMO_SEARCH_URL, headers=headers, params=params) if response.status_code == 200: logs = response.json() return logs['count'] > 10 else: print(f"Failed to get log count: {response.status_code}") return False def create_jira_ticket(): headers = { 'Content-Type': 'application/json' } auth = HTTPBasicAuth(JIRA_USERNAME, JIRA_API_TOKEN) data = { "fields": { "project": { "key": JIRA_PROJECT_KEY }, "summary": "Log count below threshold", "description": "The log count is below 10 in the last 600 seconds.", "issuetype": { "name": JIRA_ISSUE_TYPE } } } response = requests.post(JIRA_API_URL, headers=headers, auth=auth, json=data) if response.status_code == 201: print("Jira ticket created successfully.") else: print(f"Failed to create Jira ticket: {response.status_code} - {response.text}") def main(): while True: collector_health = check_collector_health() log_count_ok = check_log_count() if collector_health and log_count_ok: print("Collector health is good and log count is sufficient.") else: print("Collector health or log count check failed.") if not log_count_ok: create_jira_ticket() time.sleep(CHECK_INTERVAL) if __name__ == "__main__": main()