【逗老师带你学IT】PRTG监控系统通过企业微信推送告警消息

本文主要介绍如何让PRTG网络监控系统通过企业微信webhook接口发送告警信息

效果就是这样子的↑

---

PRTG简介

https://www.cn.paessler.com/
产品主页

---

企业微信简介

https://work.weixin.qq.com/
产品主页

---

实现原理

1、PRTG监控系统可以自定义告警通知方式，例如调用本地bat脚本或者python脚本。
2、企业微信支持通过webhook接口接收信息。

部署方式

一、企业微信端操作

拉上相关人员建个群，创建一个小机器人。

最重要的是记录下webhook的接口地址

心情好的话，还可以给小机器人改个头像。

二、PRTG端操作

1、写Python

很简单的一段Python代码，不懂的拿去直接用就好。
PRTG安装完成之后，会自动安装python2.7。也可以自行安装python3.8。本案例需要

pip install urllib
pip install requests
pip install json

看CSDN的都是有python基础的同学哈，直接上python代码

import json
import urllib
import requests
import sys
import datetime


def wechatwork_robot():
	now_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
	paramsList =[ "", "探针设备:","设备群组:","节点:", "传感器名称:" , "现在状态:","停机时间:","附加消息:","参数8:","参数9:" ]
	#这里定义需要在告警中显示的字段标题，顺序与PRTG传参进来的参数顺序保持一致
	content = ""
	headers = {"Content-Type": "text/plain"}
	for i in range(len(sys.argv)):
		if i>0:
			content = content +"<font color=\"comment\">"+paramsList[i]+"</font>"+sys.argv[i]+"\n"
	#循环将传入的参数与参数名称标题合并成一个字符串
	data = {
		"msgtype": "markdown",
		"markdown": {
		"content": "**<font color=\"info\">【PTRG微信小机器人】</font>**\n**通知时间:"+ now_time +"**\n"+ content,
		}
	}
	r = requests.post(url='https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=693a91f6-7xxx-4bc4-97a0-0ec2sifa5aaa',headers=headers, json=data)
	#这里的URL字段粘上前面小机器人的真实webhook接口地址
	#安全部的不要研究了，这个地址肯定不是真的
	print(r.text)

wechatwork_robot()

2、写个BAT脚本调用这个Python

PRTG直接调用python使用内置的python2.7的解释器，由于这个程序是基于python 3.7调用的，因此需要通过bat脚本调用python3.7

@echo off
"C:\Users\Administrator\AppData\Local\Programs\Python\Python37\python.exe" "C:\Program Files (x86)\PRTG Network Monitor\Notifications\EXE\wechat_webhook.py" %1 %2 %3 %4 %5 %6 %7 %8 %9

然后，把刚才写好的python和bat脚本，通通丢到

C:\Program Files (x86)\PRTG Network Monitor\Notifications\EXE\

目录下

2、配置PRTG通知模板

登录PRTG，进入设置->账户设置->通知模板

点亮“执行程序”，程序文件选择刚刚我们写好的bat脚本
参数栏，根据刚才python脚本中规定的顺序，按照你的喜好填写需要在告警通知中显示的字段。

paramsList =[ “”, “探针设备:”,“设备群组:”,“节点:”, “传感器名称:” , “现在状态:”,“停机时间:”,“附加消息:”,“参数8:”,“参数9:” ]

PRTG在通知告警的时候，会有三种类型的告警，分别是：
传感器出现停机时立即发送的，停机通知
传感器保持停机状态时，按照用户定义每隔几分钟发送的，重复通知
传感器恢复正常状态时发送的，恢复通知
针对这三种通知的通知模板，我定义的是不太一样的，具体如下：

停机通知
“%probe” “%group” “%device” “%name” “%status” “%lastdown” “%message”
重复通知
“【停机未恢复】%probe” “%group” “%device” “%name” “%status” “%lastdown” “%message”
恢复通知
“%probe” “%group” “%device” “%name” “%status” “%down” “%message”

收到的消息类型也是略有不同

PRTG可以传递的参数非常丰富，具体包含以下可用参数

Placeholder	Contains	Synonym	Version/Usage Comment
%colorofstate	Color of the current object status (HTML hex code)		Might not work in older versions
%company	Paessler’s copyright string
%comments	Comments entered for the sensor	%commentssensor	As of PRTG 15.4.21: resolved placeholders contain the heading Sensor Comments
%commentssensor	Comments entered for the sensor	%comments	As of PRTG 15.4.21: resolved placeholders contain the heading Sensor Comments
%commentsdevice	Comments entered for the parent device		As of PRTG 15.4.21: resolved placeholders contain the heading Device Comments
%commentsgroup	Comments entered for the parent group		As of PRTG 15.4.21: resolved placeholders contain the heading Group Comments
%commentsprobe	Comments entered for the parent probe		Available as of PRTG 12.4;as of PRTG 15.4.21: resolved placeholders contain the heading Probe Comments
%coverage	Covered time span		Might not work in older versions
%cumsince	Since when data has been accumulated
%date	Event’s date, in user’s timezone
%datetime	Event’s date and time, in user’s timezone
%device	Name of the device in which the event was triggered	%server
%deviceid	ID number of the device in which the event was triggered		As of PRTG 7.3.2
%down	Time the item was down
%downtime	Accumulated downtime
%group	Group in which the event was triggered
%groupid	ID number of the group in which the event was triggered		As of PRTG 7.3.2
%history	History of sensor events
%home	PRTG web server URL
%host	IP or DNS name of the device that triggered the event		Can be used as Agent IP in SNMP Trap notifications sent by PRTG (as of PRTG 13.x.7)
%iconofstate	Filename incl. extension of the icon for the current object status		Might not work in older versions
%lastcheck	When was the sensor’s last scan
%lastdown	When was the sensor down for the last time
%lastmessage	What message did the sensor send the last time	%message
%lastup	When was the sensor up for the last time
%lastvalue	What value did the sensor send the last time
%linkprobe	URL of the probe that triggered the event		Might not work in older versions
%linkgroup	URL of the group that triggered the event		Might not work in older versions
%linkdevice	URL of the device that triggered the event		Might not work in older versions
%linksensor	the URL of the sensor that triggered the event		Might not work in older versions
%location	Location of the device/server for which the event was triggered
%message	Which message did the sensor send the last time	%lastmessage
%name	Name of the sensor that triggered the event (including sensor type)	%sensor
%nodename	Name of the node if in a cluster		Might not work in older versions
%objecttags	All tags of a sensor		Available as of PRTG 20.1.56
%parenttags	All tags of a sensor’s parent objects		Available as of PRTG 20.1.56
%prio	Sensor priority setting	%priority
%priority	Sensor priority setting	%prio
%probe	Probe under which the event was triggered
%probeid	ID number of the probe under which the event was triggered		As of PRTG 7.3.2
%programname	PRTG official name
%programversion	PRTG program version
%sensor	Name of the sensor that triggered the event (including sensor type)	%name
%sensorid	ID number of the sensor that triggered the event		As of PRTG 7.3.2
%server	Name of the device under which the event was triggered	%device
%serviceurl	Service URL configured for the device under which the event was triggered		As of PRTG 9.1
%settings	Miscellaneous sensor settings, such as username for Windows, http, pop3 credentials, etc
%shortname	Name of the sensor that triggered the event		As of PRTG 7.1
%since	Since when the current status is active	%statesince
%sitename	PRTG web server (computer) name
%statesince	Since when the current status is active	%since
%status	Old sensor status and current sensor status
%summarycount	Returns the number of events triggered during the defined time span		For summarized notifications only
%syslogerrors	Max. last 20 syslog entries before the notification trigger		As of PRTG 14.x.10;works with Syslog Receiver sensors; can be used in the “message” part of Send Email notifications only!
%syslogmessages	Max. last 20 syslog entries before the notification trigger		As of PRTG 14.x.12;works with Syslog Receiver sensors; can be used in the “message” part of Send Email notifications only!
%syslogwarnings	Max. last 20 syslog entries before the notification trigger		As of PRTG 14.x.10;works with Syslog Receiver sensors; can be used in the “message” part of Send Email notifications only!
%systemdatetime	Date and time when the notification was sent, in user’s timezone
%tags	All tags of a sensor and its parent objects		Available as of PRTG 20.1.56
%time	Event’s time, in user’s timezone
%timezone	User’s timezone name
%toaddress	Address to which the notification was sent
%traperrors	Max. last 20 trap entries before the notification trigger		As of PRTG 14.x.10;Works with SNMP Trap Receiver sensors; can be used in the “message” part of Send Email notifications only!
%trapmessages	Max. last 20 trap entries before the notification trigger		As of PRTG 14.x.12;works with SNMP Trap Receiver sensors; can be used in the “message” part of Send Email notifications only!
%trapwarnings	Max. last 20 trap entries before the notification trigger		As of PRTG 14.x.10;works with SNMP Trap Receiver sensors; can be used in the “message” part of Send Email notifications only!
%uptime	Accumulated uptime

最后，我们需要对需要告警的设备配置通知触发器，可以直接在“root节点”设置通知触发器，然后所有子节点会继承该设置。

搞定！

---

最后，简单介绍一下企业微信的webhook接口（选读）

如何使用群机器人
在终端某个群组添加机器人之后，可以获取到webhook地址，然后开发者用户按以下说明构造post data向这个地址发起HTTP POST 请求，即可实现给该群组发送消息。下面举个简单的例子.

• 假设webhook是：https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=693a91f6-7xxx-4bc4-97a0-0ec2sifa5aaa

特别特别要注意：一定要保护好机器人的webhook地址，避免泄漏！不要分享到github、博客等可被公开查阅的地方，否则坏人就可以用你的机器人来发垃圾消息了。

以下是用curl工具往群组推送文本消息的示例（注意要将url替换成你的机器人webhook地址，content必须是utf8编码）：

curl 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=693axxx6-7aoc-4bc4-97a0-0ec2sifa5aaa' \
   -H 'Content-Type: application/json' \
   -d '
   {
        "msgtype": "text",
        "text": {
            "content": "hello world"
        }
   }'

消息类型及数据格式

文本类型

{
    "msgtype": "text",
    "text": {
        "content": "广州今日天气：29度，大部分多云，降雨概率：60%",
        "mentioned_list":["wangqing","@all"],
        "mentioned_mobile_list":["13800001111","@all"]
    }
}

参数	是否必填	说明
msgtype	是	消息类型，此时固定为text
content	是	文本内容，最长不超过2048个字节，必须是utf8编码
mentioned_list	否	userid的列表，提醒群中的指定成员(@某个成员)，@all表示提醒所有人，如果开发者获取不到userid，可以使用mentioned_mobile_list
mentioned_mobile_list	否	手机号列表，提醒手机号对应的群成员(@某个成员)，@all表示提醒所有人

markdown类型

{
    "msgtype": "markdown",
    "markdown": {
        "content": "实时新增用户反馈<font color=\"warning\">132例</font>，请相关同事注意。\n
         >类型:<font color=\"comment\">用户反馈</font>
         >普通用户反馈:<font color=\"comment\">117例</font>
         >VIP用户反馈:<font color=\"comment\">15例</font>"
    }
}

更多详细的介绍，下面是企业微信官方API接口文档
https://work.weixin.qq.com/api/doc/90000/90136/91770