Yelp / elastalert

Easy & Flexible Alerting With ElasticSearch
https://elastalert.readthedocs.org
Apache License 2.0
8k stars 1.74k forks source link

Elastalet fails if alerter type zabbix is used: "ValueError: not enough values to unpack" [bug] #2586

Open selivan opened 4 years ago

selivan commented 4 years ago

Elastalert version: 2.1 Python version: 3.6 (Docker image based on python:3.6-alpine)

Error when trying to use rule with zabbix alerter:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/elastalert/util.py", line 26, in get_module
    module_path, module_class = module_name.rsplit('.', 1)
ValueError: not enough values to unpack (expected 2, got 1)

...

Full traceback here: https://gist.github.com/selivan/42c629cc331226f07bd4fb88e29b7caf

Rule file:


alert:
- zabbix
buffer_time:
  seconds: 30
filter:
- query:
    query_string:
      query: tags:"balancer"
index: someindex-%Y.%m.%d
name: test rule alert command
num_events: 1
realert:
  seconds: 0
timeframe:
  seconds: 20
type: frequency
use_strftime_index: true

zbx_item: trapper_information["test_alert_command"]
zbx_sender_host: "172.20.113.14"
zbx_sender_port: 10051
zbx_host: "wazuh-server2-ire1"
ognjen011 commented 4 years ago

Did you ever figure this out?

selivan commented 4 years ago

@ognjen011 No, I ended up using 'command' alert type to interact with zabbix.

ognjen011 commented 4 years ago

@selivan Too bad ... Would you mind sharing an example of this?

selivan commented 4 years ago

@ognjen011 I plan to write a blog post about this, but can't say when I will have spare time to do it. Shortly, I write to log files using command and read this log files with zabbix logrt() and logrt.count(), first to get text and second to get just 0/1.

Jurka007 commented 4 years ago

Was looking into the code and found that the zabbix alert is not in the loaders.py - so possibly is not loaded at all! I added these lines: from .zabbix import ZabbixAlerter and 'zabbix': ZabbixAlerter to the _alertsmapping function

installed again python setup.py install

and no more errors above!

Set the zabbix item as Zabbix Trapper a got the data!

ognjen011 commented 4 years ago

It didn't work for me i am seeing this error:

File "/usr/local/lib/python3.6/dist-packages/elastalert-0.2.1-py3.6.egg/elastalert/zabbix.py", line 1, in from alerts import Alerter # , BasicMatchString ModuleNotFoundError: No module named 'alerts'

Jurka007 commented 4 years ago

The first line for me on that file looks like this: from elastalert.alerts import Alerter, BasicMatchString No '#'

ognjen011 commented 4 years ago

ok that worked thanks

wajika commented 3 years ago

The first line for me on that file looks like this: from elastalert.alerts import Alerter, BasicMatchString No '#'

hello jurka007.

I have removed the "#" and still have this error

elastalert --verbose --rule ./rules/zbx2.yaml --config ./config.yaml
Traceback (most recent call last):
  File "/usr/local/python36/bin/elastalert", line 11, in <module>
    load_entry_point('elastalert==0.2.4', 'console_scripts', 'elastalert')()
  File "/usr/local/python36/lib/python3.6/site-packages/pkg_resources/__init__.py", line 487, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/local/python36/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2728, in load_entry_point
    return ep.load()
  File "/usr/local/python36/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2346, in load
    return self.resolve()
  File "/usr/local/python36/lib/python3.6/site-packages/pkg_resources/__init__.py", line 2352, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/local/python36/lib/python3.6/site-packages/elastalert/elastalert.py", line 31, in <module>
    from .config import load_conf
  File "/usr/local/python36/lib/python3.6/site-packages/elastalert/config.py", line 9, in <module>
    from . import loaders
  File "/usr/local/python36/lib/python3.6/site-packages/elastalert/loaders.py", line 14, in <module>
    from .zabbix import ZabbixAlerter
  File "/usr/local/python36/lib/python3.6/site-packages/elastalert/zabbix.py", line 2, in <module>
    from alerts import Alerter, BasicMatchString
ModuleNotFoundError: No module named 'alerts'
wajika commented 3 years ago

@ognjen011 No, I ended up using 'command' alert type to interact with zabbix.

How to quote "alert_text" in command?

I tried to use it like this, but it didn't work. command: ['/usr/bin/zabbix_sender','-z192.168.10.99','-stest','-kerror.info','-o%s(service.name)']

wajika commented 3 years ago

@ognjen011 No, I ended up using 'command' alert type to interact with zabbix.

How to quote "alert_text" in command?

I tried to use it like this, but it didn't work. command: ['/usr/bin/zabbix_sender','-z192.168.10.99','-stest','-kerror.info','-o%s(service.name)']

have already been solved

Rubikon23 commented 3 years ago

@wajika Do you can show your line "command:"? My line "command" not send trapp to zabbix(