Errors using Elastalert to post to https://

[JenniferSilverman]

I am using the rule file below and getting the following error. The email part works.

SSLError: HTTPSConnectionPool(host='10.0.1.101', port=9200): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_record', 'wrong version number')],)",),))

name: snmp data ingest pipeline down type: flatline index: snmplogger-* ca_certs: /etc/ssl/certs/ca-bundle.pem threshold: 500000

use_count_query: true doc_type: "doc"

realert: hours: 12

threshold_cur: 10

timeframe: minutes: 15

alert:

• "email"
• "post"

email:

• "user@domain.com" smtp_host: "imap.imapdomain.com" from_addr: "user@domain.com"

post: http_post_url: "https://notify.domain.com" http_post_payload: notification_type: "SNMPtrap" identifier: "name-string-here" end_date_time: "2050-12-31 02:00:00" description: "This is a test" communication_types: ["zendesk", "email", "noc_notification"] http_post_headers: content-type: "application/json" Authorization: "N6a777vFju"

[daichi703n]

Hi, @JenniferSilverman Is your Elasticsearch(10.0.1.101:9200) work with HTTPS? Please paste your result of curl -vk https://10.0.1.101:9200.

[aymenwerg]

Im using the rules file bellow and i don't getting any error in elastalert logs, but i don't recieve any alert in ZAMMAD

alert: post http_post_url: "https://itsm.xxxxxxx.de/api/v1/tickets" http_post_payload: #List of keys:values to use as the content of the POST. Example - ip:clientip will map the value from the clientip index of Elasticsearch to JSON key named ip. description: "this is a test" http_post_headers: Content-Type: "application/json" authorization: "Bearer ah6cjMAzZ4mkU8"