elastalert send me 0 hit query doesn't work ? please help

salim391 commented 3 years ago

--lnx_file_or_folder_permissions.yaml-- name: file_or_folder_permissions_change_0 description: Detects file and folder permission changes index: auditbeat-* priority: 4 realert: minutes: 0 filter:

query_string: query: (a0:(chmod OR chown) AND type:"EXECVE") type: any alert:
debug

result show elastalert-test-rule --config config.yaml example_rules/lnx_file_or_folder_permissions.yaml

INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent. To send them but remain verbose, use --verbose instead. Didn't get any results. INFO:elastalert:Note: In debug mode, alerts will be logged to console but NOT actually sent. To send them but remain verbose, use --verbose instead. 1 rules loaded INFO:apscheduler.scheduler:Adding job tentatively -- it will be properly scheduled when the scheduler starts INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 11:14 +06 to 2021-09-08 11:29 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 11:29 +06 to 2021-09-08 11:44 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 11:44 +06 to 2021-09-08 11:59 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 11:59 +06 to 2021-09-08 12:14 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 12:14 +06 to 2021-09-08 12:29 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 12:29 +06 to 2021-09-08 12:44 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 12:44 +06 to 2021-09-08 12:59 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 12:59 +06 to 2021-09-08 13:14 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 13:14 +06 to 2021-09-08 13:29 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 13:29 +06 to 2021-09-08 13:44 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 13:44 +06 to 2021-09-08 13:59 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 13:59 +06 to 2021-09-08 14:14 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 14:14 +06 to 2021-09-08 14:29 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 14:29 +06 to 2021-09-08 14:44 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 14:44 +06 to 2021-09-08 14:59 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 14:59 +06 to 2021-09-08 15:14 +06: 0 / 0 hits INFO:elastalert:Queried rule file_or_folder_permissions_change_0 from 2021-09-08 15:14 +06 to 2021-09-08 15:29 +06: 0 / 0 hits

salim391 commented 3 years ago

any one please help!!!

ghost commented 2 years ago

Look at the FAQ first before asking this issue. I will assist you in any further help.

Yelp / elastalert

elastalert send me 0 hit query doesn't work ? please help #3211

debug