I have setup elk with elastalert plugin install in elk as docker container and docker service is working fine. But email is not working.
Please tell me where im wrong and why email is not triggering previous few months back it was working due some issue it was not working. So i setup a new elastalert
Here is the elastalert.yml with the file is docker-compse.yml
cat docker-compose.yml
And
Here is the Email Alert trigger to my gmail account added in ElastAlert Kibana Plugin
# Alert when the rate of events exceeds a threshold
# (Optional)
# Elasticsearch host
# es_host: elasticsearch.example.com
es_host: xxxxxx
# (Optional)
# Elasticsearch port
es_port: 14900
# (OptionaL) Connect with SSL to Elasticsearch
#use_ssl: True
# (Optional) basic-auth username and password for Elasticsearch
es_username: xxxxxx
es_password: xxxxx
# (Required)
# Rule name, must be unique
name: Exception Alert
# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
#type: blacklist
type: any
include: ["message"]
#aggregation:
# minutes: 1
# (Required)
# Index to search, wildcard supported
index: logstash*
# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
#num_events: 1
# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
# hours: 1
# minutes: 1
seconds: 1
#compare_key: "message"
#blacklist:
#- "error"
realert:
minutes: 5
#This is send out all matches in one email
# seconds: 0
#filter:
#- term:
# message: "[error]"
#filter:
# - match:
# message: "job"
filter:
- query:
query_string:
# query: "message: exception AND message: control"
query: "Received"
#filter:
#- query:
# query_string:
# query: "message: error"
##################################
#alert_subject: "Exception Alert on {0}"
#alert_subject_args:
# - hostname
#alert_text: |-
# Message: {0}
# Exception Messages.
# Details of the event:
# Message: {0}
alert_text_args:
- message
##################################
alert:
#- "slack"
- "email"
# Exception Messages.
# Details of the event:
# Message: {0}
#alert_text_args:
#- message
#- slack
slack_webhook_url: "https://hooks.slack.com/services/TE70E2AGM/z2iUkv2n"
slack_username_override: "ElastAlert"
#slack_username_override: "Mohd Rashid"
#- email
email: ["rashidmd777@gmail.com"]
smtp_host: "smtp.gmail.com"
smtp_port: "587"
from_addr: "test@gmail.com"
And
Here is the elastalert.yaml inside config folder
cat config/elastalert.yaml
# The elasticsearch hostname for metadata writeback
# Note that every rule can have its own elasticsearch host
#es_host: localhost
es_host: xxxxx
# The elasticsearch port
es_port: 14900
# This is the folder that contains the rule yaml files
# Any .yaml file will be loaded as a rule
smtp_auth_file: /opt/elastalert/smtp_auth_file.yml
rules_folder: rules
# How often ElastAlert will query elasticsearch
# The unit can be anything from weeks to seconds
run_every:
seconds: 5
# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
minutes: 1
# Optional URL prefix for elasticsearch
#es_url_prefix: elasticsearch
# Connect with TLS to elasticsearch
#use_ssl: True
# Verify TLS certificates
#verify_certs: True
# GET request with body is the default option for Elasticsearch.
# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
# for details
#es_send_get_body_as: GET
# Option basic-auth username and password for elasticsearch
es_username: xxxxx
es_password: xxxxx
# The index on es_host which is used for metadata storage
# This can be a unmapped index, but it is recommended that you run
# elastalert-create-index to set a mapping
writeback_index: elastalert_status
# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
alert_time_limit:
And
Here is inside the elastalert docker container files
And
Here is the elastalert folder inside all files/folder which im using it
CONTRIBUTING.md Dockerfile Dockerfile1 LICENSE.md Makefile README.md config docker-compose.yml elastalert_modules index.js package.json rule_templates rules scripts src
And
For above "rules" folder i have given full permission
nsano-rururu
commented
2 years ago
Hi All,
I have setup elk with elastalert plugin install in elk as docker container and docker service is working fine. But email is not working.
Please tell me where im wrong and why email is not triggering previous few months back it was working due some issue it was not working. So i setup a new elastalert
Here is the elastalert.yml with the file is docker-compse.yml cat docker-compose.yml
And Here is the smtp_auth_file.yml
And Here is the Email Alert trigger to my gmail account added in ElastAlert Kibana Plugin
And Here is the elastalert.yaml inside config folder
cat config/elastalert.yaml
And Here is inside the elastalert docker container files
And Here is the elastalert folder inside all files/folder which im using it CONTRIBUTING.md Dockerfile Dockerfile1 LICENSE.md Makefile README.md config docker-compose.yml elastalert_modules index.js package.json rule_templates rules scripts src
And For above "rules" folder i have given full permission