Closed ktpktr0 closed 2 years ago
Please do not write an issue as this repository is dead.
Through research, I have solved the problem of using SSL to connect the ES cluster with elasalert. The following is the method to generate the certificate:
Use the digital certificate tool elasticsearch certutil provided by elasticsearch to create the required certificate:
Create a self signed CA certificate, set the access password for the certificate, enter the elasticsearch installation directory / bin, create an SSL folder to store verification related files, and the default output file name is elastic-stack-ca.p12:
/usr/share/elasticsearch/bin/elasticsearch-certutil ca --out /etc/elasticsearch/ssl/elastic-stack-ca.p12 -password pass:""
Export a CA public key file according to the certificate file for use when referencing the CA public key in subsequent configuration files. Enter the newly created SSL folder and execute:
openssl pkcs12 -clcerts -nokeys -in /etc/elasticsearch/ssl/elastic-stack-ca.p12 -out ca.pem
Use a self signed CA to sign and generate a digital certificate used by logstash, with the name es01 (customized. The host is the ES host to which elasalert is connected. Multiple masters only need to connect one node):
echo "" | /Usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca /etc/elasticsearch/SSL/elasticstack-ca.p12 -- name es01 --dns es01 --ip "IP address of es01" --pem -- out /tmp/1.zip
unsubscribe
At 2021-12-01 11:42:46, "Naoyuki Sano" @.***> wrote:
Please do not write an issue as this repository is dead.
look
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
I use the following expression to query the log error, but it will alarm as long as it meets one of the keywords. Using "and" or "at the same time does not take effect
use and
When "dB / DB" or "error / error" appears in the log, an alarm will be given