I'm using elastalert from within a NIDS solution called SecurityOnion. I have got elastalert to setup email alerts when we get hit with certain network attacks and it works great.
I know this sounds strange, but I've been asked to get 3 duplicate email alerts (one per minute) for certain events. (It's a longs story as to why I want to do that).
So I figured I could get the alert info dumped into a text file and use a simple bash script to email that to me in a for loop, with a delay to get the same email in the fashion I listed above.
The problem is that I can't get the command alert to work. I just want to run a command called "/usr/local/bin/email-alert.sh".
I get:
Error while running alert command: Error while running command /usr/local/bin/so-alerts.sh: [Errno 2] No such file or directory: '/usr/local/bin/command-alerts.sh'
If I don't specify the full path, I get the same error.
If I omit the brackets, the elastalert.log will say it executed successfully, but the script doesn't appear to run. (If I run the script manually, I get the desired results.)
The scipts permissions are root:root: 755, so It should be executable by elastalert (the user that elastalert runs as). Any other ideas? I tried simple things like inserting "touch /tmp/test.txt" into the script to see if it's running, but nothing seems to happen.
I'm using elastalert from within a NIDS solution called SecurityOnion. I have got elastalert to setup email alerts when we get hit with certain network attacks and it works great.
I know this sounds strange, but I've been asked to get 3 duplicate email alerts (one per minute) for certain events. (It's a longs story as to why I want to do that).
So I figured I could get the alert info dumped into a text file and use a simple bash script to email that to me in a for loop, with a delay to get the same email in the fashion I listed above.
The problem is that I can't get the command alert to work. I just want to run a command called "/usr/local/bin/email-alert.sh".
If I put state it like: alert:
I get: Error while running alert command: Error while running command /usr/local/bin/so-alerts.sh: [Errno 2] No such file or directory: '/usr/local/bin/command-alerts.sh'
If I don't specify the full path, I get the same error.
If I omit the brackets, the elastalert.log will say it executed successfully, but the script doesn't appear to run. (If I run the script manually, I get the desired results.)
The scipts permissions are root:root: 755, so It should be executable by elastalert (the user that elastalert runs as). Any other ideas? I tried simple things like inserting "touch /tmp/test.txt" into the script to see if it's running, but nothing seems to happen.
Thanks in advance.