Hyper200
commented
6 years ago I have it now connecting to the logging-es service.
I do however get the following error messages:
INFO:elastalert:Sleeping for 59.969921 seconds INFO:elastalert:Queried rule OutOfMemoryError from 2018-05-24 13:15 UTC to 2018-05-24 13:23 UTC: 0 / 0 hits WARNING:elasticsearch:POST https://logging-es:9200/elastalert_status/elastalert_status [status:403 request:0.002s] ERROR:root:Error writing alert info to Elasticsearch: TransportError(403, u'security_exception', u'no permissions for indices:data/write/index') Traceback (most recent call last): File "/opt/app-root/lib/python2.7/site-packages/elastalert/elastalert.py", line 1438, in writeback doc_type=doc_type, body=body) File "/opt/app-root/lib/python2.7/site-packages/elasticsearch/client/utils.py", line 76, in _wrapped return func(*args, params=params, **kwargs) File "/opt/app-root/lib/python2.7/site-packages/elasticsearch/client/init.py", line 319, in index _make_path(index, doc_type, id), params=params, body=body) File "/opt/app-root/lib/python2.7/site-packages/elasticsearch/transport.py", line 314, in perform_request status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout) File "/opt/app-root/lib/python2.7/site-packages/elasticsearch/connection/http_requests.py", line 90, in perform_request self._raise_error(response.status_code, raw_data) File "/opt/app-root/lib/python2.7/site-packages/elasticsearch/connection/base.py", line 125, in _raise_error raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info) AuthorizationException: TransportError(403, u'security_exception', u'no permissions for indices:data/write/index') INFO:elastalert:Ran OutOfMemoryError from 2018-05-24 13:15 UTC to 2018-05-24 13:23 UTC: 0 query hits (0 already seen), 0 matches, 0 alerts sent
Do we need to update permissions for elstalert to post to the indexes?
kilimandjango
Hi Kilimandjango
First of all - I just want to say we are very interested in this project, we have been looking for an open-source utility that would go with kibana/ES for log reporting on RHEL Openshift.
I've tried to build it using the instructions provided, however it is trying to copy a file that does not exist:
[mottmac@bastion ~]$ oc logs elastalert-ocp-1-build Step 1 : FROM registry.access.redhat.com/rhscl/python-27-rhel7@sha256:e40d0ad47bee0a842245ea373f94058064a1a7b077d2f22daa5ee43716f3f581 ---> a1a59e6ccfbd Step 2 : MAINTAINER Kilian Henneboehle "kilian.henneboehle@mailbox.org" ---> Using cache ---> e476fd862c70 Step 3 : ENV ELASTALERT_VERSION 0.1.29 ---> Using cache ---> 9dbc16f3a70c Step 4 : ENV ELASTALERT_HOME /opt/elastalert ---> Using cache ---> b6a8e22e3f86 Step 5 : ENV RULES_DIRECTORY $ELASTALERT_HOME/rules ---> Using cache ---> e31c99277906 Step 6 : ENV CONFIG_DIRECTORY $ELASTALERT_HOME/config ---> Using cache ---> 291b4a2eb7c1 Step 7 : USER root ---> Using cache ---> bc46030b9153 Step 8 : RUN INSTALL_PKGS="python-devel python-setuptools net-tools" && yum -y --disablerepo=* --enablerepo=rhel-7-server-rpms --enablerepo=rhel-server-rhscl-7-rpms install ${INSTALL_PKGS} && yum -y update && yum -q clean all ---> Using cache ---> 863a0eaea5be Step 9 : RUN cd $HOME ---> Using cache ---> 42658219bf55 Step 10 : COPY elastalert-0.1.29.tar.gz /elastalert-0.1.29.tar.gz error: build error: lstat elastalert-0.1.29.tar.gz: no such file or directory
I did manage to get it working by importing the python image
oc import-image my-rhscl/python-27-rhel7 --from=registry.access.redhat.com/rhscl/python-27-rhel7 --confirm
Downloading the git repo locally
Downloaded the elstalert repo as tar.gz and saved as "elastalert-0.1.29.tar.gz" (Version 0.1.31)
oc new-app . --name elstalert-ocp
Thanks