Monitoring Serwerów - Forum o monitoringu infrastruktury IT
Monitoring Serwerów - Forum o monitoringu infrastruktury IT
Thread Modes
Elastalert on ubuntu
quasimodo
Junior Member
Posts: 22
Threads: 21
Joined: Apr 2020
#1
05-06-2020, 11:14 AM
Czy możecie pomóc w instalacji elastalerta na ubuntuu ?
Męczę się aby wszystko działało z z pythonem 3.6

Mam kilka instrukcji :
https://fabianlee.org/2017/04/17/elk-run...ntu-14-04/
https://elastalert.readthedocs.io/en/lat...alert.html
https://www.fosslinux.com/6240/how-to-in...ubuntu.htm

i cały czas dostaję błędy typu: pip error
Find
Reply
SzymonK
Moderator
Posts: 6
Threads: 0
Joined: Apr 2020
#2
05-11-2020, 07:10 AM (This post was last modified: 05-11-2020, 07:10 AM by SzymonK.)
Miałem taki przypadek na jednym z wdrożeń, udało się nawet wypracować kompletną procedurę!
Daj znać, jakby były jakieś problemy.
Pozdrawiam


Code:
# prepare os
apt-get update
apt-get upgrade
timedatectl set-ntp true
dpkg-reconfigure tzdata => [Europe/Warsaw]

# apt dependencies
apt-get install python3-pip python3-venv libpython3-all-dev gcc

# clone install files
cd /root
git clone https://github.com/Yelp/elastalert.git
cd elastalert
git checkout tags/v0.2.4

# python
cd /opt/
python3.6 -m venv elastalert
source /opt/elastalert/bin/activate
pip install -U pip setuptools
cd /root/elastalert
python setup.py install

# configuration directories
mkdir -p /etc/elastalert/rules
cp /root/elastalert/config.yaml.example /etc/elastalert/config.yaml

# elastalert configuration
vim /etc/elastalert/config.yaml
change => rules_folder: /etc/elastalert/rules
change => es_host: 127.0.0.1
change if needed => es_user:
change if needed => es_password:

# elastalert email configuration
cat <<EOF >> /etc/elastalert/config.yaml
smtp_host: "smtp.example.com"
smtp_port: 587
smtp_ssl: false
from_addr: "elastalert@example.com"
smtp_auth_file: "/opt/elastalert/smtp_auth_file.yml"
EOF

cat <<EOF >> /opt/elastalert/smtp_auth_file.yml
user: "user"
password: "password"
EOF

# dedicated user for service
useradd -M -d /opt/elastalert -s /sbin/nologin elastalert
chown -R elastalert:elastalert /etc/elastalert /opt/elastalert

# service - create service file
cat <<EOF > /etc/systemd/system/elastalert.service
[Unit]
Description=Elastalert

[Service]
Type=simple
User=elastalert
Group=elastalert
Restart=always
WorkingDirectory=/opt/elastalert
ExecStart=/opt/elastalert/bin/elastalert --config
/etc/elastalert/config.yaml
StandardOutput=journal
StandardError=inherit
PIDFile=/var/run/alert.pid

[Install]
WantedBy=multi-user.target
EOF

# before firstrun create elastalert indices - elasticsearch service must
be running and available on port 9200
/opt/elastalert/bin/elastalert-create-index --config
/etc/elastalert/config.yaml

# service - enable service on boot
systemctl daemon-reload
systemctl enable elastalert

# service - start elastalert service
systemctl start elastalert
Find
Reply


Forum Jump:

User Panel Messages

Log Out
My Profile
Pay your profile a visit
User Control Panel
Do some changes on your profile
My Messages
View private messages unread
Avatar
Change avatar
Signature
Change signature