Skip to content

orsinium-labs/elastalert-configuring

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

ElastAlert configuring

Installation

  1. Install ElastAlert into Python 2.7:
    pip install elastalert
  2. Create dirs for configs:
    mkdir -p /etc/elastalert/rules
  3. Place elastalert.yml into /etc/elastalert
  4. Place elastalert.service into /lib/systemd/system/.
  5. Create indices into ElasticSearch:
    elastalert-create-index --config /etc/elastalert/elastalert.yml
  6. Create some rules.
  7. Test rules:
    elastalert-test-rule --config /etc/elastalert/elastalert.yml /etc/elastalert/rules/*.yml
  8. Run service:
    systemctl daemon-reload                 # update configs
    systemctl enable elastalert.service     # auto run on startup
    systemctl start elastalert.service      # run
    systemctl status elastalert.service     # check status

If you're add or modify rules you don't need restart daemon. ElastAlert reread all rules on each check.

References

  1. Rules examples
  2. Documentation
  3. Daemonizing

About

ElastAlert daemonizing and some rules for filebeat and metricbeat

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published