githup 安装手册
git clone https://github.com/Yelp/elastalert.git
https://elastalert.readthedocs.io/en/latest/running_elastalert.html
环境需求
- Elasticsearch
- ISO8601 or Unix timestamped data
- Python 2.7
- pip, see requirements.txt
pip 安装
sudo yum -y install epel-release #安装epel扩展源
sudo yum -y install python-pip #安装pip
安装依赖包
pip install --upgrade setuptools
python -m pip install --upgrade pip
yum install python-devel libxslt-devel libffi-devel openssl-devel gcc gcc-c++ kernel-devel
pip install -r requirements.txt
pip install "elasticsearch>=6.6.1”
修改elastalert/elastalert.py 为支持Elastalert6.6
def modify_rule_for_ES5(new_rule): # Get ES version per rule rule_es = elasticsearch_client(new_rule) - if rule_es.info()[‘version‘][‘number‘].startswith(‘5‘): + version = rule_es.info()[‘version‘][‘number‘][0:1] + if int(version) >= 5: new_rule[‘five‘] = True else: new_rule[‘five‘] = False
创建索引
python elastalert/create_index.py --host localhost --port 9200 --index elastalert
python elastalert/create_index.py --host l00.76.37.64 --port 9200 --index elastalert
启动运行
python -m elastalert.elastalert --verbose
解决方案
Centos/Fedora
sudo yum install python-devel
sudo yum install libevent-devel
easy_install gevent
或者
pip install gevent
把环境更新下
sudo yum install groupinstall 'development tools'
上链接供参考;https://www.cnblogs.com/gerrydeng/p/7159021.html
问题二
解决方案
try pip install boto3
上连接供参考 https://stackoverflow.com/questions/48377297/importerror-no-module-named-botocore-session#
elastaler 邮件告警配置
#在etc 下创建程序工作目录
mkdir -p /etc/elastalert/rules
#进入工作目录复制刚刚创建好的配置文件
cd /etc/elastalert/
cp /opt/elastalert/config.yaml config.yaml
#进入rules 目录复制rule 文件及smtp 认证文件
cp /elastalert/example_rules/my_rule.yaml my_rule.yaml
cp /opt/elastalert/example_rules/smtp_auth_file.yaml smtp_auth_file.yaml
#接下来我们需要修改配置文件中涉及到相应配置文件目录了,
修改 config.yaml 中
rules_folder:/etc/elastalert/rules
修改my_rules.yaml 中
smtp_auth_file: /etc/elastalert/rules/smtp_auth_file.yaml
#接下来就是创建systemd服务了
cd /etc/systemd/system/
vim elastalertd.service
elastaler 进程长期启动方式
[root@es-aleart system]# vim elastalertd.service
[Unit]
Description=elastalertd
After=elasticsearch.service
[Service]
Type=simple
User=root
Group=root
Restart=on-failure
WorkingDirectory=/opt/elastalert
ExecStart=/usr/bin/elastalert --config /etc/elastalert/config.yaml --rule --verbose /etc/elastalert/rules/
[Install]
WantedBy=multi-user.target