-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Required config for ssl config for elk #164
Comments
kibana.yml configurations -
|
Is it docker? .. What is the docker image name of elastalert-server specified? |
If you do not delete the comments after "//" and "//", an error should occur.
after
|
As a precaution when debugging, note that the alert will not be skipped if debug is set to true in config.json of ElastAlert Server. example
|
I think that elastalert-kibana-plugin has been discontinued, so I don't think it will be fixed even if it doesn't work due to a bug. |
with latest image bitsensor/elastalert:3.0.0-beta.0 |
any alternative tool for GUI Based Kibana alert Plugin? |
bitsensor / elastalert does not have the following settings.
|
Praeco. By the way, I'm the co-maintainer of Praeco. |
By the way, I'm also the co-maintainer of johnsusek / elastalert-server. |
It forks elastalert-kibana-plugin and supports up to Kibana 7.9.3. It needs to be remade to support Kibana 7.10 or later, and it has not been started yet. |
by the way am using kibana 7.9.3 version for the elastalert kibana plugin.. |
Looking for it ASAP. |
Ask a question in the repository you are maintaining |
We configured the ELK with ssl based. How to config Elastalert with SSL based authentication?
please share the SSL parameter to pass it config.json and elastalert.yaml ??
Kibana.yml
[root@elk-logging elastalert]# cat /etc/kibana/kibana.yml
server.host: "elk-logging"
server.port: 5601
elasticsearch.hosts: ["https://elk-logging.xxcxcx.net:9200"]
elasticsearch.password: XXXXXCXCX
Elasticsearch from/to Kibana
elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/ca/ca.crt
elasticsearch.ssl.certificate: /etc/kibana/certs/kibana.crt
elasticsearch.ssl.key: /etc/kibana/certs/kibana.key
elasticsearch.ssl.verificationMode: none
Browser from/to Kibana
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.key: /etc/kibana/certs/kibana.key
Elasticsearch authentication
xpack.security.enabled: true
elasticsearch.username: elastic
server.defaultRoute: /app/wazuh
#Elastalert Hosts
elastalert-kibana-plugin.serverHost: elk-logging
elastalert-kibana-plugin.serverPort: 3030
elastalert -- config
[root@elk-logging config]# cat config.json
{
"appName": "elastalert-server",
"port": 3030,
"wsport": 3333,
"elastalertPath": "/opt/elastalert",
"verbose": true,
"es_debug": true,
"debug": true,
"rulesPath": {
"relative": true,
"path": "/rules"
},
"templatesPath": {
"relative": true,
"path": "/rule_templates"
},
"es_host": "elk-logging",
"es_username": "elastic", // Option basic-auth username and password for Elasticsearch
"es_password": "XXXXXCXCX", // Option basic-auth username and password for Elasticsearch
"es_ssl": true, // Enable/Disable SSL
"es_ca_certs": "/etc/elasticsearch/certs/ca/ca.crt", // Path to ca for ElasticSearch (SSL must be enabled)
"es_client_cert": "/etc/elasticsearch/certs/elasticsearch.crt", // Path to cert for ElasticSearch (SSL must be enabled)
"es_client_key": "/etc/elasticsearch/certs/elasticsearch.key", // Path to key for ElasticSearch (SSL must be enabled)
"es_port": 9200,
"writeback_index": "elastalert_status"
}
Elastalert Elasticsearch.yaml
The elasticsearch hostname for metadata writeback
Note that every rule can have its own elasticsearch host
es_host: elk-logging
The elasticsearch port
es_port: 9200
This is the folder that contains the rule yaml files
Any .yaml file will be loaded as a rule
rules_folder: rules
How often ElastAlert will query elasticsearch
The unit can be anything from weeks to seconds
run_every:
seconds: 5
ElastAlert will buffer results from the most recent
period of time, in case some log sources are not in real time
buffer_time:
minutes: 1
Optional URL prefix for elasticsearch
#es_url_prefix: elasticsearch
Connect with TLS to elasticsearch
use_ssl: True
Verify TLS certificates
verify_certs: True
client_cert: "/etc/elasticsearch/certs/elasticsearch.crt"
client_key: "/etc/elasticsearch/certs/elasticsearch.key"
ca_certs: "/etc/elasticsearch/certs/ca/ca.crt"
GET request with body is the default option for Elasticsearch.
If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
for details
#es_send_get_body_as: GET
Option basic-auth username and password for elasticsearch
es_username: elastic
es_password: XXXXXXCXXX
The index on es_host which is used for metadata storage
This can be a unmapped index, but it is recommended that you run
elastalert-create-index to set a mapping
writeback_index: elastalert_status
If an alert fails for some reason, ElastAlert will retry
sending the alert until this time period has elapsed
alert_time_limit:
days: 2
[root@elk-logging elastalert]# docker start --interactive elastalert
14:31:12.693Z INFO elastalert-server: Config: No config.dev.json file was found in /opt/elastalert-server/config/config.dev.json.
14:31:12.696Z INFO elastalert-server: Config: Proceeding to look for normal config file.
14:31:12.697Z INFO elastalert-server: Config: A config file was found in /opt/elastalert-server/config/config.json. Using that config.
14:31:12.720Z INFO elastalert-server: Router: Listening for GET request on /.
14:31:12.720Z INFO elastalert-server: Router: Listening for GET request on /status.
14:31:12.721Z INFO elastalert-server: Router: Listening for GET request on /status/control/:action.
14:31:12.721Z INFO elastalert-server: Router: Listening for GET request on /status/errors.
14:31:12.721Z INFO elastalert-server: Router: Listening for GET request on /rules.
14:31:12.723Z INFO elastalert-server: Router: Listening for GET request on /rules/:id.
14:31:12.723Z INFO elastalert-server: Router: Listening for POST request on /rules/:id.
14:31:12.723Z INFO elastalert-server: Router: Listening for DELETE request on /rules/:id.
14:31:12.723Z INFO elastalert-server: Router: Listening for GET request on /templates.
14:31:12.723Z INFO elastalert-server: Router: Listening for GET request on /templates/:id.
14:31:12.724Z INFO elastalert-server: Router: Listening for POST request on /templates/:id.
14:31:12.724Z INFO elastalert-server: Router: Listening for DELETE request on /templates/:id.
14:31:12.724Z INFO elastalert-server: Router: Listening for POST request on /test.
14:31:12.724Z INFO elastalert-server: Router: Listening for GET request on /config.
14:31:12.724Z INFO elastalert-server: Router: Listening for POST request on /config.
14:31:12.724Z INFO elastalert-server: Router: Listening for POST request on /download.
14:31:12.724Z INFO elastalert-server: Router: Listening for GET request on /metadata/:type.
14:31:12.725Z INFO elastalert-server: Router: Listening for GET request on /mapping/:index.
14:31:12.725Z INFO elastalert-server: Router: Listening for POST request on /search/:index.
14:31:12.742Z ERROR elastalert-server:
Server: Starting server failed with error: TypeError: object must be passed
at module.exports (/opt/elastalert-server/node_modules/object-resolve-path/object-resolve-path.js:13:11)
at ServerConfig.get (/opt/elastalert-server/src/common/config/server_config.js:32:12)
at /opt/elastalert-server/src/elastalert_server.js:67:58
at /opt/elastalert-server/src/common/config/server_config.js:60:9
at Array.forEach ()
at /opt/elastalert-server/src/common/config/server_config.js:59:22
14:31:12.742Z INFO elastalert-server: Server: Stopping server
/opt/elastalert-server/src/common/websocket.js:34
wss.clients.forEach(function (ws) {
^
TypeError: Cannot read property 'clients' of null
at Timeout._onTimeout (/opt/elastalert-server/src/common/websocket.js:22:7)
at listOnTimeout (internal/timers.js:531:17)
at processTimers (internal/timer
The text was updated successfully, but these errors were encountered: