如何 运行 与主管一起使用 ElastAlert
How to run ElastAlert with supervisor
我在 aws 上设置了 elastalert,我可以使用命令 python -m elastalert.elastalert --verbose --rule example_rules/example_frequency.yaml 或 python -m elastalert.elastalert --config ./config.yaml --verbose 直接在终端中调用它,并在终端中输出并在出现错误时向我的电子邮件地址发送电子邮件警报频率匹配。
INFO:elastalert:Sent email to ['MY-EMAIL-ADDRESS@gmail.com']
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ran Rule DOTs JDBC from 2016-03-03 17:38 UTC to 2016-03-03 17:41 UTC: 14 query hits, 7 matches, 1 alerts sent
我有主管 运行ning,但我不确定如何将其发送到 运行 elastalert。
这里是supervisord.conf
的内容
[unix_http_server]
file=/var/run/elastalert_supervisor.sock
[supervisord]
logfile=/var/log/elastalert_supervisord.log
logfile_maxbytes=1MB
logfile_backups=2
loglevel=debug
nodaemon=false
directory=%(here)s
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run/elastalert_supervisor.sock
[program:elastalert]
# running globally
# command=python elastalert.py --verbose
# command=python elastalert.py --config ./config.yaml --verbose
# (alternative) using virtualenv
# command=~/elastalert-master/elastalert --config /elastalert-master/config.yaml --verbose
# command=python -m elastalert.elastalert --config ~/elastalert-master/example_rules/example_frequency.yaml --verbose
command=python elastalert.py --config /elastalert-master/config.yaml --verbose
process_name=elastalert
autorestart=true
startsecs=15
stopsignal=INT
stopasgroup=true
killasgroup=true
stderr_logfile=/var/log/elastalert_stderr.log
stderr_logfile_maxbytes=5MB
stdout_logfile=/var/log/elastalert_stdout.log
如您所见,我正在尝试不同的命令 [program:elastalert] 部分。
这是在 /var/log/elastalert_supervisord.log
中找到的日志片段
2016-03-03 17:10:48,551 WARN received SIGTERM indicating exit request
2016-03-03 17:10:57,251 CRIT Supervisor running as root (no user in config file)
2016-03-03 17:10:57,291 INFO RPC interface 'supervisor' initialized
2016-03-03 17:10:57,291 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-03 17:10:57,293 INFO daemonizing the supervisord process
2016-03-03 17:10:57,293 INFO set current directory: '/etc'
2016-03-03 17:10:57,293 INFO supervisord started with pid 21873
2016-03-03 17:10:58,305 INFO spawned: 'elastalert' with pid 21874
2016-03-03 17:10:58,385 DEBG 'elastalert' stderr output:
python: can't open file 'elastalert.py': [Errno 2] No such file or directory
2016-03-03 17:10:58,385 DEBG fd 9 closed, stopped monitoring <POutputDispatcher at 139842124087376 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stderr)>
2016-03-03 17:10:58,385 DEBG fd 7 closed, stopped monitoring <POutputDispatcher at 139842124089680 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stdout)>
2016-03-03 17:10:58,385 INFO exited: elastalert (exit status 2; not expected)
2016-03-03 17:10:58,385 DEBG received SIGCLD indicating a child quit
2016-03-03 17:10:59,388 INFO spawned: 'elastalert' with pid 21875
2016-03-03 17:10:59,487 DEBG 'elastalert' stderr output:
python: can't open file 'elastalert.py': [Errno 2] No such file or directory
2016-03-03 17:10:59,488 DEBG fd 7 closed, stopped monitoring <POutputDispatcher at 139842124087376 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stdout)>
2016-03-03 17:10:59,488 DEBG fd 9 closed, stopped monitoring <POutputDispatcher at 139842124089680 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stderr)>
2016-03-03 17:10:59,488 INFO exited: elastalert (exit status 2; not expected)
2016-03-03 17:10:59,488 DEBG received SIGCLD indicating a child quit
2016-03-03 17:11:01,493 INFO spawned: 'elastalert' with pid 21885
2016-03-03 17:11:01,539 DEBG 'elastalert' stderr output:
python: can't open file 'elastalert.py': [Errno 2] No such file or directory
2016-03-03 17:11:01,540 DEBG fd 7 closed, stopped monitoring <POutputDispatcher at 139842124087376 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stdout)>
2016-03-03 17:11:01,540 DEBG fd 9 closed, stopped monitoring <POutputDispatcher at 139842124088960 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stderr)>
2016-03-03 17:11:01,540 INFO exited: elastalert (exit status 2; not expected)
2016-03-03 17:11:01,540 DEBG received SIGCLD indicating a child quit
2016-03-03 17:11:04,565 INFO spawned: 'elastalert' with pid 21887
2016-03-03 17:11:04,703 DEBG 'elastalert' stderr output:
python: can't open file 'elastalert.py': [Errno 2] No such file or directory
2016-03-03 17:11:04,703 DEBG fd 7 closed, stopped monitoring <POutputDispatcher at 139842124087376 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stdout)>
2016-03-03 17:11:04,703 DEBG fd 9 closed, stopped monitoring <POutputDispatcher at 139842124088528 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stderr)>
2016-03-03 17:11:04,703 INFO exited: elastalert (exit status 2; not expected)
2016-03-03 17:11:04,703 DEBG received SIGCLD indicating a child quit
2016-03-03 17:11:05,704 INFO gave up: elastalert entered FATAL state, too many start retries too quickly
非常感谢您的帮助。
谢谢 Val 你的评论让我走上正轨
这是 supervisord
命令部分错误的部分
command=python -m elastalert.elastalert --config /root/elastalert-master/config.yaml --verbose
supervisord.conf
......
[program:elastalert]
# running globally
command=python -m elastalert.elastalert --config /root/elastalert-master/config.yaml --verbose
process_name=elastalert
autorestart=true
startsecs=15
stopsignal=INT
stopasgroup=true
killasgroup=true
stderr_logfile=/var/log/elastalert_stderr.log
stderr_logfile_maxbytes=5MB
....
所以我最终并没有那么遥远:D
希望这对其他人有帮助。
G
我在 aws 上设置了 elastalert,我可以使用命令 python -m elastalert.elastalert --verbose --rule example_rules/example_frequency.yaml 或 python -m elastalert.elastalert --config ./config.yaml --verbose 直接在终端中调用它,并在终端中输出并在出现错误时向我的电子邮件地址发送电子邮件警报频率匹配。
INFO:elastalert:Sent email to ['MY-EMAIL-ADDRESS@gmail.com']
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ignoring match for silenced rule Rule DOTs JDBC
INFO:elastalert:Ran Rule DOTs JDBC from 2016-03-03 17:38 UTC to 2016-03-03 17:41 UTC: 14 query hits, 7 matches, 1 alerts sent
我有主管 运行ning,但我不确定如何将其发送到 运行 elastalert。
这里是supervisord.conf
的内容[unix_http_server]
file=/var/run/elastalert_supervisor.sock
[supervisord]
logfile=/var/log/elastalert_supervisord.log
logfile_maxbytes=1MB
logfile_backups=2
loglevel=debug
nodaemon=false
directory=%(here)s
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run/elastalert_supervisor.sock
[program:elastalert]
# running globally
# command=python elastalert.py --verbose
# command=python elastalert.py --config ./config.yaml --verbose
# (alternative) using virtualenv
# command=~/elastalert-master/elastalert --config /elastalert-master/config.yaml --verbose
# command=python -m elastalert.elastalert --config ~/elastalert-master/example_rules/example_frequency.yaml --verbose
command=python elastalert.py --config /elastalert-master/config.yaml --verbose
process_name=elastalert
autorestart=true
startsecs=15
stopsignal=INT
stopasgroup=true
killasgroup=true
stderr_logfile=/var/log/elastalert_stderr.log
stderr_logfile_maxbytes=5MB
stdout_logfile=/var/log/elastalert_stdout.log
如您所见,我正在尝试不同的命令 [program:elastalert] 部分。
这是在 /var/log/elastalert_supervisord.log
2016-03-03 17:10:48,551 WARN received SIGTERM indicating exit request
2016-03-03 17:10:57,251 CRIT Supervisor running as root (no user in config file)
2016-03-03 17:10:57,291 INFO RPC interface 'supervisor' initialized
2016-03-03 17:10:57,291 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-03 17:10:57,293 INFO daemonizing the supervisord process
2016-03-03 17:10:57,293 INFO set current directory: '/etc'
2016-03-03 17:10:57,293 INFO supervisord started with pid 21873
2016-03-03 17:10:58,305 INFO spawned: 'elastalert' with pid 21874
2016-03-03 17:10:58,385 DEBG 'elastalert' stderr output:
python: can't open file 'elastalert.py': [Errno 2] No such file or directory
2016-03-03 17:10:58,385 DEBG fd 9 closed, stopped monitoring <POutputDispatcher at 139842124087376 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stderr)>
2016-03-03 17:10:58,385 DEBG fd 7 closed, stopped monitoring <POutputDispatcher at 139842124089680 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stdout)>
2016-03-03 17:10:58,385 INFO exited: elastalert (exit status 2; not expected)
2016-03-03 17:10:58,385 DEBG received SIGCLD indicating a child quit
2016-03-03 17:10:59,388 INFO spawned: 'elastalert' with pid 21875
2016-03-03 17:10:59,487 DEBG 'elastalert' stderr output:
python: can't open file 'elastalert.py': [Errno 2] No such file or directory
2016-03-03 17:10:59,488 DEBG fd 7 closed, stopped monitoring <POutputDispatcher at 139842124087376 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stdout)>
2016-03-03 17:10:59,488 DEBG fd 9 closed, stopped monitoring <POutputDispatcher at 139842124089680 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stderr)>
2016-03-03 17:10:59,488 INFO exited: elastalert (exit status 2; not expected)
2016-03-03 17:10:59,488 DEBG received SIGCLD indicating a child quit
2016-03-03 17:11:01,493 INFO spawned: 'elastalert' with pid 21885
2016-03-03 17:11:01,539 DEBG 'elastalert' stderr output:
python: can't open file 'elastalert.py': [Errno 2] No such file or directory
2016-03-03 17:11:01,540 DEBG fd 7 closed, stopped monitoring <POutputDispatcher at 139842124087376 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stdout)>
2016-03-03 17:11:01,540 DEBG fd 9 closed, stopped monitoring <POutputDispatcher at 139842124088960 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stderr)>
2016-03-03 17:11:01,540 INFO exited: elastalert (exit status 2; not expected)
2016-03-03 17:11:01,540 DEBG received SIGCLD indicating a child quit
2016-03-03 17:11:04,565 INFO spawned: 'elastalert' with pid 21887
2016-03-03 17:11:04,703 DEBG 'elastalert' stderr output:
python: can't open file 'elastalert.py': [Errno 2] No such file or directory
2016-03-03 17:11:04,703 DEBG fd 7 closed, stopped monitoring <POutputDispatcher at 139842124087376 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stdout)>
2016-03-03 17:11:04,703 DEBG fd 9 closed, stopped monitoring <POutputDispatcher at 139842124088528 for <Subprocess at 139842124370360 with name elastalert in state STARTING> (stderr)>
2016-03-03 17:11:04,703 INFO exited: elastalert (exit status 2; not expected)
2016-03-03 17:11:04,703 DEBG received SIGCLD indicating a child quit
2016-03-03 17:11:05,704 INFO gave up: elastalert entered FATAL state, too many start retries too quickly
非常感谢您的帮助。
谢谢 Val 你的评论让我走上正轨 这是 supervisord
命令部分错误的部分command=python -m elastalert.elastalert --config /root/elastalert-master/config.yaml --verbose
supervisord.conf
......
[program:elastalert]
# running globally
command=python -m elastalert.elastalert --config /root/elastalert-master/config.yaml --verbose
process_name=elastalert
autorestart=true
startsecs=15
stopsignal=INT
stopasgroup=true
killasgroup=true
stderr_logfile=/var/log/elastalert_stderr.log
stderr_logfile_maxbytes=5MB
....
所以我最终并没有那么遥远:D
希望这对其他人有帮助。
G