在配置elastalert遇到发邮件出现以下 

点击(此处)折叠或打开

  1. [root@build elastalert]# python3 -m elastalert.elastalert --config /usr/local/elastalert/config.yaml --rule /usr/local/elastalert/example_rules/frequency.yaml --verbose
  2. 1 rules loaded
  3. INFO:elastalert:Starting up
  4. INFO:elastalert:Disabled rules are: []
  5. INFO:elastalert:Sleeping for 59.999919 seconds
  6. INFO:elastalert:Queried rule yaitoo-elk-ping-alert from 2019-12-02 14:28 CST to 2019-12-02 14:43 CST: 4140 / 4140 hits
  7. INFO:elastalert:Queried rule yaitoo-elk-ping-alert from 2019-12-02 14:43 CST to 2019-12-02 14:46 CST: 609 / 609 hits
  8. ERROR:root:Traceback (most recent call last):
  9.   File "/usr/local/elastalert/elastalert/elastalert.py", line 1451, in alert
  10.     return self.send_alert(matches, rule, alert_time=alert_time, retried=retried)
  11.   File "/usr/local/elastalert/elastalert/elastalert.py", line 1545, in send_alert
  12.     alert.alert(matches)
  13.   File "/usr/local/elastalert/elastalert/alerts.py", line 491, in alert
  14.     self.smtp.sendmail(self.from_addr, to_addr, email_msg.as_string())
  15.   File "/usr/local/python36/lib/python3.6/smtplib.py", line 867, in sendmail
  16.     raise SMTPSenderRefused(code, resp, from_addr)
  17. smtplib.SMTPSenderRefused: (503, b'Error: need EHLO and AUTH first !', '[email protected]')

  18. ERROR:root:Uncaught exception running rule yaitoo-elk-ping-alert: (503, b'Error: need EHLO and AUTH first !', '[email protected]')
配置文件如下:

点击(此处)折叠或打开

  1. es_host: 10.10.10.182
  2. es_port: 9200
  3. name: yaitoo-elk-ping-alert
  4. type: frequency
  5. index: node*
  6. num_events: 50
  7. timeframe:
  8.   #hours: 4
  9.   minutes: 5
  10. filter:
  11. - query:
  12.     query_string:
  13.       query: " message: 该账号无法访问服务"
  14. alert:
  15. - "email"
  16. email:
  17. - "[email protected]"
  18. - "[email protected]"
  19. smtp_host: "smtp.exmail.qq.com"
  20. smtp_port: 465
  21. smtp_auth_file: /usr/local/elastalert/example_rules/smtp_auth_file.yaml
  22. from_addr: "[email protected]"
  23. smtp_ssl: true

smtp_hostfrom_addr要加引号
10-26 08:20