点击(此处)折叠或打开
- [root@build elastalert]# python3 -m elastalert.elastalert --config /usr/local/elastalert/config.yaml --rule /usr/local/elastalert/example_rules/frequency.yaml --verbose
- 1 rules loaded
- INFO:elastalert:Starting up
- INFO:elastalert:Disabled rules are: []
- INFO:elastalert:Sleeping for 59.999919 seconds
- INFO:elastalert:Queried rule yaitoo-elk-ping-alert from 2019-12-02 14:28 CST to 2019-12-02 14:43 CST: 4140 / 4140 hits
- INFO:elastalert:Queried rule yaitoo-elk-ping-alert from 2019-12-02 14:43 CST to 2019-12-02 14:46 CST: 609 / 609 hits
- ERROR:root:Traceback (most recent call last):
- File "/usr/local/elastalert/elastalert/elastalert.py", line 1451, in alert
- return self.send_alert(matches, rule, alert_time=alert_time, retried=retried)
- File "/usr/local/elastalert/elastalert/elastalert.py", line 1545, in send_alert
- alert.alert(matches)
- File "/usr/local/elastalert/elastalert/alerts.py", line 491, in alert
- self.smtp.sendmail(self.from_addr, to_addr, email_msg.as_string())
- File "/usr/local/python36/lib/python3.6/smtplib.py", line 867, in sendmail
- raise SMTPSenderRefused(code, resp, from_addr)
- smtplib.SMTPSenderRefused: (503, b'Error: need EHLO and AUTH first !', '[email protected]')
- ERROR:root:Uncaught exception running rule yaitoo-elk-ping-alert: (503, b'Error: need EHLO and AUTH first !', '[email protected]')
点击(此处)折叠或打开
- es_host: 10.10.10.182
- es_port: 9200
- name: yaitoo-elk-ping-alert
- type: frequency
- index: node*
- num_events: 50
- timeframe:
- #hours: 4
- minutes: 5
- filter:
- - query:
- query_string:
- query: " message: 该账号无法访问服务"
- alert:
- - "email"
- email:
- - "[email protected]"
- - "[email protected]"
- smtp_host: "smtp.exmail.qq.com"
- smtp_port: 465
- smtp_auth_file: /usr/local/elastalert/example_rules/smtp_auth_file.yaml
- from_addr: "[email protected]"
- smtp_ssl: true
smtp_host和from_addr要加引号