Home

Awesome

elastalert-docker

elastalert docker images , this image include Wechat enterprise alerter plugin and Dingtalk alerter plugin

elastalert docker 镜像 并且开箱既用的集成了 微信企业号报警插件 和 钉钉报警插件(基于钉钉群机器人的webhook,支持签名安全认证,支持text和markdown格式)

Features(特性)

Usage(使用)

docker run -e"ELASTICSEARCH_HOST=es-host" \
    -e"CONTAINER_TIMEZONE=Asia/Shanghai"  \
    -e"TZ=Asia/Shanghai" \
    -e"ELASTALERT_DINGTALK_ACCESS_TOKEN=xxx" \
    -e"ELASTALERT_DINGTALK_SECURITY_TYPE=sign" \
    -e"ELASTALERT_DINGTALK_SECRET=xxx" \
    anjia0532/elastalert-docker:v0.2.4

demo rules(示例rules)

name: log-error
type: frequency
index: logstash-*
num_events: 20
timeframe:
    minutes: 5
filter:
- query:
    query_string:
      query: "level:ERROR"
      
compare_key:
- app_name
query_key:
- app_name

# 告警抑制
# 5 分钟内相同的报警不会重复发送
realert:
  minutes: 5

exponential_realert:
# 指数级扩大 realert 时间,中间如果有报警,
# 则按照 5 -> 10 -> 20 -> 40 -> 60 不断增大报警时间到制定的最大时间,
# 如果之后报警减少,则会慢慢恢复原始 realert 时间
exponential_realert:
  hours: 1

alert:
- "elastalert_modules.dingtalk_alert.DingTalkAlerter"
#- "elastalert_modules.wechat_qiye_alert.WeChatAlerter"

match_enhancements:
- "elastalert_enhancements.TimeEnhancement.TimeEnhancement"

alert_text_type: alert_text_only
alert_text: |
  从 {} 到 {} 产生了 {} 次 错误日志

  时间: {}

  模块: {}

  内容: {}

  堆栈: `{}`

alert_text_args:
  - local_starttime
  - local_endtime
  - num_hits
  - local_time
  - app_name
  - message
  - stack_trace

Environment Variables(环境变量)

Set at buildtime(构建时设置的变量)

These variables are set during the Docker build, and are generally necessary for running core functionality of Elastalert.

在构建镜像时设置的环境变量,是运行Elastalert所必须的

Env varElastalert config varDefaultDescription
ELASTALERT_HOMEN/A/opt/elastalertPlace Elastalert home here
SET_CONTAINER_TIMEZONEN/ATrueWhether or not to set the container timezone to ${CONTAINER_TIMEZONE}
CONTAINER_TIMEZONEN/AEtc/UTCContainer timezone value
ELASTALERT_RULES_DIRECTORYN/A${ELASTALERT_HOME}/rulesFolder where Elastalert scans for rules
ELASTALERT_PLUGIN_DIRECTORYN/A${ELASTALERT_HOME}/elastalert_modulesFolder where Elastalert scans for alerters
ELASTALERT_ENHANCEMENT_DIRECTORYN/A${ELASTALERT_HOME}/elastalert_enhancementsFolder where Elastalert scans for enhancements
ELASTALERT_CONFIGN/A${ELASTALERT_HOME}/config.yamlName and location of the config file referenced by docker-entrypoint.sh to start the Python daemon
ELASTALERT_INDEXwriteback_indexelastalert_statusName of the Elastalert index in your Elasticsearch cluster
ELASTALERT_SYSTEM_GROUPN/AelastalertName of the user running Elastalert; used for the daemon and folder permissions
ELASTALERT_SYSTEM_USERN/AelastalertName of the group running Elastalert; used for the daemon and folder permissions
ELASTALERT_VERSIONN/A0.1.29Version of Elastalert to install from pip
ELASTICSEARCH_HOSTes_hostelasticsearchDesc
ELASTICSEARCH_PORTes_port9200Desc
ELASTICSEARCH_USE_SSLuse_sslFalseConnect with TLS to Elasticsearch
ELASTICSEARCH_VERIFY_CERTSverify_certsFalseUse SSL authentication with client certificates

Set at runtime(启动时设置)

These variables are settings available in the Elastalert configuration file. Most of these settings apply to third-party integrations (JIRA, OpsGenie, etc), or are things documented here: Elastalert common configuration options

这些环境变量都是Elastalert 配置文件所需的,主要是通用配置和三方集成配置(Wechat,dingtalk等)

common configuration options(常用配置)

Env varElastalert config varDefaultDescription
ELASTALERT_RUN_EVERYrun_every: => minutes:3Number of minutes to wait before re-checking Elastalert rules. Currently only available as values in minutes
ELASTALERT_BUFFER_TIMEbuffer_time: => minutes:45ElastAlert will buffer results from the most recent period of time, in case some log sources are not in real time
ELASTALERT_AWS_REGIONaws_regionNo default set
ELASTICSEARCH_URL_PREFIXes_url_prefixNo default set
ELASTICSEARCH_SEND_GET_BODY_ASes_send_get_body_asNo default set
ELASTALERT_TIME_LIMITalert_time_limit: => minutes:5If an alert fails for some reason, ElastAlert will retry sending the alert until this time period has elapsed
ELASTALERT_DISABLE_RULES_ON_ERRORdisable_rules_on_error: => BoolTrueIf true, ElastAlert will disable rules which throw uncaught (not EAException) exceptions
ELASTALERT_MATCH_ENHANCEMENTSmatch_enhancements: => arrayNo Default setA list of enhancement modules to use with this rule
ELASTALERT_RUN_ENHANCEMENTS_FIRSTrun_enhancements_first: => BoolFalseIf set to true, enhancements will be run as soon as a match is found
ELASTICSEARCH_CA_CERTSca_certsNo default set
ELASTICSEARCH_CLIENT_CERTclient_certNo default set
ELASTICSEARCH_CLIENT_KEYclient_keyNo default set
ELASTICSEARCH_PASSWORDes_passwordNo default set
ELASTICSEARCH_USERes_usernameNo default set

third-party integrations(三方集成)

Env varElastalert config varDefaultDescription
wechat(微信企业号)
ELASTALERT_WECHAT_CORP_IDwechat_corp_idNo default setcorp id
ELASTALERT_WECHAT_SECRETwechat_secretNo default setcorp secret
ELASTALERT_WECHAT_AGENT_IDwechat_agent_idNo default setagent id
ELASTALERT_WECHAT_PARTY_IDwechat_party_idNo default setparty id (party1,party2...)
ELASTALERT_WECHAT_USER_IDwechat_user_idNo default setuser id (user1,user2,user3...)
ELASTALERT_WECHAT_TAG_IDwechat_tag_idNo default settag id(tag1,tag2,tag3...)
dingtalk(钉钉群机器人)
ELASTALERT_DINGTALK_ACCESS_TOKENdingtalk_access_tokenNo default setdingtalk access token
ELASTALERT_DINGTALK_SECURITY_TYPEdingtalk_security_typesignsign/keyword/whitelist
ELASTALERT_DINGTALK_SECRETdingtalk_secretNo default setif ELASTALERT_DINGTALK_SECURITY_TYPE ==sign, must be not null
ELASTALERT_DINGTALK_AT_MOBILESdingtalk_at_mobilesNo default setphone's array to @someone
ELASTALERT_DINGTALK_AT_ALLdingtalk_at_allFalse@all or not
ELASTALERT_DINGTALK_MSGTYPEdingtalk_msgtypetexttext/markdown
E-mail
ELASTALERT_EMAILemailNo default set
ELASTALERT_EMAIL_REPLY_TOemail_reply_toNo default set
ELASTALERT_FROM_ADDRfrom_addrNo default set
ELASTALERT_NOTIFY_EMAILnotify_emailNo default set
ELASTALERT_SMTP_HOSTsmtp_hostNo default set
exotel
ELASTALERT_EXOTEL_ACCOUNT_SIDexotel_account_sidNo default set
ELASTALERT_EXOTEL_AUTH_TOKENexotel_auth_tokenNo default set
ELASTALERT_EXOTEL_FROM_NUMBERexotel_from_numberNo default set
ELASTALERT_EXOTEL_TO_NUMBERexotel_to_numberNo default set
gitter
ELASTALERT_GITTER_MSG_LEVELgitter_msg_levelNo default set
ELASTALERT_GITTER_PROXYgitter_proxyNo default set
ELASTALERT_GITTER_WEBHOOK_URLgitter_webhook_urlNo default set
hipchat
ELASTALERT_HIPCHAT_AUTH_TOKENhipchat_auth_tokenNo default set
ELASTALERT_HIPCHAT_DOMAINhipchat_domainNo default set
ELASTALERT_HIPCHAT_FROMhipchat_fromNo default set
ELASTALERT_HIPCHAT_IGNORE_SSL_ERRORShipchat_ignore_ssl_errorsNo default set
ELASTALERT_HIPCHAT_NOTIFYhipchat_notifyNo default set
ELASTALERT_HIPCHAT_ROOM_IDhipchat_room_idNo default set
jira
ELASTALERT_JIRA_ACCOUNT_FILEjira_account_fileNo default set
ELASTALERT_JIRA_ASSIGNEEjira_assigneeNo default set
ELASTALERT_JIRA_BUMP_IN_STATUSESjira_bump_in_statusesNo default set
ELASTALERT_JIRA_BUMP_NOT_IN_STATUSESjira_bump_not_in_statusesNo default set
ELASTALERT_JIRA_BUMP_TICKETSjira_bump_ticketsNo default set
ELASTALERT_JIRA_COMPONENTjira_componentNo default set
ELASTALERT_JIRA_COMPONENTSjira_componentsNo default set
ELASTALERT_JIRA_ISSUETYPEjira_issuetypeNo default set
ELASTALERT_JIRA_LABELjira_labelNo default set
ELASTALERT_JIRA_LABELSjira_labelsNo default set
ELASTALERT_JIRA_MAX_AGEjira_max_ageNo default set
ELASTALERT_JIRA_PROJECTjira_projectNo default set
ELASTALERT_JIRA_SERVERjira_serverNo default set
ELASTALERT_JIRA_WATCHERSjira_watchersNo default set
opsgenie
ELASTALERT_OPSGENIE_ACCOUNTopsgenie_accountNo default set
ELASTALERT_OPSGENIE_ADDRopsgenie_addrNo default set
ELASTALERT_OPSGENIE_ALIASopsgenie_aliasNo default set
ELASTALERT_OPSGENIE_KEYopsgenie_keyNo default set
ELASTALERT_OPSGENIE_MESSAGEopsgenie_messageNo default set
ELASTALERT_OPSGENIE_PROXYopsgenie_proxyNo default set
ELASTALERT_OPSGENIE_RECIPIENTSopsgenie_recipientsNo default set
ELASTALERT_OPSGENIE_TAGSopsgenie_tagsNo default set
ELASTALERT_OPSGENIE_TEAMSopsgenie_teamsNo default set
pagerduty
ELASTALERT_PAGERDUTY_CLIENT_NAMEpagerduty_client_nameNo default set
ELASTALERT_PAGERDUTY_EVENT_TYPEpagerduty_event_typeNo default set
ELASTALERT_PAGERDUTY_SERVICE_KEYpagerduty_service_keyNo default set
slack
ELASTALERT_SLACK_EMOJI_OVERRIDEslack_emoji_overrideNo default set
ELASTALERT_SLACK_ICON_URL_OVERRIDEslack_icon_url_overrideNo default set
ELASTALERT_SLACK_MSG_COLORslack_msg_colorNo default set
ELASTALERT_SLACK_PARSE_OVERRIDEslack_parse_overrideNo default set
ELASTALERT_SLACK_TEXT_STRINGslack_text_stringNo default set
ELASTALERT_SLACK_USERNAME_OVERRIDEslack_username_overrideNo default set
ELASTALERT_SLACK_WEBHOOK_URLslack_webhook_urlNo default set
telegram
ELASTALERT_TELEGRAM_API_URLtelegram_api_urlNo default set
ELASTALERT_TELEGRAM_BOT_TOKENtelegram_bot_tokenNo default set
ELASTALERT_TELEGRAM_ROOM_IDtelegram_room_idNo default set
twilio
ELASTALERT_TWILIO_ACCOUNT_SIDtwilio_account_sidNo default set
ELASTALERT_TWILIO_AUTH_TOKENtwilio_auth_tokenNo default set
ELASTALERT_TWILIO_FROM_NUMBERtwilio_from_numberNo default set
ELASTALERT_TWILIO_TO_NUMBERtwilio_to_numberNo default set
victorops
ELASTALERT_VICTOROPS_API_KEYvictorops_api_keyNo default set
ELASTALERT_VICTOROPS_ENTITY_DISPLAY_NAMEvictorops_entity_display_nameNo default set
ELASTALERT_VICTOROPS_MESSAGE_TYPEvictorops_message_typeNo default set
ELASTALERT_VICTOROPS_ROUTING_KEYvictorops_routing_keyNo default set

Build(构建)

git clone https://github.com/anjia0532/elastalert-docker.git

cd elastalert-docker

docker build . -t anjia0532/elastalert-docker:v0.2.4 \ 
    [-t anjia0532/elastalert-docker:latest] [--build-arg ELASTALERT_VERSION=0.2.4] \
    [--build-arg MIRROR=true --build-arg ALPINE_HOST="mirrors.aliyun.com" --build-arg PIP_MIRROR="https://mirrors.aliyun.com/pypi/simple/"]

Note:

注意:

Thanks(鸣谢)

Feedback(反馈)

welcome to commit new issues

有问题的话欢迎提交 新的 issues 来向我反馈

Copyright and License(版权和授权信息)

This module is licensed under the BSD license.

Copyright (C) 2020-, by AnJia anjia0532@gmail.com.

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.