elastsalert2部署_elastalert2部署教程

elastalert2已经支持kubernetes或者docker部署的方式

 es_host: 10.15.4.121
 es_port: 9200
 name: failedlogin
 type: frequency
 index: pro-sec*
 num_events: 10
 timeframe:
   minutes: 1
 filter:
 - query_string:
     query: "message: Failed AND message: password AND message: for"
 smtp_host: xxxx.com.mail.protection.partner.outlook.cn
 smtp_port: 25
 user: notify@example.com
 from_addr: notify@example.com
 email_reply_to: xxxxx@example.com
 realert:
  minutes: 30
 alert:
 - "email"
 email:
 - "xxxxx@example.com"
 alert_text_type: alert_text_only
 alert_text: |
   Dear Team, the error is aboved 10 in one minute, please take action!
   Check time:  {}
   IP:          {}
   error Message:  "Failed password for" 
  
 alert_text_args:
 - "@timestamp"
 - fields.serverip
 - host.name

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34