ElastAlert Install

Install docker

Start Docker

sudo systemctl start docker
sudo systemctl enable docker

Install docker-compose

sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose

Add /usr/local/bin to sudoer

sudo visudo

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin

Pull ElastAlert docker image

sudo docker pull bitsensor/elastalert

git clone source

sudo yum install git
git clone https://github.com/bitsensor/elastalert.git
cd elastalert

start ElastAlert

sudo docker run -d -p 3030:3030 \
    --restart always \
    -v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \
    -v `pwd`/config/smtp_auth_file.yaml:/opt/elastalert/smtp_auth_file.yaml \
    -v `pwd`/config/config.json:/opt/elastalert-server/config/config.json \
    -v `pwd`/rules:/opt/elastalert/rules \
    -v `pwd`/rule_templates:/opt/elastalert/rule_templates \
    --name elastalert bitsensor/elastalert:latest

smtp_auth_file.yaml 是 Email 驗證設定檔

Test Install

http://192.168.21.55:3030/

Add link to kibana.yml

elastalert.serverHost: 192.168.21.55

Install kibana plugin

cd /usr/share/kibana
sudo ./bin/kibana-plugin install 'https://git.bitsensor.io/front-end/elastalert-kibana-plugin/builds/artifacts/6.2.3/raw/artifact/elastalert-kibana-plugin-latest.zip?job=build'

Restart Kibana

sudo systemctl restart kibana