elastalert missing
#13817
Replies: 4 comments
-
It seems to be fixed after disabling all custom rule and enable them back and running, sudo salt-call state.highstate. |
Beta Was this translation helpful? Give feedback.
0 replies
-
now the security onion is not letting acknowledge the alert , what can I do? |
Beta Was this translation helpful? Give feedback.
0 replies
-
Hello, |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Version
2.4.80
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
16
RAM
512
Storage for /
100
Storage for /nsm
1tb
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
No, one or more services are failed (please provide detail below)
Salt Status
No, there are no failures
Logs
Yes, there are additional clues in /opt/so/log/ (please provide detail below)
Detail
Hi,
elastalert is missing for reason that I do not know,
**[root@hostname elastalert]# tail -f elastalert.log
File "/usr/local/lib/python3.11/site-packages/requests/sessions.py", line 701, in send
r = adapter.send(request, kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/requests/adapters.py", line 563, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='hostname', port=9200): Max retries exceeded with url: /.ds-logs-/_eql/search?ignore_unavailable=true (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1002)')))
2024-10-14 13:47:46,560 ERROR elastalert Error running query: ConnectionError(HTTPSConnectionPool(host='hostname', port=9200): Max retries exceeded with url: /.ds-logs-/_eql/search?ignore_unavailable=true (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1002)')))) caused by: SSLError(HTTPSConnectionPool(host='hostname', port=9200): Max retries exceeded with url: /.ds-logs-/_eql/search?ignore_unavailable=true (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1002)'))))
2024-10-14 13:47:46,562 ERROR elastalert Error running query: ConnectionError(HTTPSConnectionPool(host='hostname', port=9200): Max retries exceeded with url: /.ds-logs-/_eql/search?ignore_unavailable=true (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1002)')))) caused by: SSLError(HTTPSConnectionPool(host='hostname', port=9200): Max retries exceeded with url: /.ds-logs-/_eql/search?ignore_unavailable=true (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1002)'))))
2024-10-14 13:47:46,564 ERROR elastalert Error running query: ConnectionError(HTTPSConnectionPool(host='hostname', port=9200): Max retries exceeded with url: /.ds-logs-/_eql/search?ignore_unavailable=true (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1002)')))) caused by: SSLError(HTTPSConnectionPool(host='hostname', port=9200): Max retries exceeded with url: /.ds-logs-/_eql/search?ignore_unavailable=true (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1002)'))))
2024-10-14 13:47:46,566 ERROR elastalert Error running query: ConnectionError(HTTPSConnectionPool(host='hostname', port=9200): Max retries exceeded with url: /.ds-logs-/_eql/search?ignore_unavailable=true (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1002)')))) caused by: SSLError(HTTPSConnectionPool(host='hostname', port=9200): Max retries exceeded with url: /.ds-logs-*/_eql/search?ignore_unavailable=true (Caused by SSLError(SSLEOFError(8, 'E
[root@hostname elastalert]# tail -f stderr.log
File "/usr/local/lib/python3.11/site-packages/elastalert/loaders.py", line 168, in load
rule = self.load_configuration(rule_file, conf, args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/elastalert/loaders.py", line 229, in load_configuration
rule = self.load_yaml(filename)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/elastalert/loaders.py", line 259, in load_yaml
loaded.update(rule)
^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'update'
^C
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions