설치하시다가 안되시면 댓글로 로그 같은 거 남겨주세요. 도와드릴 수 있는 만큼은 도와드리겠습니다. 해당 매뉴얼은 제가 설치할 때의 상황일 뿐, 각 환경마다 오류가 다를 것 같아요. 저도 이거 설치하느라 애 먹었습니다. 거의 3일간 삽질!

 

kibana에서 elastalert 구성 시 필수사항

python 3.6 (3.7, 3.8은 해보지 않아서 모르겠지만, 3.9 이상은 절대 설치 불가)

 

elastalert은 elasticsearch에 특정 메시지가 도착할 경우 알람을 주기 위한 서비스입니다.

 

   elastialert install_1: https://github.com/Yelp/elastalert

   elastialert install_2: https://github.com/bitsensor/elastalert

   elastalert-plugin: https://github.com/karql/elastalert-kibana-plugin/releases

 

elastalert 설치한 RAW 데이터 입니다. 설치 방법만 보시고 싶으시다면 아래 게시물로 이동해주세요.

https://dirt-spoon.tistory.com/58

 

elastalert 설치 명령어 정리

# pip3 install --upgrade pip

# pip install setuptools-rust

# yum install gcc libffi-devel python36-devel openssl-devel

# pip install elastalert

# cd /opt

# git clone https://github.com/Yelp/elastalert.git

# cd elastalert

# pip install --ignore-installed PyYAML -r requirements.txt

# cd ..

# rm -rf ./elastalert/

# git clone https://github.com/bitsensor/elastalert.git && cd elastalert

# yum install npm bunyan babel-register babel-preset-es2015 express body-parser joi object-resolve-path mkdirp ws lodash elasticsearch tar fs-extra request-promise-native request randomstring cors util babel-cli raven eslint husky istanbul mocha 

# python -m pip install --upgrade 'elasticsearch>=7.16,<8'

# echo \

'rules_folder: rules # 폴더명

 

run_every: # elasticsearch를 쿼리하는 빈도

  minutes: 1

 

buffer_time: # 쿼리가 실행되는 시간부터 뒤로 늘어나는 쿼리 창의 크기

  minutes: 15

   

es_host: 192.168.0.17 # elasticsearch host

 

es_port: 9200 # elasticsearch 사용 port

 

writeback_index: elastalert_status # elastalert2가 데이터를 저장할 index

 

alert_time_limit: # 실패한 경고에 대한 재시도 기간

  days: 2' > config.yaml

 

pip 명령어가 없는 경우

[root@tmplogsvr opt]# pip3 install --upgrade pip
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.
Collecting pip
  Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB)
    100% |████████████████████████████████| 1.7MB 1.2MB/s
Installing collected packages: pip
Successfully installed pip-21.3.1
You are using pip version 21.3.1, however version 23.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
[root@tmplogsvr opt]#

 

elastalert 설치

- 오류발생: ModuleNotFoundError: No module named 'setuptools_rust'

[root@tmplogsvr opt]# pip3 install elastalert
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.
Collecting elastalert
  Downloading https://files.pythonhosted.org/packages/fb/cc/58ae185e01eb9baad6108859287168c3c9592be50f546f40dc40470c3bf9/elastalert-0.2.4.tar.gz (128kB)
    100% |████████████████████████████████| 133kB 10.9MB/s
Collecting apscheduler>=3.3.0 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/d0/08/952d9570f4897dc2b30166fca5afd3a2cd19b3d408abdb470978484e8a09/APScheduler-3.10.1-py3-none-any.whl (59kB)
    100% |████████████████████████████████| 61kB 15.9MB/s
Collecting aws-requests-auth>=0.3.0 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/af/11/5dc8be418e1d54bed15eaf3a7461797e5ebb9e6a34869ad750561f35fa5b/aws_requests_auth-0.4.3-py2.py3-none-any.whl
Collecting blist>=1.3.6 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/6b/a8/dca5224abe81ccf8db81f8a2ca3d63e7a5fa7a86adc198d4e268c67ce884/blist-1.3.6.tar.gz (122kB)
    100% |████████████████████████████████| 122kB 13.7MB/s
Collecting boto3>=1.4.4 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/75/ca/d917b244919f1ebf96f7bbd5a00e4641f7e9191b0d070258f5dc10f5eaad/boto3-1.23.10-py3-none-any.whl (132kB)
    100% |████████████████████████████████| 133kB 12.7MB/s
Collecting configparser>=3.5.0 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/2b/af/0e28626b47c84172a112397f034bb1b6349960ca6e0fe7c96666e0ccae69/configparser-5.2.0-py3-none-any.whl
Collecting croniter>=0.3.16 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/0f/4d/0cc5a7f4bdcefecebdf8a95c8372606c13d3355e8536d9cd3e7070e94269/croniter-1.3.8-py2.py3-none-any.whl
Collecting elasticsearch==7.0.0 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/a8/27/d3a9ecd9f8f972d99da98672d4766b9f62ef64c323c40bb5e2557e538ea3/elasticsearch-7.0.0-py2.py3-none-any.whl (80kB)
    100% |████████████████████████████████| 81kB 13.8MB/s
Collecting envparse>=0.2.0 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/2f/8d/bee8a59732c169a455627ff1557d0db180f7c352b0274480267ad3e46875/envparse-0.2.0.tar.gz
Collecting exotel>=0.1.3 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/c6/68/6373dedcc7f7eadc017f9629e2f1b33393e8f740fb9c801962a3ce4dfa91/exotel-0.1.5.tar.gz
Collecting jira>=2.0.0 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/06/77/323bc398a16c0bd791d162dfe69e0dcc5be06da5d90e423ac48250ae9366/jira-3.2.0-py3-none-any.whl (69kB)
    100% |████████████████████████████████| 71kB 15.3MB/s
Collecting jsonschema>=3.0.2 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/c5/8f/51e89ce52a085483359217bc72cdbf6e75ee595d5b1d4b5ade40c7e018b8/jsonschema-3.2.0-py2.py3-none-any.whl (56kB)
    100% |████████████████████████████████| 61kB 17.4MB/s
Collecting mock>=2.0.0 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/e6/88/8a05e7ad0bb823246b2add3d2e97f990c41c71a40762c8db77a4bd78eedf/mock-5.0.1-py3-none-any.whl
Collecting prison>=0.1.2 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/f1/bd/e55e14cd213174100be0353824f2add41e8996c6f32081888897e8ec48b5/prison-0.2.1-py2.py3-none-any.whl
Collecting PyStaticConfiguration>=0.10.3 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/11/44/35e69af3cd5656fe71a984a31e2f4086c51011989ed0b5766541841c347a/PyStaticConfiguration-0.11.1-py3-none-any.whl
Requirement already satisfied: python-dateutil<2.7.0,>=2.6.0 in /usr/lib/python3.6/site-packages (from elastalert)
Requirement already satisfied: PyYAML>=3.12 in /usr/lib64/python3.6/site-packages (from elastalert)
Requirement already satisfied: requests>=2.10.0 in /usr/lib/python3.6/site-packages (from elastalert)
Collecting stomp.py>=4.1.17 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/b4/fd/3b44012986027cd0c85bbbb7c79487d6d48f614345797e7332a4511f0d06/stomp.py-8.1.0-py3-none-any.whl (42kB)
    100% |████████████████████████████████| 51kB 18.1MB/s
Collecting texttable>=0.8.8 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/ba/a7/2c12b543f853dae886286b824200eb9d7cd2466e3d14eff1799fbe8223b9/texttable-1.6.7-py2.py3-none-any.whl
Collecting twilio<6.1,>=6.0.0 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/f6/20/c6d72e0f29030206342e4b5bef9f573bdb7c305615ea77c11c81f5c0196d/twilio-6.0.0.tar.gz (304kB)
    100% |████████████████████████████████| 307kB 5.9MB/s
Collecting python-magic>=0.4.15 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/6c/73/9f872cb81fc5c3bb48f7227872c28975f998f3e7c2b1c16e95e6432bbb90/python_magic-0.4.27-py2.py3-none-any.whl
Collecting cffi>=1.11.5 (from elastalert)
  Downloading https://files.pythonhosted.org/packages/3a/12/d6066828014b9ccb2bbb8e1d9dc28872d20669b65aeb4a86806a0757813f/cffi-1.15.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (402kB)
    100% |████████████████████████████████| 409kB 4.7MB/s
Requirement already satisfied: pytz in /usr/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert)
Collecting tzlocal!=3.*,>=2.0 (from apscheduler>=3.3.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/31/b7/3bc2c1868f27677139b772e4fde95265b93151912fd90eb874827943bfcf/tzlocal-4.2-py3-none-any.whl
Requirement already satisfied: setuptools>=0.7 in /usr/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert)
Requirement already satisfied: six>=1.4.0 in /usr/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert)
Collecting s3transfer<0.6.0,>=0.5.0 (from boto3>=1.4.4->elastalert)
  Downloading https://files.pythonhosted.org/packages/7b/9c/f51775ebe7df5a7aa4e7c79ed671bde94e154bd968aca8d65bb24aba0c8c/s3transfer-0.5.2-py3-none-any.whl (79kB)
    100% |████████████████████████████████| 81kB 16.0MB/s
Collecting botocore<1.27.0,>=1.26.10 (from boto3>=1.4.4->elastalert)
  Downloading https://files.pythonhosted.org/packages/09/b8/794e0bd260198538ded90c26b353ddb632eab01950d4e7e2e2b8ee510d12/botocore-1.26.10-py3-none-any.whl (8.8MB)
    100% |████████████████████████████████| 8.8MB 229kB/s
Collecting jmespath<2.0.0,>=0.7.1 (from boto3>=1.4.4->elastalert)
  Downloading https://files.pythonhosted.org/packages/07/cb/5f001272b6faeb23c1c9e0acc04d48eaaf5c862c17709d20e3469c6e0139/jmespath-0.10.0-py2.py3-none-any.whl
Requirement already satisfied: urllib3>=1.21.1 in /usr/lib/python3.6/site-packages (from elasticsearch==7.0.0->elastalert)
Collecting requests-toolbelt (from jira>=2.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/05/d3/bf87a36bff1cb88fd30a509fd366c70ec30676517ee791b2f77e0e29817a/requests_toolbelt-0.10.1-py2.py3-none-any.whl (54kB)
    100% |████████████████████████████████| 61kB 19.8MB/s
Collecting typing-extensions>=3.7.4.2 (from jira>=2.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/45/6b/44f7f8f1e110027cf88956b59f2fad776cca7e1704396d043f89effd3a0e/typing_extensions-4.1.1-py3-none-any.whl
Collecting requests-oauthlib>=1.1.0 (from jira>=2.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/6f/bb/5deac77a9af870143c684ab46a7934038a53eb4aa975bc0687ed6ca2c610/requests_oauthlib-1.3.1-py2.py3-none-any.whl
Collecting keyring (from jira>=2.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/a4/e9/104ec4bffcf971375c348146c2199d4e241294286cc04a428b12c02e5f81/keyring-23.4.1-py3-none-any.whl
Collecting defusedxml (from jira>=2.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/07/6c/aa3f2f849e01cb6a001cd8554a88d4c77c5c1a31c95bdf1cf9301e6d9ef4/defusedxml-0.7.1-py2.py3-none-any.whl
Collecting pyrsistent>=0.14.0 (from jsonschema>=3.0.2->elastalert)
  Downloading https://files.pythonhosted.org/packages/6c/19/1af501f6f388a40ede6d0185ba481bdb18ffc99deab0dd0d092b173bc0f4/pyrsistent-0.18.0-cp36-cp36m-manylinux1_x86_64.whl (117kB)
    100% |████████████████████████████████| 122kB 13.5MB/s
Collecting attrs>=17.4.0 (from jsonschema>=3.0.2->elastalert)
  Downloading https://files.pythonhosted.org/packages/fb/6e/6f83bf616d2becdf333a1640f1d463fef3150e2e926b7010cb0f81c95e88/attrs-22.2.0-py3-none-any.whl (60kB)
    100% |████████████████████████████████| 61kB 16.5MB/s
Collecting importlib-metadata; python_version < "3.8" (from jsonschema>=3.0.2->elastalert)
  Downloading https://files.pythonhosted.org/packages/a0/a1/b153a0a4caf7a7e3f15c2cd56c7702e2cf3d89b1b359d1f1c5e59d68f4ce/importlib_metadata-4.8.3-py3-none-any.whl
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python3.6/site-packages (from requests>=2.10.0->elastalert)
Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python3.6/site-packages (from requests>=2.10.0->elastalert)
Collecting docopt<0.7.0,>=0.6.2 (from stomp.py>=4.1.17->elastalert)
  Downloading https://files.pythonhosted.org/packages/a2/55/8f8cab2afd404cf578136ef2cc5dfb50baa1761b68c9da1fb1e4eed343c9/docopt-0.6.2.tar.gz
Collecting websocket-client<2.0.0,>=1.2.3 (from stomp.py>=4.1.17->elastalert)
  Downloading https://files.pythonhosted.org/packages/35/21/8614b6de7c35d0bc584da13c45b8b08e404eee28a0504c1d00f5e1aa0a23/websocket_client-1.3.1-py3-none-any.whl (54kB)
    100% |████████████████████████████████| 61kB 17.7MB/s
Collecting PyJWT>=1.4.2 (from twilio<6.1,>=6.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/1c/fb/b82e9601b00d88cf8bbee1f39b855ae773f9d5bcbcedb3801b2f72460696/PyJWT-2.4.0-py3-none-any.whl
Requirement already satisfied: pysocks in /usr/lib/python3.6/site-packages (from twilio<6.1,>=6.0.0->elastalert)
Collecting pycparser (from cffi>=1.11.5->elastalert)
  Downloading https://files.pythonhosted.org/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl (118kB)
    100% |████████████████████████████████| 122kB 14.5MB/s
Collecting backports.zoneinfo; python_version < "3.9" (from tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/f9/04/33e910faffe91a5680d68a064162525779259ae5de3b0c0c5bd9c4e900e0/backports.zoneinfo-0.2.1-cp36-cp36m-manylinux1_x86_64.whl (70kB)
    100% |████████████████████████████████| 71kB 15.6MB/s
Collecting pytz-deprecation-shim (from tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/eb/73/3eaab547ca809754e67e06871cff0fc962bafd4b604e15f31896a0f94431/pytz_deprecation_shim-0.1.0.post0-py2.py3-none-any.whl
Collecting oauthlib>=3.0.0 (from requests-oauthlib>=1.1.0->jira>=2.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/7e/80/cab10959dc1faead58dc8384a781dfbf93cb4d33d50988f7a69f1b7c9bbe/oauthlib-3.2.2-py3-none-any.whl (151kB)
    100% |████████████████████████████████| 153kB 11.8MB/s
Collecting SecretStorage>=3.2; sys_platform == "linux" (from keyring->jira>=2.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/54/24/b4293291fa1dd830f353d2cb163295742fa87f179fcc8a20a306a81978b7/SecretStorage-3.3.3-py3-none-any.whl
Collecting jeepney>=0.4.2; sys_platform == "linux" (from keyring->jira>=2.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/14/b8/bb3e34d71472140f9bfdf5d77cd063e2cc964b72b1bb0b70fe3c1e7db932/jeepney-0.7.1-py3-none-any.whl (54kB)
    100% |████████████████████████████████| 61kB 15.7MB/s
Collecting zipp>=0.5 (from importlib-metadata; python_version < "3.8"->jsonschema>=3.0.2->elastalert)
  Downloading https://files.pythonhosted.org/packages/bd/df/d4a4974a3e3957fd1c1fa3082366d7fff6e428ddb55f074bf64876f8e8ad/zipp-3.6.0-py3-none-any.whl
Collecting importlib-resources; python_version < "3.7" (from backports.zoneinfo; python_version < "3.9"->tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/24/1b/33e489669a94da3ef4562938cd306e8fa915e13939d7b8277cb5569cb405/importlib_resources-5.4.0-py3-none-any.whl
Collecting tzdata; python_version >= "3.6" (from pytz-deprecation-shim->tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/fa/5e/f99a7df3ae2079211d31ec23b1d34380c7870c26e99159f6e422dcbab538/tzdata-2022.7-py2.py3-none-any.whl (340kB)
    100% |████████████████████████████████| 348kB 6.2MB/s
Collecting cryptography>=2.0 (from SecretStorage>=3.2; sys_platform == "linux"->keyring->jira>=2.0.0->elastalert)
  Downloading https://files.pythonhosted.org/packages/fa/f3/f4b8c175ea9a1de650b0085858059050b7953a93d66c97ed89b93b232996/cryptography-39.0.2.tar.gz (604kB)
    100% |████████████████████████████████| 614kB 3.2MB/s
    Complete output from command python setup.py egg_info:

            =============================DEBUG ASSISTANCE==========================
            If you are seeing an error here please try the following to
            successfully install cryptography:

            Upgrade to the latest pip and try again. This will fix errors for most
            users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
            =============================DEBUG ASSISTANCE==========================

    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-j3urc0g_/cryptography/setup.py", line 18, in <module>
        from setuptools_rust import RustExtension
    ModuleNotFoundError: No module named 'setuptools_rust'

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-j3urc0g_/cryptography/
[root@tmplogsvr opt]#

 

setuptools-rust 설치

[root@tmplogsvr opt]# pip3 install setuptools-rust
WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.
Collecting setuptools-rust
  Downloading https://files.pythonhosted.org/packages/66/ca/66bdf8f326977098eff28c314c8f825bc28d6986944c590e40ad0f74c5f0/setuptools_rust-1.1.2-py3-none-any.whl
Collecting typing-extensions>=3.7.4.3 (from setuptools-rust)
  Using cached https://files.pythonhosted.org/packages/45/6b/44f7f8f1e110027cf88956b59f2fad776cca7e1704396d043f89effd3a0e/typing_extensions-4.1.1-py3-none-any.whl
Collecting setuptools>=46.1 (from setuptools-rust)
  Downloading https://files.pythonhosted.org/packages/b0/3a/88b210db68e56854d0bcf4b38e165e03be377e13907746f825790f3df5bf/setuptools-59.6.0-py3-none-any.whl (952kB)
    100% |████████████████████████████████| 962kB 2.0MB/s
Collecting semantic-version<3,>=2.8.2 (from setuptools-rust)
  Downloading https://files.pythonhosted.org/packages/6a/23/8146aad7d88f4fcb3a6218f41a60f6c2d4e3a72de72da1825dc7c8f7877c/semantic_version-2.10.0-py2.py3-none-any.whl
Installing collected packages: typing-extensions, setuptools, semantic-version, setuptools-rust
Successfully installed semantic-version-2.10.0 setuptools-59.6.0 setuptools-rust-1.1.2 typing-extensions-4.1.1
[root@tmplogsvr opt]#

 

pip를 설치하여 pip3가 아닌 pip로 elastalert 설치

- 오류발생: error: command 'gcc' failed with exit status 1

[root@tmplogsvr opt]# pip install elastalert
Collecting elastalert
  Using cached elastalert-0.2.4.tar.gz (128 kB)
  Preparing metadata (setup.py) ... done
Collecting apscheduler>=3.3.0
  Using cached APScheduler-3.10.1-py3-none-any.whl (59 kB)
Collecting aws-requests-auth>=0.3.0
  Using cached aws_requests_auth-0.4.3-py2.py3-none-any.whl (6.8 kB)
Collecting blist>=1.3.6
  Using cached blist-1.3.6.tar.gz (122 kB)
  Preparing metadata (setup.py) ... done
Collecting boto3>=1.4.4
  Using cached boto3-1.23.10-py3-none-any.whl (132 kB)
Collecting configparser>=3.5.0
  Using cached configparser-5.2.0-py3-none-any.whl (19 kB)
Collecting croniter>=0.3.16
  Using cached croniter-1.3.8-py2.py3-none-any.whl (18 kB)
Collecting elasticsearch==7.0.0
  Using cached elasticsearch-7.0.0-py2.py3-none-any.whl (80 kB)
Collecting envparse>=0.2.0
  Using cached envparse-0.2.0.tar.gz (7.6 kB)
  Preparing metadata (setup.py) ... done
Collecting exotel>=0.1.3
  Using cached exotel-0.1.5.tar.gz (2.2 kB)
  Preparing metadata (setup.py) ... done
Collecting jira>=2.0.0
  Using cached jira-3.2.0-py3-none-any.whl (69 kB)
Collecting jsonschema>=3.0.2
  Using cached jsonschema-3.2.0-py2.py3-none-any.whl (56 kB)
Collecting mock>=2.0.0
  Using cached mock-5.0.1-py3-none-any.whl (30 kB)
Collecting prison>=0.1.2
  Using cached prison-0.2.1-py2.py3-none-any.whl (5.8 kB)
Collecting PyStaticConfiguration>=0.10.3
  Using cached PyStaticConfiguration-0.11.1-py3-none-any.whl (27 kB)
Requirement already satisfied: python-dateutil<2.7.0,>=2.6.0 in /usr/lib/python3.6/site-packages (from elastalert) (2.6.1)
Requirement already satisfied: PyYAML>=3.12 in /usr/lib64/python3.6/site-packages (from elastalert) (3.12)
Requirement already satisfied: requests>=2.10.0 in /usr/lib/python3.6/site-packages (from elastalert) (2.20.0)
Collecting stomp.py>=4.1.17
  Using cached stomp.py-8.1.0-py3-none-any.whl (42 kB)
Collecting texttable>=0.8.8
  Using cached texttable-1.6.7-py2.py3-none-any.whl (10 kB)
Collecting twilio<6.1,>=6.0.0
  Using cached twilio-6.0.0.tar.gz (304 kB)
  Preparing metadata (setup.py) ... done
Collecting python-magic>=0.4.15
  Using cached python_magic-0.4.27-py2.py3-none-any.whl (13 kB)
Collecting cffi>=1.11.5
  Using cached cffi-1.15.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (402 kB)
Requirement already satisfied: urllib3>=1.21.1 in /usr/lib/python3.6/site-packages (from elasticsearch==7.0.0->elastalert) (1.24.2)
Requirement already satisfied: six>=1.4.0 in /usr/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert) (1.11.0)
Requirement already satisfied: pytz in /usr/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert) (2017.2)
Collecting tzlocal!=3.*,>=2.0
  Using cached tzlocal-4.2-py3-none-any.whl (19 kB)
Requirement already satisfied: setuptools>=0.7 in /usr/local/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert) (59.6.0)
Collecting s3transfer<0.6.0,>=0.5.0
  Using cached s3transfer-0.5.2-py3-none-any.whl (79 kB)
Collecting botocore<1.27.0,>=1.26.10
  Using cached botocore-1.26.10-py3-none-any.whl (8.8 MB)
Collecting jmespath<2.0.0,>=0.7.1
  Using cached jmespath-0.10.0-py2.py3-none-any.whl (24 kB)
Collecting pycparser
  Using cached pycparser-2.21-py2.py3-none-any.whl (118 kB)
Collecting defusedxml
  Using cached defusedxml-0.7.1-py2.py3-none-any.whl (25 kB)
Collecting requests-oauthlib>=1.1.0
  Using cached requests_oauthlib-1.3.1-py2.py3-none-any.whl (23 kB)
Collecting requests-toolbelt
  Using cached requests_toolbelt-0.10.1-py2.py3-none-any.whl (54 kB)
Collecting keyring
  Using cached keyring-23.4.1-py3-none-any.whl (33 kB)
Requirement already satisfied: typing-extensions>=3.7.4.2 in /usr/local/lib/python3.6/site-packages (from jira>=2.0.0->elastalert) (4.1.1)
Collecting importlib-metadata
  Using cached importlib_metadata-4.8.3-py3-none-any.whl (17 kB)
Collecting pyrsistent>=0.14.0
  Using cached pyrsistent-0.18.0-cp36-cp36m-manylinux1_x86_64.whl (117 kB)
Collecting attrs>=17.4.0
  Using cached attrs-22.2.0-py3-none-any.whl (60 kB)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python3.6/site-packages (from requests>=2.10.0->elastalert) (3.0.4)
Requirement already satisfied: idna<2.8,>=2.5 in /usr/lib/python3.6/site-packages (from requests>=2.10.0->elastalert) (2.5)
Collecting docopt<0.7.0,>=0.6.2
  Using cached docopt-0.6.2.tar.gz (25 kB)
  Preparing metadata (setup.py) ... done
Collecting websocket-client<2.0.0,>=1.2.3
  Using cached websocket_client-1.3.1-py3-none-any.whl (54 kB)
Collecting PyJWT>=1.4.2
  Using cached PyJWT-2.4.0-py3-none-any.whl (18 kB)
Requirement already satisfied: pysocks in /usr/lib/python3.6/site-packages (from twilio<6.1,>=6.0.0->elastalert) (1.6.8)
INFO: pip is looking at multiple versions of attrs to determine which version is compatible with other requirements. This could take a while.
Collecting attrs>=17.4.0
  Downloading attrs-22.1.0-py2.py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 12.4 MB/s
INFO: pip is looking at multiple versions of twilio to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of texttable to determine which version is compatible with other requirements. This could take a while.
Collecting texttable>=0.8.8
  Downloading texttable-1.6.6-py2.py3-none-any.whl (11 kB)
INFO: pip is looking at multiple versions of stomp-py to determine which version is compatible with other requirements. This could take a while.
Collecting stomp.py>=4.1.17
  Downloading stomp.py-8.0.1-py3-none-any.whl (37 kB)
INFO: pip is looking at multiple versions of requests to determine which version is compatible with other requirements. This could take a while.
Collecting requests>=2.10.0
  Downloading requests-2.27.1-py2.py3-none-any.whl (63 kB)
     |████████████████████████████████| 63 kB 5.3 MB/s
Collecting charset-normalizer~=2.0.0
  Downloading charset_normalizer-2.0.12-py3-none-any.whl (39 kB)
Collecting certifi>=2017.4.17
  Downloading certifi-2022.12.7-py3-none-any.whl (155 kB)
     |████████████████████████████████| 155 kB 74.1 MB/s
Collecting urllib3>=1.21.1
  Downloading urllib3-1.26.15-py2.py3-none-any.whl (140 kB)
     |████████████████████████████████| 140 kB 69.9 MB/s
Collecting oauthlib>=3.0.0
  Using cached oauthlib-3.2.2-py3-none-any.whl (151 kB)
Collecting backports.zoneinfo
  Using cached backports.zoneinfo-0.2.1-cp36-cp36m-manylinux1_x86_64.whl (70 kB)
Collecting pytz-deprecation-shim
  Using cached pytz_deprecation_shim-0.1.0.post0-py2.py3-none-any.whl (15 kB)
Collecting zipp>=0.5
  Using cached zipp-3.6.0-py3-none-any.whl (5.3 kB)
Collecting jeepney>=0.4.2
  Using cached jeepney-0.7.1-py3-none-any.whl (54 kB)
Collecting SecretStorage>=3.2
  Using cached SecretStorage-3.3.3-py3-none-any.whl (15 kB)
Collecting cryptography>=2.0
  Downloading cryptography-39.0.2-cp36-abi3-manylinux_2_28_x86_64.whl (4.2 MB)
     |████████████████████████████████| 4.2 MB 78.6 MB/s
Collecting importlib-resources
  Using cached importlib_resources-5.4.0-py3-none-any.whl (28 kB)
Collecting tzdata
  Using cached tzdata-2022.7-py2.py3-none-any.whl (340 kB)
Using legacy 'setup.py install' for elastalert, since package 'wheel' is not installed.
Using legacy 'setup.py install' for blist, since package 'wheel' is not installed.
Using legacy 'setup.py install' for envparse, since package 'wheel' is not installed.
Using legacy 'setup.py install' for exotel, since package 'wheel' is not installed.
Using legacy 'setup.py install' for twilio, since package 'wheel' is not installed.
Using legacy 'setup.py install' for docopt, since package 'wheel' is not installed.
Installing collected packages: zipp, pycparser, importlib-resources, cffi, urllib3, tzdata, jmespath, jeepney, cryptography, charset-normalizer, certifi, backports.zoneinfo, SecretStorage, requests, pytz-deprecation-shim, oauthlib, importlib-metadata, botocore, websocket-client, tzlocal, s3transfer, requests-toolbelt, requests-oauthlib, pyrsistent, PyJWT, keyring, docopt, defusedxml, attrs, twilio, texttable, stomp.py, python-magic, PyStaticConfiguration, prison, mock, jsonschema, jira, exotel, envparse, elasticsearch, croniter, configparser, boto3, blist, aws-requests-auth, apscheduler, elastalert
  Attempting uninstall: urllib3
    Found existing installation: urllib3 1.24.2
    Uninstalling urllib3-1.24.2:
      Successfully uninstalled urllib3-1.24.2
  Attempting uninstall: requests
    Found existing installation: requests 2.20.0
    Uninstalling requests-2.20.0:
      Successfully uninstalled requests-2.20.0
    Running setup.py install for docopt ... done
    Running setup.py install for twilio ... done
    Running setup.py install for exotel ... done
    Running setup.py install for envparse ... done
    Running setup.py install for blist ... error
    ERROR: Command errored out with exit status 1:
     command: /usr/bin/python3.6 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-vw09qqdo/blist_5985a06eebc244dfbb6203841bf7f137/setup.py'"'"'; __file__='"'"'/tmp/pip-install-vw09qqdo/blist_5985a06eebc244dfbb6203841bf7f137/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-9ratp9fl/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.6m/blist
         cwd: /tmp/pip-install-vw09qqdo/blist_5985a06eebc244dfbb6203841bf7f137/
    Complete output (22 lines):
    running install
    /usr/local/lib/python3.6/site-packages/setuptools/command/install.py:37: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools.
      setuptools.SetuptoolsDeprecationWarning,
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.6
    creating build/lib.linux-x86_64-3.6/blist
    copying blist/_sorteddict.py -> build/lib.linux-x86_64-3.6/blist
    copying blist/_sortedlist.py -> build/lib.linux-x86_64-3.6/blist
    copying blist/_btuple.py -> build/lib.linux-x86_64-3.6/blist
    copying blist/__init__.py -> build/lib.linux-x86_64-3.6/blist
    running build_ext
    building 'blist._blist' extension
    creating build/temp.linux-x86_64-3.6
    creating build/temp.linux-x86_64-3.6/blist
    gcc -pthread -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -fPIC -DBLIST_FLOAT_RADIX_SORT=1 -I/usr/include/python3.6m -c blist/_blist.c -o build/temp.linux-x86_64-3.6/blist/_blist.o
    blist/_blist.c:38:10: fatal error: Python.h: 그런 파일이나 디렉터리가 없습니다
     #include <Python.h>
              ^~~~~~~~~~
    compilation terminated.
    error: command 'gcc' failed with exit status 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /usr/bin/python3.6 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-vw09qqdo/blist_5985a06eebc244dfbb6203841bf7f137/setup.py'"'"'; __file__='"'"'/tmp/pip-install-vw09qqdo/blist_5985a06eebc244dfbb6203841bf7f137/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-9ratp9fl/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.6m/blist Check the logs for full command output.
[root@tmplogsvr opt]#

 

elastalert을 설치하기 위한 구성 툴을 추가 설치

[root@tmplogsvr opt]# yum install gcc libffi-devel python36-devel openssl-devel
마지막 메타자료 만료확인 1:24:43 이전인: 2023년 03월 16일 (목) 오전 09시 47분 28초.
꾸러미 gcc-8.5.0-18.el8.x86_64가 이미 설치되어 있습니다.
꾸러미 openssl-devel-1:1.1.1k-7.el8.x86_64가 이미 설치되어 있습니다.
종속성이 해결되었습니다.
======================================================================================================================================================================================================
 꾸러미                                             구조                               버전                                                               레포지터리                             크기
======================================================================================================================================================================================================
설치 중:
 libffi-devel                                       x86_64                             3.1-24.el8                                                         baseos                                 29 k
 python36-devel                                     x86_64                             3.6.8-38.module_el8.5.0+895+a459eca8                               appstream                              16 k
향상 중:
 openssl                                            x86_64                             1:1.1.1k-9.el8                                                     baseos                                737 k
 openssl-devel                                      x86_64                             1:1.1.1k-9.el8                                                     baseos                                3.2 M
 openssl-libs                                       x86_64                             1:1.1.1k-9.el8                                                     baseos                                1.5 M
종속 꾸러미 설치 중:
 platform-python-devel                              x86_64                             3.6.8-51.el8                                                       appstream                             240 k
 python3-rpm-generators                             noarch                             5-8.el8                                                            appstream                              25 k

연결 요약
======================================================================================================================================================================================================
설치  4 꾸러미
향상  3 꾸러미

총계 내려받기 크기: 5.7 M
진행 할 까요? [y/N]: y
꾸러미 내려받기 중:
(1/7): python3-rpm-generators-5-8.el8.noarch.rpm                                                                                                                      533 kB/s |  25 kB     00:00
(2/7): python36-devel-3.6.8-38.module_el8.5.0+895+a459eca8.x86_64.rpm                                                                                                 189 kB/s |  16 kB     00:00
(3/7): platform-python-devel-3.6.8-51.el8.x86_64.rpm                                                                                                                  2.6 MB/s | 240 kB     00:00
(4/7): openssl-1.1.1k-9.el8.x86_64.rpm                                                                                                                                4.1 MB/s | 737 kB     00:00
(5/7): openssl-libs-1.1.1k-9.el8.x86_64.rpm                                                                                                                            15 MB/s | 1.5 MB     00:00
(6/7): libffi-devel-3.1-24.el8.x86_64.rpm                                                                                                                              59 kB/s |  29 kB     00:00
(7/7): openssl-devel-1.1.1k-9.el8.x86_64.rpm                                                                                                                          5.3 MB/s | 3.2 MB     00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
합계                                                                                                                                                                  2.8 MB/s | 5.7 MB     00:02
CentOS Stream 8 - AppStream                                                                                                                                           1.6 MB/s | 1.6 kB     00:00
GPG키 0x8483C65D 가져오는 중:
사용자 ID : "CentOS (CentOS Official Signing Key) <security@centos.org>"
지문: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
출처 : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
진행 할 까요? [y/N]: y
키 가져오기에 성공했습니다
연결 확인 실행 중
연결 확인에 성공했습니다.
연결 시험 실행 중
연결 시험에 성공했습니다.
연결 실행 중
  준비 중           :                                                                                                                                                                             1/1
  향상 중           : openssl-libs-1:1.1.1k-9.el8.x86_64                                                                                                                                         1/10
  스크립트릿 실행 중: openssl-libs-1:1.1.1k-9.el8.x86_64                                                                                                                                         1/10
  설치 중           : python3-rpm-generators-5-8.el8.noarch                                                                                                                                      2/10
  설치 중           : platform-python-devel-3.6.8-51.el8.x86_64                                                                                                                                  3/10
  설치 중           : python36-devel-3.6.8-38.module_el8.5.0+895+a459eca8.x86_64                                                                                                                 4/10
  스크립트릿 실행 중: python36-devel-3.6.8-38.module_el8.5.0+895+a459eca8.x86_64                                                                                                                 4/10
  향상 중           : openssl-1:1.1.1k-9.el8.x86_64                                                                                                                                              5/10
  향상 중           : openssl-devel-1:1.1.1k-9.el8.x86_64                                                                                                                                        6/10
  설치 중           : libffi-devel-3.1-24.el8.x86_64                                                                                                                                             7/10
  스크립트릿 실행 중: libffi-devel-3.1-24.el8.x86_64                                                                                                                                             7/10
  정리              : openssl-1:1.1.1k-7.el8.x86_64                                                                                                                                              8/10
  정리              : openssl-devel-1:1.1.1k-7.el8.x86_64                                                                                                                                        9/10
  정리              : openssl-libs-1:1.1.1k-7.el8.x86_64                                                                                                                                        10/10
  스크립트릿 실행 중: openssl-libs-1:1.1.1k-7.el8.x86_64                                                                                                                                        10/10
  확인 중           : platform-python-devel-3.6.8-51.el8.x86_64                                                                                                                                  1/10
  확인 중           : python3-rpm-generators-5-8.el8.noarch                                                                                                                                      2/10
  확인 중           : python36-devel-3.6.8-38.module_el8.5.0+895+a459eca8.x86_64                                                                                                                 3/10
  확인 중           : libffi-devel-3.1-24.el8.x86_64                                                                                                                                             4/10
  확인 중           : openssl-1:1.1.1k-9.el8.x86_64                                                                                                                                              5/10
  확인 중           : openssl-1:1.1.1k-7.el8.x86_64                                                                                                                                              6/10
  확인 중           : openssl-devel-1:1.1.1k-9.el8.x86_64                                                                                                                                        7/10
  확인 중           : openssl-devel-1:1.1.1k-7.el8.x86_64                                                                                                                                        8/10
  확인 중           : openssl-libs-1:1.1.1k-9.el8.x86_64                                                                                                                                         9/10
  확인 중           : openssl-libs-1:1.1.1k-7.el8.x86_64                                                                                                                                        10/10

향상되었습니다:
  openssl-1:1.1.1k-9.el8.x86_64                                 openssl-devel-1:1.1.1k-9.el8.x86_64                                 openssl-libs-1:1.1.1k-9.el8.x86_64
설치되었습니다:
  libffi-devel-3.1-24.el8.x86_64       platform-python-devel-3.6.8-51.el8.x86_64       python3-rpm-generators-5-8.el8.noarch       python36-devel-3.6.8-38.module_el8.5.0+895+a459eca8.x86_64

완료되었습니다!
[root@tmplogsvr opt]#

 

elastalert 재설치 시도 및 완료

[root@tmplogsvr opt]# pip install elastalert
Collecting elastalert
  Using cached elastalert-0.2.4.tar.gz (128 kB)
  Preparing metadata (setup.py) ... done
Collecting apscheduler>=3.3.0
  Using cached APScheduler-3.10.1-py3-none-any.whl (59 kB)
Collecting aws-requests-auth>=0.3.0
  Using cached aws_requests_auth-0.4.3-py2.py3-none-any.whl (6.8 kB)
Collecting blist>=1.3.6
  Using cached blist-1.3.6.tar.gz (122 kB)
  Preparing metadata (setup.py) ... done
Requirement already satisfied: boto3>=1.4.4 in /usr/local/lib/python3.6/site-packages (from elastalert) (1.23.10)
Requirement already satisfied: configparser>=3.5.0 in /usr/local/lib/python3.6/site-packages (from elastalert) (5.2.0)
Requirement already satisfied: croniter>=0.3.16 in /usr/local/lib/python3.6/site-packages (from elastalert) (1.3.8)
Requirement already satisfied: elasticsearch==7.0.0 in /usr/local/lib/python3.6/site-packages (from elastalert) (7.0.0)
Requirement already satisfied: envparse>=0.2.0 in /usr/local/lib/python3.6/site-packages (from elastalert) (0.2.0)
Requirement already satisfied: exotel>=0.1.3 in /usr/local/lib/python3.6/site-packages (from elastalert) (0.1.5)
Requirement already satisfied: jira>=2.0.0 in /usr/local/lib/python3.6/site-packages (from elastalert) (3.2.0)
Requirement already satisfied: jsonschema>=3.0.2 in /usr/local/lib/python3.6/site-packages (from elastalert) (3.2.0)
Requirement already satisfied: mock>=2.0.0 in /usr/local/lib/python3.6/site-packages (from elastalert) (5.0.1)
Requirement already satisfied: prison>=0.1.2 in /usr/local/lib/python3.6/site-packages (from elastalert) (0.2.1)
Requirement already satisfied: PyStaticConfiguration>=0.10.3 in /usr/local/lib/python3.6/site-packages (from elastalert) (0.11.1)
Requirement already satisfied: python-dateutil<2.7.0,>=2.6.0 in /usr/lib/python3.6/site-packages (from elastalert) (2.6.1)
Requirement already satisfied: PyYAML>=3.12 in /usr/lib64/python3.6/site-packages (from elastalert) (3.12)
Requirement already satisfied: requests>=2.10.0 in /usr/local/lib/python3.6/site-packages (from elastalert) (2.27.1)
Requirement already satisfied: stomp.py>=4.1.17 in /usr/local/lib/python3.6/site-packages (from elastalert) (8.1.0)
Requirement already satisfied: texttable>=0.8.8 in /usr/local/lib/python3.6/site-packages (from elastalert) (1.6.7)
Requirement already satisfied: twilio<6.1,>=6.0.0 in /usr/local/lib/python3.6/site-packages (from elastalert) (6.0.0)
Requirement already satisfied: python-magic>=0.4.15 in /usr/local/lib/python3.6/site-packages (from elastalert) (0.4.27)
Requirement already satisfied: cffi>=1.11.5 in /usr/local/lib64/python3.6/site-packages (from elastalert) (1.15.1)
Requirement already satisfied: urllib3>=1.21.1 in /usr/local/lib/python3.6/site-packages (from elasticsearch==7.0.0->elastalert) (1.26.15)
Requirement already satisfied: setuptools>=0.7 in /usr/local/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert) (59.6.0)
Requirement already satisfied: pytz in /usr/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert) (2017.2)
Requirement already satisfied: tzlocal!=3.*,>=2.0 in /usr/local/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert) (4.2)
Requirement already satisfied: six>=1.4.0 in /usr/lib/python3.6/site-packages (from apscheduler>=3.3.0->elastalert) (1.11.0)
Requirement already satisfied: botocore<1.27.0,>=1.26.10 in /usr/local/lib/python3.6/site-packages (from boto3>=1.4.4->elastalert) (1.26.10)
Requirement already satisfied: s3transfer<0.6.0,>=0.5.0 in /usr/local/lib/python3.6/site-packages (from boto3>=1.4.4->elastalert) (0.5.2)
Requirement already satisfied: jmespath<2.0.0,>=0.7.1 in /usr/local/lib/python3.6/site-packages (from boto3>=1.4.4->elastalert) (0.10.0)
Requirement already satisfied: pycparser in /usr/local/lib/python3.6/site-packages (from cffi>=1.11.5->elastalert) (2.21)
Requirement already satisfied: requests-oauthlib>=1.1.0 in /usr/local/lib/python3.6/site-packages (from jira>=2.0.0->elastalert) (1.3.1)
Requirement already satisfied: keyring in /usr/local/lib/python3.6/site-packages (from jira>=2.0.0->elastalert) (23.4.1)
Requirement already satisfied: requests-toolbelt in /usr/local/lib/python3.6/site-packages (from jira>=2.0.0->elastalert) (0.10.1)
Requirement already satisfied: typing-extensions>=3.7.4.2 in /usr/local/lib/python3.6/site-packages (from jira>=2.0.0->elastalert) (4.1.1)
Requirement already satisfied: defusedxml in /usr/local/lib/python3.6/site-packages (from jira>=2.0.0->elastalert) (0.7.1)
Requirement already satisfied: pyrsistent>=0.14.0 in /usr/local/lib64/python3.6/site-packages (from jsonschema>=3.0.2->elastalert) (0.18.0)
Requirement already satisfied: importlib-metadata in /usr/local/lib/python3.6/site-packages (from jsonschema>=3.0.2->elastalert) (4.8.3)
Requirement already satisfied: attrs>=17.4.0 in /usr/local/lib/python3.6/site-packages (from jsonschema>=3.0.2->elastalert) (22.2.0)
Requirement already satisfied: charset-normalizer~=2.0.0 in /usr/local/lib/python3.6/site-packages (from requests>=2.10.0->elastalert) (2.0.12)
Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.6/site-packages (from requests>=2.10.0->elastalert) (2022.12.7)
Requirement already satisfied: idna<4,>=2.5 in /usr/lib/python3.6/site-packages (from requests>=2.10.0->elastalert) (2.5)
Requirement already satisfied: websocket-client<2.0.0,>=1.2.3 in /usr/local/lib/python3.6/site-packages (from stomp.py>=4.1.17->elastalert) (1.3.1)
Requirement already satisfied: docopt<0.7.0,>=0.6.2 in /usr/local/lib/python3.6/site-packages (from stomp.py>=4.1.17->elastalert) (0.6.2)
Requirement already satisfied: PyJWT>=1.4.2 in /usr/local/lib/python3.6/site-packages (from twilio<6.1,>=6.0.0->elastalert) (2.4.0)
Requirement already satisfied: pysocks in /usr/lib/python3.6/site-packages (from twilio<6.1,>=6.0.0->elastalert) (1.6.8)
Requirement already satisfied: oauthlib>=3.0.0 in /usr/local/lib/python3.6/site-packages (from requests-oauthlib>=1.1.0->jira>=2.0.0->elastalert) (3.2.2)
Requirement already satisfied: pytz-deprecation-shim in /usr/local/lib/python3.6/site-packages (from tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->elastalert) (0.1.0.post0)
Requirement already satisfied: backports.zoneinfo in /usr/local/lib64/python3.6/site-packages (from tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->elastalert) (0.2.1)
Requirement already satisfied: zipp>=0.5 in /usr/local/lib/python3.6/site-packages (from importlib-metadata->jsonschema>=3.0.2->elastalert) (3.6.0)
Requirement already satisfied: SecretStorage>=3.2 in /usr/local/lib/python3.6/site-packages (from keyring->jira>=2.0.0->elastalert) (3.3.3)
Requirement already satisfied: jeepney>=0.4.2 in /usr/local/lib/python3.6/site-packages (from keyring->jira>=2.0.0->elastalert) (0.7.1)
Requirement already satisfied: cryptography>=2.0 in /usr/local/lib64/python3.6/site-packages (from SecretStorage>=3.2->keyring->jira>=2.0.0->elastalert) (39.0.2)
Requirement already satisfied: importlib-resources in /usr/local/lib/python3.6/site-packages (from backports.zoneinfo->tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->elastalert) (5.4.0)
Requirement already satisfied: tzdata in /usr/local/lib/python3.6/site-packages (from pytz-deprecation-shim->tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->elastalert) (2022.7)
Using legacy 'setup.py install' for elastalert, since package 'wheel' is not installed.
Using legacy 'setup.py install' for blist, since package 'wheel' is not installed.
Installing collected packages: blist, aws-requests-auth, apscheduler, elastalert
    Running setup.py install for blist ... done
    Running setup.py install for elastalert ... done
Successfully installed apscheduler-3.10.1 aws-requests-auth-0.4.3 blist-1.3.6 elastalert-0.2.4
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
[root@tmplogsvr opt]#

 

elastalert 구성요소 설치하기 폴더 삭제하기

[root@tmplogsvr ~]# cd /opt
[root@tmplogsvr opt]# git clone https://github.com/Yelp/elastalert.git
'elastalert'에 복제합니다...
remote: Enumerating objects: 11518, done.
remote: Total 11518 (delta 0), reused 0 (delta 0), pack-reused 11518
오브젝트를 받는 중: 100% (11518/11518), 3.61 MiB | 31.89 MiB/s, 완료.
델타를 알아내는 중: 100% (7978/7978), 완료.
[root@tmplogsvr opt]# ls -al
합계 12
drwxr-xr-x.  3 root root 4096  3월 16 11:37 .
dr-xr-xr-x. 18 root root 4096  3월 15 14:16 ..
drwxr-xr-x.  7 root root 4096  3월 16 11:37 elastalert
[root@tmplogsvr opt]# cd elastalert/
[root@tmplogsvr elastalert]# ls -al
합계 132
drwxr-xr-x. 7 root root  4096  3월 16 11:37 .
drwxr-xr-x. 3 root root  4096  3월 16 11:37 ..
-rw-r--r--. 1 root root   216  3월 16 11:37 .editorconfig
drwxr-xr-x. 8 root root  4096  3월 16 11:37 .git
-rw-r--r--. 1 root root   160  3월 16 11:37 .gitignore
-rw-r--r--. 1 root root   718  3월 16 11:37 .pre-commit-config.yaml
-rw-r--r--. 1 root root   574  3월 16 11:37 .secrets.baseline
-rw-r--r--. 1 root root  1262  3월 16 11:37 .travis.yml
-rw-r--r--. 1 root root   244  3월 16 11:37 Dockerfile-test
-rw-r--r--. 1 root root 11359  3월 16 11:37 LICENSE
-rw-r--r--. 1 root root   528  3월 16 11:37 Makefile
-rw-r--r--. 1 root root 16197  3월 16 11:37 README.md
-rw-r--r--. 1 root root 11649  3월 16 11:37 changelog.md
-rw-r--r--. 1 root root  3321  3월 16 11:37 config.yaml.example
-rw-r--r--. 1 root root   261  3월 16 11:37 docker-compose.yml
drwxr-xr-x. 3 root root  4096  3월 16 11:37 docs
drwxr-xr-x. 3 root root  4096  3월 16 11:37 elastalert
drwxr-xr-x. 2 root root  4096  3월 16 11:37 example_rules
-rw-r--r--. 1 root root    74  3월 16 11:37 pytest.ini
-rw-r--r--. 1 root root   114  3월 16 11:37 requirements-dev.txt
-rw-r--r--. 1 root root   389  3월 16 11:37 requirements.txt
-rw-r--r--. 1 root root   100  3월 16 11:37 setup.cfg
-rw-r--r--. 1 root root  1659  3월 16 11:37 setup.py
-rw-r--r--. 1 root root   780  3월 16 11:37 supervisord.conf.example
drwxr-xr-x. 2 root root  4096  3월 16 11:37 tests
-rw-r--r--. 1 root root   609  3월 16 11:37 tox.ini
[root@tmplogsvr elastalert]# pip install -r ./requirements.txt
Requirement already satisfied: apscheduler>=3.3.0 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 1)) (3.10.1)
Requirement already satisfied: aws-requests-auth>=0.3.0 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 2)) (0.4.3)
Requirement already satisfied: blist>=1.3.6 in /usr/local/lib64/python3.6/site-packages (from -r ./requirements.txt (line 3)) (1.3.6)
Requirement already satisfied: boto3>=1.4.4 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 4)) (1.23.10)
Requirement already satisfied: cffi>=1.11.5 in /usr/local/lib64/python3.6/site-packages (from -r ./requirements.txt (line 5)) (1.15.1)
Requirement already satisfied: configparser>=3.5.0 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 6)) (5.2.0)
Requirement already satisfied: croniter>=0.3.16 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 7)) (1.3.8)
Requirement already satisfied: elasticsearch>=7.0.0 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 8)) (7.0.0)
Requirement already satisfied: envparse>=0.2.0 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 9)) (0.2.0)
Requirement already satisfied: exotel>=0.1.3 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 10)) (0.1.5)
Collecting jira<1.0.15,>=1.0.10
  Downloading jira-1.0.14-py2.py3-none-any.whl (95 kB)
     |████████████████████████████████| 95 kB 9.4 MB/s
Requirement already satisfied: jsonschema>=3.0.2 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 12)) (3.2.0)
Requirement already satisfied: mock>=2.0.0 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 13)) (5.0.1)
Requirement already satisfied: prison>=0.1.2 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 14)) (0.2.1)
Collecting py-zabbix==1.1.3
  Downloading py_zabbix-1.1.3-py2.py3-none-any.whl (12 kB)
Requirement already satisfied: PyStaticConfiguration>=0.10.3 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 16)) (0.11.1)
Requirement already satisfied: python-dateutil<2.7.0,>=2.6.0 in /usr/lib/python3.6/site-packages (from -r ./requirements.txt (line 17)) (2.6.1)
Collecting PyYAML>=5.1
  Using cached PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB)
Requirement already satisfied: requests>=2.0.0 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 19)) (2.27.1)
Requirement already satisfied: stomp.py>=4.1.17 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 20)) (8.1.0)
Requirement already satisfied: texttable>=0.8.8 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 21)) (1.6.7)
Requirement already satisfied: twilio==6.0.0 in /usr/local/lib/python3.6/site-packages (from -r ./requirements.txt (line 22)) (6.0.0)
Requirement already satisfied: six in /usr/lib/python3.6/site-packages (from twilio==6.0.0->-r ./requirements.txt (line 22)) (1.11.0)
Requirement already satisfied: pytz in /usr/lib/python3.6/site-packages (from twilio==6.0.0->-r ./requirements.txt (line 22)) (2017.2)
Requirement already satisfied: PyJWT>=1.4.2 in /usr/local/lib/python3.6/site-packages (from twilio==6.0.0->-r ./requirements.txt (line 22)) (2.4.0)
Requirement already satisfied: pysocks in /usr/lib/python3.6/site-packages (from twilio==6.0.0->-r ./requirements.txt (line 22)) (1.6.8)
Requirement already satisfied: tzlocal!=3.*,>=2.0 in /usr/local/lib/python3.6/site-packages (from apscheduler>=3.3.0->-r ./requirements.txt (line 1)) (4.2)
Requirement already satisfied: setuptools>=0.7 in /usr/local/lib/python3.6/site-packages (from apscheduler>=3.3.0->-r ./requirements.txt (line 1)) (59.6.0)
Requirement already satisfied: s3transfer<0.6.0,>=0.5.0 in /usr/local/lib/python3.6/site-packages (from boto3>=1.4.4->-r ./requirements.txt (line 4)) (0.5.2)
Requirement already satisfied: botocore<1.27.0,>=1.26.10 in /usr/local/lib/python3.6/site-packages (from boto3>=1.4.4->-r ./requirements.txt (line 4)) (1.26.10)
Requirement already satisfied: jmespath<2.0.0,>=0.7.1 in /usr/local/lib/python3.6/site-packages (from boto3>=1.4.4->-r ./requirements.txt (line 4)) (0.10.0)
Requirement already satisfied: pycparser in /usr/local/lib/python3.6/site-packages (from cffi>=1.11.5->-r ./requirements.txt (line 5)) (2.21)
Requirement already satisfied: urllib3>=1.21.1 in /usr/local/lib/python3.6/site-packages (from elasticsearch>=7.0.0->-r ./requirements.txt (line 8)) (1.26.15)
Requirement already satisfied: defusedxml in /usr/local/lib/python3.6/site-packages (from jira<1.0.15,>=1.0.10->-r ./requirements.txt (line 11)) (0.7.1)
Requirement already satisfied: requests-oauthlib>=0.6.1 in /usr/local/lib/python3.6/site-packages (from jira<1.0.15,>=1.0.10->-r ./requirements.txt (line 11)) (1.3.1)
Collecting pbr>=3.0.0
  Downloading pbr-5.11.1-py2.py3-none-any.whl (112 kB)
     |████████████████████████████████| 112 kB 80.8 MB/s
Requirement already satisfied: requests-toolbelt in /usr/local/lib/python3.6/site-packages (from jira<1.0.15,>=1.0.10->-r ./requirements.txt (line 11)) (0.10.1)
Requirement already satisfied: attrs>=17.4.0 in /usr/local/lib/python3.6/site-packages (from jsonschema>=3.0.2->-r ./requirements.txt (line 12)) (22.2.0)
Requirement already satisfied: pyrsistent>=0.14.0 in /usr/local/lib64/python3.6/site-packages (from jsonschema>=3.0.2->-r ./requirements.txt (line 12)) (0.18.0)
Requirement already satisfied: importlib-metadata in /usr/local/lib/python3.6/site-packages (from jsonschema>=3.0.2->-r ./requirements.txt (line 12)) (4.8.3)
Requirement already satisfied: typing-extensions in /usr/local/lib/python3.6/site-packages (from PyStaticConfiguration>=0.10.3->-r ./requirements.txt (line 16)) (4.1.1)
Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.6/site-packages (from requests>=2.0.0->-r ./requirements.txt (line 19)) (2022.12.7)
Requirement already satisfied: charset-normalizer~=2.0.0 in /usr/local/lib/python3.6/site-packages (from requests>=2.0.0->-r ./requirements.txt (line 19)) (2.0.12)
Requirement already satisfied: idna<4,>=2.5 in /usr/lib/python3.6/site-packages (from requests>=2.0.0->-r ./requirements.txt (line 19)) (2.5)
Requirement already satisfied: websocket-client<2.0.0,>=1.2.3 in /usr/local/lib/python3.6/site-packages (from stomp.py>=4.1.17->-r ./requirements.txt (line 20)) (1.3.1)
Requirement already satisfied: docopt<0.7.0,>=0.6.2 in /usr/local/lib/python3.6/site-packages (from stomp.py>=4.1.17->-r ./requirements.txt (line 20)) (0.6.2)
Requirement already satisfied: oauthlib>=3.0.0 in /usr/local/lib/python3.6/site-packages (from requests-oauthlib>=0.6.1->jira<1.0.15,>=1.0.10->-r ./requirements.txt (line 11)) (3.2.2)
Requirement already satisfied: backports.zoneinfo in /usr/local/lib64/python3.6/site-packages (from tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->-r ./requirements.txt (line 1)) (0.2.1)
Requirement already satisfied: pytz-deprecation-shim in /usr/local/lib/python3.6/site-packages (from tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->-r ./requirements.txt (line 1)) (0.1.0.post0)
Requirement already satisfied: zipp>=0.5 in /usr/local/lib/python3.6/site-packages (from importlib-metadata->jsonschema>=3.0.2->-r ./requirements.txt (line 12)) (3.6.0)
Requirement already satisfied: importlib-resources in /usr/local/lib/python3.6/site-packages (from backports.zoneinfo->tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->-r ./requirements.txt (line 1)) (5.4.0)
Requirement already satisfied: tzdata in /usr/local/lib/python3.6/site-packages (from pytz-deprecation-shim->tzlocal!=3.*,>=2.0->apscheduler>=3.3.0->-r ./requirements.txt (line 1)) (2022.7)
Installing collected packages: pbr, PyYAML, py-zabbix, jira
  Attempting uninstall: PyYAML
    Found existing installation: PyYAML 3.12
ERROR: Cannot uninstall 'PyYAML'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.
[root@tmplogsvr elastalert]# pip install --ignore-installed PyYAML -r requirements.txt
Collecting PyYAML
  Using cached PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB)
Collecting apscheduler>=3.3.0
  Using cached APScheduler-3.10.1-py3-none-any.whl (59 kB)
Collecting aws-requests-auth>=0.3.0
  Using cached aws_requests_auth-0.4.3-py2.py3-none-any.whl (6.8 kB)
Collecting blist>=1.3.6
  Using cached blist-1.3.6.tar.gz (122 kB)
  Preparing metadata (setup.py) ... done
Collecting boto3>=1.4.4
  Using cached boto3-1.23.10-py3-none-any.whl (132 kB)
Collecting cffi>=1.11.5
  Using cached cffi-1.15.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (402 kB)
Collecting configparser>=3.5.0
  Using cached configparser-5.2.0-py3-none-any.whl (19 kB)
Collecting croniter>=0.3.16
  Using cached croniter-1.3.8-py2.py3-none-any.whl (18 kB)
Collecting elasticsearch>=7.0.0
  Downloading elasticsearch-8.6.2-py3-none-any.whl (385 kB)
     |████████████████████████████████| 385 kB 19.2 MB/s
Collecting envparse>=0.2.0
  Using cached envparse-0.2.0.tar.gz (7.6 kB)
  Preparing metadata (setup.py) ... done
Collecting exotel>=0.1.3
  Using cached exotel-0.1.5.tar.gz (2.2 kB)
  Preparing metadata (setup.py) ... done
Collecting jira<1.0.15,>=1.0.10
  Using cached jira-1.0.14-py2.py3-none-any.whl (95 kB)
Collecting jsonschema>=3.0.2
  Using cached jsonschema-3.2.0-py2.py3-none-any.whl (56 kB)
Collecting mock>=2.0.0
  Using cached mock-5.0.1-py3-none-any.whl (30 kB)
Collecting prison>=0.1.2
  Using cached prison-0.2.1-py2.py3-none-any.whl (5.8 kB)
Collecting py-zabbix==1.1.3
  Using cached py_zabbix-1.1.3-py2.py3-none-any.whl (12 kB)
Collecting PyStaticConfiguration>=0.10.3
  Using cached PyStaticConfiguration-0.11.1-py3-none-any.whl (27 kB)
Collecting python-dateutil<2.7.0,>=2.6.0
  Downloading python_dateutil-2.6.1-py2.py3-none-any.whl (194 kB)
     |████████████████████████████████| 194 kB 60.7 MB/s
Collecting requests>=2.0.0
  Using cached requests-2.27.1-py2.py3-none-any.whl (63 kB)
Collecting stomp.py>=4.1.17
  Using cached stomp.py-8.1.0-py3-none-any.whl (42 kB)
Collecting texttable>=0.8.8
  Using cached texttable-1.6.7-py2.py3-none-any.whl (10 kB)
Collecting twilio==6.0.0
  Using cached twilio-6.0.0.tar.gz (304 kB)
  Preparing metadata (setup.py) ... done
Collecting six
  Downloading six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting pytz
  Downloading pytz-2022.7.1-py2.py3-none-any.whl (499 kB)
     |████████████████████████████████| 499 kB 68.4 MB/s
Collecting PyJWT>=1.4.2
  Using cached PyJWT-2.4.0-py3-none-any.whl (18 kB)
Collecting pysocks
  Downloading PySocks-1.7.1-py3-none-any.whl (16 kB)
Collecting tzlocal!=3.*,>=2.0
  Using cached tzlocal-4.2-py3-none-any.whl (19 kB)
Collecting setuptools>=0.7
  Using cached setuptools-59.6.0-py3-none-any.whl (952 kB)
Collecting s3transfer<0.6.0,>=0.5.0
  Using cached s3transfer-0.5.2-py3-none-any.whl (79 kB)
Collecting jmespath<2.0.0,>=0.7.1
  Using cached jmespath-0.10.0-py2.py3-none-any.whl (24 kB)
Collecting botocore<1.27.0,>=1.26.10
  Using cached botocore-1.26.10-py3-none-any.whl (8.8 MB)
Collecting pycparser
  Using cached pycparser-2.21-py2.py3-none-any.whl (118 kB)
Collecting elastic-transport<9,>=8
  Downloading elastic_transport-8.4.0-py3-none-any.whl (59 kB)
     |████████████████████████████████| 59 kB 20.2 MB/s
Collecting pbr>=3.0.0
  Using cached pbr-5.11.1-py2.py3-none-any.whl (112 kB)
Collecting defusedxml
  Using cached defusedxml-0.7.1-py2.py3-none-any.whl (25 kB)
Collecting requests-toolbelt
  Using cached requests_toolbelt-0.10.1-py2.py3-none-any.whl (54 kB)
Collecting requests-oauthlib>=0.6.1
  Using cached requests_oauthlib-1.3.1-py2.py3-none-any.whl (23 kB)
Collecting importlib-metadata
  Using cached importlib_metadata-4.8.3-py3-none-any.whl (17 kB)
Collecting pyrsistent>=0.14.0
  Using cached pyrsistent-0.18.0-cp36-cp36m-manylinux1_x86_64.whl (117 kB)
Collecting attrs>=17.4.0
  Using cached attrs-22.2.0-py3-none-any.whl (60 kB)
Collecting typing-extensions
  Using cached typing_extensions-4.1.1-py3-none-any.whl (26 kB)
Collecting urllib3<1.27,>=1.21.1
  Using cached urllib3-1.26.15-py2.py3-none-any.whl (140 kB)
Collecting idna<4,>=2.5
  Downloading idna-3.4-py3-none-any.whl (61 kB)
     |████████████████████████████████| 61 kB 338 kB/s
Collecting certifi>=2017.4.17
  Using cached certifi-2022.12.7-py3-none-any.whl (155 kB)
Collecting charset-normalizer~=2.0.0
  Using cached charset_normalizer-2.0.12-py3-none-any.whl (39 kB)
Collecting docopt<0.7.0,>=0.6.2
  Using cached docopt-0.6.2.tar.gz (25 kB)
  Preparing metadata (setup.py) ... done
Collecting websocket-client<2.0.0,>=1.2.3
  Using cached websocket_client-1.3.1-py3-none-any.whl (54 kB)
Collecting dataclasses
  Downloading dataclasses-0.8-py3-none-any.whl (19 kB)
Collecting oauthlib>=3.0.0
  Using cached oauthlib-3.2.2-py3-none-any.whl (151 kB)
Collecting pytz-deprecation-shim
  Using cached pytz_deprecation_shim-0.1.0.post0-py2.py3-none-any.whl (15 kB)
Collecting backports.zoneinfo
  Using cached backports.zoneinfo-0.2.1-cp36-cp36m-manylinux1_x86_64.whl (70 kB)
Collecting zipp>=0.5
  Using cached zipp-3.6.0-py3-none-any.whl (5.3 kB)
Collecting importlib-resources
  Using cached importlib_resources-5.4.0-py3-none-any.whl (28 kB)
Collecting tzdata
  Using cached tzdata-2022.7-py2.py3-none-any.whl (340 kB)
Using legacy 'setup.py install' for twilio, since package 'wheel' is not installed.
Using legacy 'setup.py install' for blist, since package 'wheel' is not installed.
Using legacy 'setup.py install' for envparse, since package 'wheel' is not installed.
Using legacy 'setup.py install' for exotel, since package 'wheel' is not installed.
Using legacy 'setup.py install' for docopt, since package 'wheel' is not installed.
Installing collected packages: zipp, six, importlib-resources, urllib3, tzdata, python-dateutil, jmespath, idna, charset-normalizer, certifi, backports.zoneinfo, typing-extensions, requests, pytz-deprecation-shim, oauthlib, dataclasses, botocore, websocket-client, tzlocal, setuptools, s3transfer, requests-toolbelt, requests-oauthlib, pytz, pysocks, pyrsistent, PyJWT, pycparser, pbr, importlib-metadata, elastic-transport, docopt, defusedxml, attrs, twilio, texttable, stomp.py, PyYAML, PyStaticConfiguration, py-zabbix, prison, mock, jsonschema, jira, exotel, envparse, elasticsearch, croniter, configparser, cffi, boto3, blist, aws-requests-auth, apscheduler
    Running setup.py install for docopt ... done
    Running setup.py install for twilio ... done
    Running setup.py install for exotel ... done
    Running setup.py install for envparse ... done
    Running setup.py install for blist ... done
ERROR: pips dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
elastalert 0.2.4 requires elasticsearch==7.0.0, but you have elasticsearch 8.6.2 which is incompatible.
elastalert 0.2.4 requires jira>=2.0.0, but you have jira 1.0.14 which is incompatible.
Successfully installed PyJWT-2.4.0 PyStaticConfiguration-0.11.1 PyYAML-6.0 apscheduler-3.10.1 attrs-22.2.0 aws-requests-auth-0.4.3 backports.zoneinfo-0.2.1 blist-1.3.6 boto3-1.23.10 botocore-1.26.10 certifi-2022.12.7 cffi-1.15.1 charset-normalizer-2.0.12 configparser-5.2.0 croniter-1.3.8 dataclasses-0.8 defusedxml-0.7.1 docopt-0.6.2 elastic-transport-8.4.0 elasticsearch-8.6.2 envparse-0.2.0 exotel-0.1.5 idna-3.4 importlib-metadata-4.8.3 importlib-resources-5.4.0 jira-3.2.0 jmespath-0.10.0 jsonschema-3.2.0 mock-5.0.1 oauthlib-3.2.2 pbr-5.11.1 prison-0.2.1 py-zabbix-1.1.3 pycparser-2.21 pyrsistent-0.18.0 pysocks-1.7.1 python-dateutil-2.6.1 pytz-2022.7.1 pytz-deprecation-shim-0.1.0.post0 requests-2.27.1 requests-oauthlib-1.3.1 requests-toolbelt-0.10.1 s3transfer-0.5.2 setuptools-59.6.0 six-1.16.0 stomp.py-8.1.0 texttable-1.6.7 twilio-6.0.0 typing-extensions-4.1.1 tzdata-2022.7 tzlocal-4.2 urllib3-1.26.15 websocket-client-1.3.1 zipp-3.6.0
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
[root@tmplogsvr elastalert]#
[root@tmplogsvr elastalert]# cd ..
[root@tmplogsvr opt]# rm -rf ./elastalert/

 

bitsensor용 elastalert 설치

 - 용도: kibana에서 elastalert을 구동하기 위한 필수 버전

[root@tmplogsvr opt]# git clone https://github.com/bitsensor/elastalert.git && cd elastalert
'elastalert'에 복제합니다...
remote: Enumerating objects: 1473, done.
remote: Total 1473 (delta 0), reused 0 (delta 0), pack-reused 1473
오브젝트를 받는 중: 100% (1473/1473), 287.83 KiB | 11.99 MiB/s, 완료.
델타를 알아내는 중: 100% (813/813), 완료.
[root@tmplogsvr elastalert]#

 

npm 설치

[root@tmplogsvr elastalert]# yum install npm
마지막 메타자료 만료확인 1:39:50 이전인: 2023년 03월 16일 (목) 오전 09시 47분 28초.
종속성이 해결되었습니다.
======================================================================================================================================================================================================
 꾸러미                                     구조                             버전                                                                           레포지터리                           크기
======================================================================================================================================================================================================
설치 중:
 npm                                        x86_64                           1:6.14.10-1.10.23.1.1.module_el8.4.0+645+9ce14ba2                              appstream                           3.7 M
종속 꾸러미 설치 중:
 nodejs                                     x86_64                           1:10.23.1-1.module_el8.4.0+645+9ce14ba2                                        appstream                           8.9 M
취약한 종속 꾸러미 설치 중:
 nodejs-full-i18n                           x86_64                           1:10.23.1-1.module_el8.4.0+645+9ce14ba2                                        appstream                           7.3 M
모듈 스트림 활성화:
 nodejs                                                                      10

연결 요약
======================================================================================================================================================================================================
설치  3 꾸러미

총계 내려받기 크기: 20 M
설치된 크기 : 71 M
진행 할 까요? [y/N]: y
꾸러미 내려받기 중:
(1/3): npm-6.14.10-1.10.23.1.1.module_el8.4.0+645+9ce14ba2.x86_64.rpm                                                                                                 7.4 MB/s | 3.7 MB     00:00
(2/3): nodejs-full-i18n-10.23.1-1.module_el8.4.0+645+9ce14ba2.x86_64.rpm                                                                                              6.3 MB/s | 7.3 MB     00:01
(3/3): nodejs-10.23.1-1.module_el8.4.0+645+9ce14ba2.x86_64.rpm                                                                                                        7.4 MB/s | 8.9 MB     00:01
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
합계                                                                                                                                                                   10 MB/s |  20 MB     00:01
연결 확인 실행 중
연결 확인에 성공했습니다.
연결 시험 실행 중
연결 시험에 성공했습니다.
연결 실행 중
  스크립트릿 실행 중: npm-1:6.14.10-1.10.23.1.1.module_el8.4.0+645+9ce14ba2.x86_64                                                                                                                1/1
  준비 중           :                                                                                                                                                                             1/1
  설치 중           : nodejs-full-i18n-1:10.23.1-1.module_el8.4.0+645+9ce14ba2.x86_64                                                                                                             1/3
  설치 중           : npm-1:6.14.10-1.10.23.1.1.module_el8.4.0+645+9ce14ba2.x86_64                                                                                                                2/3
  설치 중           : nodejs-1:10.23.1-1.module_el8.4.0+645+9ce14ba2.x86_64                                                                                                                       3/3
  스크립트릿 실행 중: nodejs-1:10.23.1-1.module_el8.4.0+645+9ce14ba2.x86_64                                                                                                                       3/3
  확인 중           : nodejs-1:10.23.1-1.module_el8.4.0+645+9ce14ba2.x86_64                                                                                                                       1/3
  확인 중           : nodejs-full-i18n-1:10.23.1-1.module_el8.4.0+645+9ce14ba2.x86_64                                                                                                             2/3
  확인 중           : npm-1:6.14.10-1.10.23.1.1.module_el8.4.0+645+9ce14ba2.x86_64                                                                                                                3/3

설치되었습니다:
  nodejs-1:10.23.1-1.module_el8.4.0+645+9ce14ba2.x86_64       nodejs-full-i18n-1:10.23.1-1.module_el8.4.0+645+9ce14ba2.x86_64       npm-1:6.14.10-1.10.23.1.1.module_el8.4.0+645+9ce14ba2.x86_64

완료되었습니다!
[root@tmplogsvr elastalert]#

 

npm 실행 오류 1 및 해결

[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

./scripts/start.sh: line 3: ./node_modules/.bin/bunyan: 그런 파일이나 디렉터리가 없습니다
internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'babel-register'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/index.js:1:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
    at Function.Module._load (internal/modules/cjs/loader.js:585:3)
npm ERR! code ELIFECYCLE
npm ERR! syscall spawn
npm ERR! file sh
npm ERR! errno ENOENT
npm ERR! @bitsensor/elastalert@3.0.0-beta.0 start: `sh ./scripts/start.sh`
npm ERR! spawn ENOENT
npm ERR!
npm ERR! Failed at the @bitsensor/elastalert@3.0.0-beta.0 start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm WARN Local package.json exists, but node_modules missing, did you mean to install?

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2023-03-16T02_32_07_479Z-debug.log
[root@tmplogsvr elastalert]#
[root@tmplogsvr elastalert]# npm install bunyan

> dtrace-provider@0.8.8 install /opt/elastalert/node_modules/dtrace-provider
> node-gyp rebuild || node suppress-error.js

make: 디렉터리 '/opt/elastalert/node_modules/dtrace-provider/build' 들어감
  TOUCH Release/obj.target/DTraceProviderStub.stamp
make: 디렉터리 '/opt/elastalert/node_modules/dtrace-provider/build' 나감
npm notice created a lockfile as package-lock.json. You should commit this file.
+ bunyan@1.8.15
added 20 packages from 23 contributors and audited 20 packages in 2.499s

1 package is looking for funding
  run `npm fund` for details

found 0 vulnerabilities

[root@tmplogsvr elastalert]# npm install babel-register --save-dev
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.

> core-js@2.6.12 postinstall /opt/elastalert/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"

Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!

The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:
> https://opencollective.com/core-js
> https://www.patreon.com/zloirock

Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)

npm notice save babel-register is being moved from dependencies to devDependencies
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ babel-register@6.26.0
added 51 packages from 53 contributors and audited 93 packages in 1.83s

3 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]#

 

npm 실행 오류 2 및 해결

[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

/opt/elastalert/node_modules/babel-core/lib/transformation/file/options/option-manager.js:328
        throw e;
        ^

Error: Couldnt find preset "es2015" relative to directory "/opt/elastalert"
    at /opt/elastalert/node_modules/babel-core/lib/transformation/file/options/option-manager.js:293:19
    at Array.map (<anonymous>)
    at OptionManager.resolvePresets (/opt/elastalert/node_modules/babel-core/lib/transformation/file/options/option-manager.js:275:20)
    at OptionManager.mergePresets (/opt/elastalert/node_modules/babel-core/lib/transformation/file/options/option-manager.js:264:10)
    at OptionManager.mergeOptions (/opt/elastalert/node_modules/babel-core/lib/transformation/file/options/option-manager.js:249:14)
    at OptionManager.init (/opt/elastalert/node_modules/babel-core/lib/transformation/file/options/option-manager.js:368:12)
    at compile (/opt/elastalert/node_modules/babel-register/lib/node.js:103:45)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:14)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
[root@tmplogsvr elastalert]# npm install babel-preset-es2015
npm WARN deprecated babel-preset-es2015@6.24.1: 🙌  Thanks for using Babel: we recommend using babel-preset-env now: please read https://babeljs.io/env to update!
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ babel-preset-es2015@6.24.1
added 43 packages from 8 contributors and audited 136 packages in 2.904s

3 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'express'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/elastalert_server.js:1:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install express
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ express@4.18.2
added 54 packages from 40 contributors and audited 190 packages in 1.574s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'body-parser'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/elastalert_server.js:2:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install body-parser
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ body-parser@1.20.2
added 2 packages from 3 contributors and audited 192 packages in 0.82s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'joi'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/common/config/server_config.js:1:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install joi
npm WARN deprecated joi@13.7.0: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated topo@3.0.3: This module has moved and is now available at @hapi/topo. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated hoek@5.0.4: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated hoek@6.1.3: This module has moved and is now available at @hapi/hoek. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ joi@13.7.0
added 6 packages from 1 contributor and audited 198 packages in 0.992s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'object-resolve-path'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/common/config/server_config.js:5:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install object-resolve-path
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ object-resolve-path@1.1.1
added 1 package from 1 contributor and audited 199 packages in 1.433s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'mkdirp'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/common/file_system.js:3:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install mkdirp
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ mkdirp@0.5.6
added 1 package from 1 contributor and audited 200 packages in 0.821s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'ws'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/common/websocket.js:1:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install ws
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ ws@6.2.2
added 2 packages from 2 contributors and audited 202 packages in 0.873s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'lodash'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/routes/route_setup.js:1:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install lodash
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ lodash@4.17.21
added 1 package from 2 contributors and audited 203 packages in 0.815s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'elasticsearch'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/common/elasticsearch_client.js:1:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install elasticsearch
npm WARN deprecated elasticsearch@15.5.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ elasticsearch@15.5.0
added 3 packages from 3 contributors and audited 207 packages in 0.943s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'tar'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/controllers/rules/index.js:3:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install tar
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ tar@4.4.19
added 6 packages from 1 contributor and audited 213 packages in 1.447s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'fs-extra'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/controllers/rules/index.js:4:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install fs-extra
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ fs-extra@5.0.0
added 4 packages from 2 contributors and audited 217 packages in 0.975s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'request-promise-native'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/controllers/rules/index.js:5:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install request-promise-native
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.
npm WARN request-promise-native@1.0.9 requires a peer of request@^2.34 but none is installed. You must install peer dependencies yourself.
npm WARN request-promise-core@1.1.4 requires a peer of request@^2.34 but none is installed. You must install peer dependencies yourself.

+ request-promise-native@1.0.9
added 5 packages from 9 contributors and audited 222 packages in 0.974s

10 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'request'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at /opt/elastalert/node_modules/request-promise-native/lib/rp.js:8:12
    at module.exports (/opt/elastalert/node_modules/stealthy-require/lib/index.js:62:23)
    at Object.<anonymous> (/opt/elastalert/node_modules/request-promise-native/lib/rp.js:7:15)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:152:7)
[root@tmplogsvr elastalert]# npm install request
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ request@2.88.2
added 40 packages from 43 contributors and audited 262 packages in 1.55s

11 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'randomstring'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/controllers/test/index.js:5:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install randomstring
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ randomstring@1.2.3
added 3 packages from 2 contributors and audited 265 packages in 1.026s

11 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

internal/modules/cjs/loader.js:638
    throw err;
    ^

Error: Cannot find module 'cors'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:636:15)
    at Function.Module._load (internal/modules/cjs/loader.js:562:25)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at require (internal/modules/cjs/helpers.js:25:18)
    at Object.<anonymous> (/opt/elastalert/src/elastalert_server.js:13:1)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at loader (/opt/elastalert/node_modules/babel-register/lib/node.js:144:5)
    at Object.require.extensions.(anonymous function) [as .js] (/opt/elastalert/node_modules/babel-register/lib/node.js:154:7)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
[root@tmplogsvr elastalert]# npm install cors
npm WARN @babel/register@7.21.0 requires a peer of @babel/core@^7.0.0-0 but none is installed. You must install peer dependencies yourself.

+ cors@2.8.5
added 2 packages from 2 contributors and audited 267 packages in 1.027s

11 packages are looking for funding
  run `npm fund` for details

found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
[root@tmplogsvr elastalert]#

 

npm 실행 오류 3 및 해결

[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

03:04:12.912Z  INFO elastalert-server: Config:  No config.dev.json file was found in /opt/elastalert/config/config.dev.json.
03:04:12.913Z  INFO elastalert-server: Config:  Proceeding to look for normal config file.
03:04:12.913Z  INFO elastalert-server: Config:  A config file was found in /opt/elastalert/config/config.json. Using that config.
03:04:12.919Z  INFO elastalert-server: Router:  Listening for GET request on /.
03:04:12.919Z  INFO elastalert-server: Router:  Listening for GET request on /status.
03:04:12.919Z  INFO elastalert-server: Router:  Listening for GET request on /status/control/:action.
03:04:12.919Z  INFO elastalert-server: Router:  Listening for GET request on /status/errors.
03:04:12.919Z  INFO elastalert-server: Router:  Listening for GET request on /rules.
03:04:12.920Z  INFO elastalert-server: Router:  Listening for GET request on /rules/:id.
03:04:12.920Z  INFO elastalert-server: Router:  Listening for POST request on /rules/:id.
03:04:12.920Z  INFO elastalert-server: Router:  Listening for DELETE request on /rules/:id.
03:04:12.920Z  INFO elastalert-server: Router:  Listening for GET request on /templates.
03:04:12.920Z  INFO elastalert-server: Router:  Listening for GET request on /templates/:id.
03:04:12.920Z  INFO elastalert-server: Router:  Listening for POST request on /templates/:id.
03:04:12.920Z  INFO elastalert-server: Router:  Listening for DELETE request on /templates/:id.
03:04:12.921Z  INFO elastalert-server: Router:  Listening for POST request on /test.
03:04:12.921Z  INFO elastalert-server: Router:  Listening for GET request on /config.
03:04:12.921Z  INFO elastalert-server: Router:  Listening for POST request on /config.
03:04:12.921Z  INFO elastalert-server: Router:  Listening for POST request on /download.
03:04:12.921Z  INFO elastalert-server: Router:  Listening for GET request on /metadata/:type.
03:04:12.921Z  INFO elastalert-server: Router:  Listening for GET request on /mapping/:index.
03:04:12.921Z  INFO elastalert-server: Router:  Listening for POST request on /search/:index.
03:04:12.923Z  INFO elastalert-server: ProcessController:  Starting ElastAlert
03:04:12.923Z  INFO elastalert-server: ProcessController:  Creating index
03:04:13.089Z ERROR elastalert-server:
    ProcessController:  Traceback (most recent call last):
      File "/usr/lib64/python3.6/runpy.py", line 183, in _run_module_as_main
        mod_name, mod_spec, code = _get_module_details(mod_name, _Error)
      File "/usr/lib64/python3.6/runpy.py", line 109, in _get_module_details
        __import__(pkg_name)
      File "/usr/local/lib/python3.6/site-packages/elastalert/__init__.py", line 6, in <module>
        from elasticsearch import RequestsHttpConnection
    ImportError: cannot import name 'RequestsHttpConnection'

03:04:13.089Z ERROR elastalert-server: ProcessController:  Index create exited with code 1
03:04:13.089Z  WARN elastalert-server: ProcessController:  ElastAlert will start but might not be able to save its data!
03:04:13.089Z  INFO elastalert-server: ProcessController:  Starting elastalert with arguments [none]
03:04:13.093Z  INFO elastalert-server: ProcessController:  Started Elastalert (PID: 71989)
03:04:13.093Z  INFO elastalert-server: Server:  Server listening on port 3030
03:04:13.094Z  INFO elastalert-server: Server:  Websocket listening on port 3333
03:04:13.094Z  INFO elastalert-server: Server:  Server started
03:04:13.240Z ERROR elastalert-server:
    ProcessController:  Traceback (most recent call last):
      File "/usr/lib64/python3.6/runpy.py", line 183, in _run_module_as_main
        mod_name, mod_spec, code = _get_module_details(mod_name, _Error)
      File "/usr/lib64/python3.6/runpy.py", line 109, in _get_module_details
        __import__(pkg_name)
      File "/usr/local/lib/python3.6/site-packages/elastalert/__init__.py", line 6, in <module>
        from elasticsearch import RequestsHttpConnection
    ImportError: cannot import name 'RequestsHttpConnection'

03:04:13.255Z ERROR elastalert-server: ProcessController:  ElastAlert exited with code 1
03:04:13.255Z  INFO elastalert-server: Server:  Stopping server
03:04:13.255Z  INFO elastalert-server: ProcessController:  ElastAlert is not running
03:04:13.256Z  INFO elastalert-server: Server:  Server stopped. Bye!
[root@tmplogsvr elastalert]# python -m pip install --upgrade 'elasticsearch>=7.16,<8'
Collecting elasticsearch<8,>=7.16
  Downloading elasticsearch-7.17.9-py2.py3-none-any.whl (385 kB)
     |████████████████████████████████| 385 kB 40.4 MB/s
Requirement already satisfied: urllib3<2,>=1.21.1 in /usr/local/lib/python3.6/site-packages (from elasticsearch<8,>=7.16) (1.26.15)
Requirement already satisfied: certifi in /usr/local/lib/python3.6/site-packages (from elasticsearch<8,>=7.16) (2022.12.7)
Installing collected packages: elasticsearch
  Attempting uninstall: elasticsearch
    Found existing installation: elasticsearch 8.6.2
    Uninstalling elasticsearch-8.6.2:
      Successfully uninstalled elasticsearch-8.6.2
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
elastalert 0.2.4 requires elasticsearch==7.0.0, but you have elasticsearch 7.17.9 which is incompatible.
Successfully installed elasticsearch-7.17.9
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
[root@tmplogsvr elastalert]#

 

npm 실행 오류 4 및 해결

[root@tmplogsvr elastalert]# npm start

> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh

03:16:12.392Z  INFO elastalert-server: Config:  No config.dev.json file was found in /opt/elastalert/config/config.dev.json.
03:16:12.393Z  INFO elastalert-server: Config:  Proceeding to look for normal config file.
03:16:12.393Z  INFO elastalert-server: Config:  A config file was found in /opt/elastalert/config/config.json. Using that config.
03:16:12.399Z  INFO elastalert-server: Router:  Listening for GET request on /.
03:16:12.399Z  INFO elastalert-server: Router:  Listening for GET request on /status.
03:16:12.399Z  INFO elastalert-server: Router:  Listening for GET request on /status/control/:action.
03:16:12.399Z  INFO elastalert-server: Router:  Listening for GET request on /status/errors.
03:16:12.399Z  INFO elastalert-server: Router:  Listening for GET request on /rules.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for GET request on /rules/:id.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for POST request on /rules/:id.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for DELETE request on /rules/:id.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for GET request on /templates.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for GET request on /templates/:id.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for POST request on /templates/:id.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for DELETE request on /templates/:id.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for POST request on /test.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for GET request on /config.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for POST request on /config.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for POST request on /download.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for GET request on /metadata/:type.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for GET request on /mapping/:index.
03:16:12.400Z  INFO elastalert-server: Router:  Listening for POST request on /search/:index.
03:16:12.403Z  INFO elastalert-server: ProcessController:  Starting ElastAlert
03:16:12.403Z  INFO elastalert-server: ProcessController:  Creating index
03:16:12.587Z  INFO elastalert-server: ProcessController:  Enter Elasticsearch host:
03:16:12.587Z ERROR elastalert-server:
    ProcessController:  Traceback (most recent call last):
      File "/usr/lib64/python3.6/runpy.py", line 193, in _run_module_as_main
        "__main__", mod_spec)
      File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
        exec(code, run_globals)
      File "/usr/local/lib/python3.6/site-packages/elastalert/create_index.py", line 268, in <module>
        main()
      File "/usr/local/lib/python3.6/site-packages/elastalert/create_index.py", line 215, in main
        host = args.host if args.host else input('Enter Elasticsearch host: ')
    EOFError: EOF when reading a line

03:16:12.587Z ERROR elastalert-server: ProcessController:  Index create exited with code 1
03:16:12.587Z  WARN elastalert-server: ProcessController:  ElastAlert will start but might not be able to save its data!
03:16:12.587Z  INFO elastalert-server: ProcessController:  Starting elastalert with arguments [none]
03:16:12.591Z  INFO elastalert-server: ProcessController:  Started Elastalert (PID: 72288)
03:16:12.592Z  INFO elastalert-server: Server:  Server listening on port 3030
03:16:12.592Z  INFO elastalert-server: Server:  Websocket listening on port 3333
03:16:12.592Z  INFO elastalert-server: Server:  Server started
03:16:12.883Z ERROR elastalert-server:
    ProcessController:  Traceback (most recent call last):
      File "/usr/lib64/python3.6/runpy.py", line 193, in _run_module_as_main
        "__main__", mod_spec)
      File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
        exec(code, run_globals)
      File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 2055, in <module>
        sys.exit(main(sys.argv[1:]))
      File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 2049, in main
        client = ElastAlerter(args)
      File "/usr/local/lib/python3.6/site-packages/elastalert/elastalert.py", line 138, in __init__
        self.conf = load_conf(self.args)
      File "/usr/local/lib/python3.6/site-packages/elastalert/config.py", line 45, in load_conf
        conf = yaml_loader(filename)
      File "/usr/local/lib/python3.6/site-packages/staticconf/loader.py", line 177, in yaml_loader
        with open(filename) as fh:
    FileNotFoundError: [Errno 2] No such file or directory: 'config.yaml'

03:16:12.916Z ERROR elastalert-server: ProcessController:  ElastAlert exited with code 1
03:16:12.916Z  INFO elastalert-server: Server:  Stopping server
03:16:12.916Z  INFO elastalert-server: ProcessController:  ElastAlert is not running
03:16:12.917Z  INFO elastalert-server: Server:  Server stopped. Bye!
[root@tmplogsvr elastalert]#
[root@tmplogsvr elastalert]# echo \
'rules_folder: rules # 폴더명

run_every: # elasticsearch를 쿼리하는 빈도
  minutes: 1

buffer_time: # 쿼리가 실행되는 시간부터 뒤로 늘어나는 쿼리 창의 크기
  minutes: 15
  
es_host: 192.168.0.17 # elasticsearch host

es_port: 9200 # elasticsearch 사용 port

writeback_index: elastalert_status # elastalert2가 데이터를 저장할 index

alert_time_limit: # 실패한 경고에 대한 재시도 기간
  days: 2' > config.yaml
  [root@tmplogsvr elastalert]#

'기술 노트 > elastalert' 카테고리의 다른 글

elastalert plugin 설치하기  (0) 2023.03.16
elastalert rule example 2  (0) 2023.03.06
elastalert rules example 1  (0) 2023.03.06
elastalert config.yaml  (0) 2023.03.06
elastalert 실행하기 1  (0) 2023.03.06

+ Recent posts