kibana 웹페이지에서 elastalert을 사용하기 위해서는 실행방법이 기존과는 다릅니다.
bitsensor 버전의 elastalert은 기본 경로가 /opt/elastalert 입니다.
해당 위치에서 npm의 설정들을 진행하였기에 아래 화면을 따르면 됩니다.
[root@tmplogsvr elastalert]# pwd
/opt/elastalert
방법 1. 프로세스가 끊기지 않고 지속적으로 로그를 확인하고 싶을 때
[root@tmplogsvr elastalert]# npm start <- 이렇게 실행할 경우 프로세스가 끊기지 않고 계속적으로 로그가 보일 것입니다.
> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh
02:12:53.493Z INFO elastalert-server: Config: No config.dev.json file was found in /opt/elastalert/config/config.dev.json.
02:12:53.494Z INFO elastalert-server: Config: Proceeding to look for normal config file.
02:12:53.494Z INFO elastalert-server: Config: A config file was found in /opt/elastalert/config/config.json. Using that config.
02:12:53.500Z INFO elastalert-server: Router: Listening for GET request on /.
02:12:53.500Z INFO elastalert-server: Router: Listening for GET request on /status.
02:12:53.500Z INFO elastalert-server: Router: Listening for GET request on /status/control/:action.
02:12:53.500Z INFO elastalert-server: Router: Listening for GET request on /status/errors.
02:12:53.500Z INFO elastalert-server: Router: Listening for GET request on /rules.
02:12:53.501Z INFO elastalert-server: Router: Listening for GET request on /rules/:id.
02:12:53.501Z INFO elastalert-server: Router: Listening for POST request on /rules/:id.
02:12:53.501Z INFO elastalert-server: Router: Listening for DELETE request on /rules/:id.
02:12:53.501Z INFO elastalert-server: Router: Listening for GET request on /templates.
02:12:53.501Z INFO elastalert-server: Router: Listening for GET request on /templates/:id.
02:12:53.501Z INFO elastalert-server: Router: Listening for POST request on /templates/:id.
02:12:53.501Z INFO elastalert-server: Router: Listening for DELETE request on /templates/:id.
02:12:53.501Z INFO elastalert-server: Router: Listening for POST request on /test.
02:12:53.501Z INFO elastalert-server: Router: Listening for GET request on /config.
02:12:53.501Z INFO elastalert-server: Router: Listening for POST request on /config.
02:12:53.501Z INFO elastalert-server: Router: Listening for POST request on /download.
02:12:53.502Z INFO elastalert-server: Router: Listening for GET request on /metadata/:type.
02:12:53.502Z INFO elastalert-server: Router: Listening for GET request on /mapping/:index.
02:12:53.502Z INFO elastalert-server: Router: Listening for POST request on /search/:index.
02:12:53.504Z INFO elastalert-server: ProcessController: Starting ElastAlert
02:12:53.504Z INFO elastalert-server: ProcessController: Creating index
02:12:53.697Z INFO elastalert-server:
ProcessController: Elastic Version: 8.6.2
Reading Elastic 6 index mappings:
Reading index mapping 'es_mappings/6/silence.json'
Reading index mapping 'es_mappings/6/elastalert_status.json'
Reading index mapping 'es_mappings/6/elastalert.json'
Reading index mapping 'es_mappings/6/past_elastalert.json'
Reading index mapping 'es_mappings/6/elastalert_error.json'
Index elastalert_status already exists. Skipping index creation.
02:12:53.697Z INFO elastalert-server: ProcessController: Index create exited with code 0
02:12:53.698Z INFO elastalert-server: ProcessController: Starting elastalert with arguments [none]
02:12:53.701Z INFO elastalert-server: ProcessController: Started Elastalert (PID: 107223)
02:12:53.702Z INFO elastalert-server: Server: Server listening on port 3030
02:12:53.702Z INFO elastalert-server: Server: Websocket listening on port 3333
02:12:53.703Z INFO elastalert-server: Server: Server started
방법2: 실행 후 백그라운드로 실행하기 (터미널을 끊어도 프로세스가 살아 있습니다.)
[root@tmplogsvr elastalert]# npm start &
[1] 107293
[root@tmplogsvr elastalert]#
> @bitsensor/elastalert@3.0.0-beta.0 start /opt/elastalert
> sh ./scripts/start.sh
02:17:42.163Z INFO elastalert-server: Config: No config.dev.json file was found in /opt/elastalert/config/config.dev.json.
02:17:42.164Z INFO elastalert-server: Config: Proceeding to look for normal config file.
02:17:42.164Z INFO elastalert-server: Config: A config file was found in /opt/elastalert/config/config.json. Using that config.
02:17:42.170Z INFO elastalert-server: Router: Listening for GET request on /.
02:17:42.170Z INFO elastalert-server: Router: Listening for GET request on /status.
02:17:42.170Z INFO elastalert-server: Router: Listening for GET request on /status/control/:action.
02:17:42.170Z INFO elastalert-server: Router: Listening for GET request on /status/errors.
02:17:42.170Z INFO elastalert-server: Router: Listening for GET request on /rules.
02:17:42.171Z INFO elastalert-server: Router: Listening for GET request on /rules/:id.
02:17:42.171Z INFO elastalert-server: Router: Listening for POST request on /rules/:id.
02:17:42.172Z INFO elastalert-server: Router: Listening for DELETE request on /rules/:id.
02:17:42.172Z INFO elastalert-server: Router: Listening for GET request on /templates.
02:17:42.172Z INFO elastalert-server: Router: Listening for GET request on /templates/:id.
02:17:42.172Z INFO elastalert-server: Router: Listening for POST request on /templates/:id.
02:17:42.172Z INFO elastalert-server: Router: Listening for DELETE request on /templates/:id.
02:17:42.172Z INFO elastalert-server: Router: Listening for POST request on /test.
02:17:42.172Z INFO elastalert-server: Router: Listening for GET request on /config.
02:17:42.172Z INFO elastalert-server: Router: Listening for POST request on /config.
02:17:42.172Z INFO elastalert-server: Router: Listening for POST request on /download.
02:17:42.172Z INFO elastalert-server: Router: Listening for GET request on /metadata/:type.
02:17:42.172Z INFO elastalert-server: Router: Listening for GET request on /mapping/:index.
02:17:42.172Z INFO elastalert-server: Router: Listening for POST request on /search/:index.
02:17:42.174Z INFO elastalert-server: ProcessController: Starting ElastAlert
02:17:42.174Z INFO elastalert-server: ProcessController: Creating index
02:17:42.366Z INFO elastalert-server:
ProcessController: Elastic Version: 8.6.2
Reading Elastic 6 index mappings:
Reading index mapping 'es_mappings/6/silence.json'
Reading index mapping 'es_mappings/6/elastalert_status.json'
Reading index mapping 'es_mappings/6/elastalert.json'
Reading index mapping 'es_mappings/6/past_elastalert.json'
Reading index mapping 'es_mappings/6/elastalert_error.json'
Index elastalert_status already exists. Skipping index creation.
02:17:42.366Z INFO elastalert-server: ProcessController: Index create exited with code 0
02:17:42.367Z INFO elastalert-server: ProcessController: Starting elastalert with arguments [none]
02:17:42.370Z INFO elastalert-server: ProcessController: Started Elastalert (PID: 107325)
02:17:42.371Z INFO elastalert-server: Server: Server listening on port 3030
02:17:42.371Z INFO elastalert-server: Server: Websocket listening on port 3333
02:17:42.371Z INFO elastalert-server: Server: Server started
[root@tmplogsvr elastalert]#
실행 시킨 터미널 창을 닫은 후 아래와 같이 프로세스를 검색하시면 작동 여부를 알 수 있습니다.
[root@tmplogsvr elasticsearch]# ps -ef | grep elastalert
root 107325 107305 0 11:17 ? 00:00:00 python -m elastalert.elastalert
root 107378 79433 0 11:19 pts/2 00:00:00 grep --color=auto elastalert
[root@tmplogsvr elasticsearch]#'기술 노트 > elastalert' 카테고리의 다른 글
| kibana에서 elastalert 룰 설정하기 (0) | 2023.03.17 |
|---|---|
| kibana에서 elastalert 사용하기 (0) | 2023.03.17 |
| elastalert 설치하기 (간단히) (0) | 2023.03.16 |
| elastalert plugin 설치하기 (0) | 2023.03.16 |
| elastalert rule example 2 (0) | 2023.03.06 |