From 875c23c7d3a43c20eb03650420c2ef56778ea24c Mon Sep 17 00:00:00 2001 From: Martijn Rondeel Date: Tue, 8 Jan 2019 14:21:56 +0100 Subject: [PATCH] [BREAKING] Use different config file to test rules --- .gitlab-ci.yml | 11 -------- Dockerfile | 1 + Makefile | 2 +- README.md | 3 +++ config/elastalert-test.yaml | 51 +++++++++++++++++++++++++++++++++++ package.json | 2 +- src/controllers/test/index.js | 2 +- 7 files changed, 58 insertions(+), 14 deletions(-) create mode 100644 config/elastalert-test.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0355c46b..9693e142 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -44,17 +44,6 @@ test: - npm install --quiet - npm test -deploy:npm: - image: node:latest - stage: deploy - script: - - npm install --quiet - - sh scripts/update-authors.sh - - echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}'>.npmrc - - npm publish --access public - only: - - tags - deploy:docker: stage: deploy script: diff --git a/Dockerfile b/Dockerfile index 8fe03f84..1f83f624 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,6 +40,7 @@ COPY . /opt/elastalert-server RUN npm install --production --quiet COPY config/elastalert.yaml /opt/elastalert/config.yaml +COPY config/elastalert-test.yaml /opt/elastalert/config-test.yaml COPY config/config.json config/config.json COPY rule_templates/ /opt/elastalert/rule_templates COPY elastalert_modules/ /opt/elastalert/elastalert_modules diff --git a/Makefile b/Makefile index 1454e8ca..78767ffa 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -v ?= v0.1.31 +v ?= v0.1.38 all: build diff --git a/README.md b/README.md index de79e20d..40edea7a 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ To run the Docker image you will want to mount the volumes for configuration and ```bash docker run -d -p 3030:3030 \ -v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \ + -v `pwd`/config/elastalert-test.yaml:/opt/elastalert/config-test.yaml \ -v `pwd`/config/config.json:/opt/elastalert-server/config/config.json \ -v `pwd`/rules:/opt/elastalert/rules \ -v `pwd`/rule_templates:/opt/elastalert/rule_templates \ @@ -112,6 +113,8 @@ run_every: buffer_time: minutes: 1 ``` + +There is also a `elastalert-test.yaml` file which is only used when you use the API to test a rule. This allows you to write to a different `writeback_index` for example when testing rules. ## API This server exposes the following REST API's: diff --git a/config/elastalert-test.yaml b/config/elastalert-test.yaml new file mode 100644 index 00000000..98ae2afe --- /dev/null +++ b/config/elastalert-test.yaml @@ -0,0 +1,51 @@ +# NOTE: This config is used when testing a rule + +# The elasticsearch hostname for metadata writeback +# Note that every rule can have its own elasticsearch host +es_host: localhost + +# The elasticsearch port +es_port: 9200 + +# This is the folder that contains the rule yaml files +# Any .yaml file will be loaded as a rule +rules_folder: rules + +# How often ElastAlert will query elasticsearch +# The unit can be anything from weeks to seconds +run_every: + seconds: 5 + +# ElastAlert will buffer results from the most recent +# period of time, in case some log sources are not in real time +buffer_time: + minutes: 1 + +# Optional URL prefix for elasticsearch +#es_url_prefix: elasticsearch + +# Connect with TLS to elasticsearch +#use_ssl: True + +# Verify TLS certificates +#verify_certs: True + +# GET request with body is the default option for Elasticsearch. +# If it fails for some reason, you can pass 'GET', 'POST' or 'source'. +# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport +# for details +#es_send_get_body_as: GET + +# Option basic-auth username and password for elasticsearch +#es_username: someusername +#es_password: somepassword + +# The index on es_host which is used for metadata storage +# This can be a unmapped index, but it is recommended that you run +# elastalert-create-index to set a mapping +writeback_index: elastalert_status + +# If an alert fails for some reason, ElastAlert will retry +# sending the alert until this time period has elapsed +alert_time_limit: + days: 2 diff --git a/package.json b/package.json index 7f26ee66..b82e490b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@bitsensor/elastalert", - "version": "0.0.14", + "version": "1.0.0", "description": "A server that runs ElastAlert and exposes REST API's for manipulating rules and alerts.", "license": "MIT", "main": "index.js", diff --git a/src/controllers/test/index.js b/src/controllers/test/index.js index 053bb487..6deeda4e 100644 --- a/src/controllers/test/index.js +++ b/src/controllers/test/index.js @@ -31,7 +31,7 @@ export default class TestController { let stdoutLines = []; let stderrLines = []; - processOptions.push('-m', 'elastalert.test_rule', '--config', 'config.yaml', tempFilePath, '--days', options.days); + processOptions.push('-m', 'elastalert.test_rule', '--config', 'config-test.yaml', tempFilePath, '--days', options.days); if (options.format === 'json') { processOptions.push('--formatted-output');