Commit 31b1f16a authored by Jürgen Haas's avatar Jürgen Haas

Improve configuration

parent 51b7427c
......@@ -6,3 +6,8 @@
name: elastalert
state: started
enabled: yes
- name: Restart elastalert
service:
name: elastalert
state: restarted
......@@ -31,6 +31,8 @@
- config.json
- elastalert.yaml
- elastalert-test.yaml
notify:
- Restart elastalert
tags:
- Config
......@@ -43,6 +45,7 @@
mode: 0755
notify:
- Add elastalert to autostart
- Restart elastalert
- name: Configure Logrotate
template:
......
......@@ -9,5 +9,7 @@
group: root
mode: 0644
with_items: '{{ elastalerts|default([]) }}'
notify:
- Restart elastalert
tags:
- Rules
......@@ -27,7 +27,7 @@ CONFIG_NAME=config/elastalert.yaml
# if RULE_OPTS is empty, then rules_folder from config is used
RULE_OPTS=""
#RULE_OPTS="--rule $EA_DIR/cpu_high.yaml"
DAEMON_ARGS="--config $EA_DIR/$CONFIG_NAME $RULE_OPTS --debug --verbose"
DAEMON_ARGS="--config $EA_DIR/$CONFIG_NAME $RULE_OPTS --verbose"
PID_DIR="/var/run/$NAME"
PID_FILE="$PID_DIR/$NAME.pid"
......
......@@ -14,12 +14,12 @@ rules_folder: rules
# How often ElastAlert will query elasticsearch
# The unit can be anything from weeks to seconds
run_every:
seconds: 30
seconds: 10
# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
minutes: 1
minutes: 5
# Optional URL prefix for elasticsearch
#es_url_prefix: elasticsearch
......
......@@ -12,12 +12,12 @@ rules_folder: rules
# How often ElastAlert will query elasticsearch
# The unit can be anything from weeks to seconds
run_every:
seconds: 30
seconds: 10
# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
minutes: 1
minutes: 5
# Optional URL prefix for elasticsearch
#es_url_prefix: elasticsearch
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment