Skip to content
Snippets Groups Projects
Commit 26bbb7d4 authored by jurgenhaas's avatar jurgenhaas
Browse files

Grab code from Elasticsearch role

parent dfac9089
No related branches found
No related tags found
No related merge requests found
elastalert_defaults:
drupal:
syslog:
query: '@log_name:"syslog.local0.err" OR @log_name:"syslog.local0.crit" OR @log_name:"syslog.local0.alert" OR @log_name:"syslog.local0.emerg"'
extra: []
apache:
query:
access: 'code:[500 TO 599]'
error: 'level:"*error"'
extra: []
elastalerts: []
---
# file: roles/elastalert/handlers/main.yml
- name: "Add ElastAlert to Boot-List"
systemd:
name='elastalert'
state='started'
daemon_reload=yes
enabled=yes
- name: "ElastAlert installation"
shell: '{{ item }}'
args:
chdir: '/opt/elastalert'
with_items:
- 'python setup.py install'
- '/usr/local/bin/elastalert-create-index --host "localhost" --port "9200" --no-auth --index "elastalert_status" --old-index ""'
---
dependencies:
- { role: elasticsearch }
---
# file: roles/elastalert/tasks/install.yml
- name: "Clone ElastAlert"
git:
accept_hostkey: yes
repo: 'https://github.com/Yelp/elastalert.git'
dest: '/opt/elastalert'
force: yes
version: 'master'
- name: "Install PIP Components"
pip:
name='{{ item }}'
state='present'
with_items:
- 'pip'
- 'setuptools'
- 'six'
- name: "Install PIP Requirements"
pip:
requirements='/opt/elastalert/requirements.txt'
- name: "Ensure Rules Directory"
file:
path='/opt/elastalert/my_rules'
state='directory'
owner='root'
group='root'
mode='755'
notify:
- "ElastAlert installation"
- "Add ElastAlert to Boot-List"
- name: "Configuration"
template:
src='config.yaml'
dest='/opt/elastalert/config.yaml'
owner='root'
group='root'
mode='644'
# ElastAlert
# https://github.com/Yelp/elastalert
---
# file: roles/elastalert/tasks/main.yml
- name: "ElastAlert Role"
set_fact: role_elastalert_started=true
tags: always
- block:
- include: install.yml
- include: rules.yml
- include: rules.drupal.yml
with_nested:
- '{{groups["webserver-drupal"]}}'
- ['rule.drupal.syslog', 'rule.drupal.apache']
loop_control:
loop_var: drupal_host
when: '"elastalert" not in excluded_roles'
---
# file: roles/elastalert/tasks/rules.drupal.yml
- block:
- set_fact:
hostname='{{ drupal_host.0 }}'
filename='{{ drupal_host.1 }}'
- name: "Rule for Drupal"
template:
src='{{ filename }}.yaml'
dest='/opt/elastalert/my_rules/{{ filename }}.{{ item.1.domain }}.yaml'
owner='root'
group='root'
mode='644'
with_subelements:
- '{{ hostvars[hostname].drupal_settings }}'
- 'domains'
when: item.1.elastalert is defined
tags: Rules
---
# file: roles/elastalert/tasks/rules.yml
- name: "Rules"
template:
src='rule.yaml'
dest='/opt/elastalert/my_rules/{{ item.key }}.yaml'
owner='root'
group='root'
mode='644'
with_items: '{{ elastalerts|default([]) }}'
tags: Rules
rules_folder: 'my_rules'
run_every:
minutes: 1
buffer_time:
minutes: 15
es_host: 'localhost'
es_port: 9200
writeback_index: 'elastalert_status'
alert_time_limit:
days: 2
{% for extra in elastalert_config|default([]) %}
{{ extra }}: {{ elastalert_config[extra]|to_nice_json }}
{% endfor %}
es_host: 'localhost'
es_port: 9200
index: '{{ elastalert_defaults.drupal.apache.index|default("logstash-*") }}'
name: 'Apache Error {{ item.1.domain }}'
description: ''
type: 'frequency'
alert:
{% for alert in item.1.elastalert.alert %}
- '{{ alert }}'
{% endfor %}
{% for entry in ['alert_subject', 'alert_text'] %}
{% if elastalert_defaults.drupal.syslog[entry] is defined %}
{{ entry }}: '{{ elastalert_defaults.drupal.syslog[entry] }}'
{% endif %}
{% endfor %}
{% for entry in ['alert_subject_args', 'alert_text_args'] %}
{% if elastalert_defaults.drupal.syslog[entry] is defined %}
{{ entry }}:
{% for line in elastalert_defaults.drupal.syslog[entry] %}
- '{{ line }}'
{% endfor %}
{% endif %}
{% endfor %}
#generate_kibana_link: true
#use_kibana4_dashboard: 'https://{{ kibana_domain }}/app/kibana#/dashboard/Default'
#kibana_url: 'https://{{ kibana_domain }}/app/kibana'
{% for extra in elastalert_defaults.drupal.syslog.extra|default([]) %}
{{ extra }}: {{ elastalert_defaults.drupal.syslog.extra[extra]|to_nice_json }}
{% endfor %}
{% for extra in item.1.elastalert.extra|default([]) %}
{{ extra }}: {{ item.1.elastalert.extra[extra]|to_nice_json }}
{% endfor %}
filter: [
{
"query_string": {
"analyze_wildcard": true,
"query": {{ ['(@log_name:"apache.error.var.log.apache2.', item.1.domain, '-error.log" AND (', elastalert_defaults.drupal.apache.query.error, ')) OR (@log_name:"apache.access.var.log.apache2.', item.1.domain, '-access.log" AND (', elastalert_defaults.drupal.apache.query.access, '))']|join("")|to_nice_json }}
}
}
]
es_host: 'localhost'
es_port: 9200
index: '{{ elastalert_defaults.drupal.syslog.index|default("logstash-*") }}'
name: 'Syslog Error {{ item.1.domain }}'
description: ''
type: 'frequency'
alert:
{% for alert in item.1.elastalert.alert %}
- '{{ alert }}'
{% endfor %}
{% for entry in ['alert_subject', 'alert_text'] %}
{% if elastalert_defaults.drupal.syslog[entry] is defined %}
{{ entry }}: '{{ elastalert_defaults.drupal.syslog[entry] }}'
{% endif %}
{% endfor %}
{% for entry in ['alert_subject_args', 'alert_text_args'] %}
{% if elastalert_defaults.drupal.syslog[entry] is defined %}
{{ entry }}:
{% for line in elastalert_defaults.drupal.syslog[entry] %}
- '{{ line }}'
{% endfor %}
{% endif %}
{% endfor %}
#generate_kibana_link: true
#use_kibana4_dashboard: 'https://{{ kibana_domain }}/app/kibana#/dashboard/Default'
#kibana_url: 'https://{{ kibana_domain }}/app/kibana'
{% for extra in elastalert_defaults.drupal.syslog.extra|default([]) %}
{{ extra }}: {{ elastalert_defaults.drupal.syslog.extra[extra]|to_nice_json }}
{% endfor %}
{% for extra in item.1.elastalert.extra|default([]) %}
{{ extra }}: {{ item.1.elastalert.extra[extra]|to_nice_json }}
{% endfor %}
filter: [
{
"query_string": {
"analyze_wildcard": true,
"query": {{ ['ident:', item.1.domain, ' AND (', elastalert_defaults.drupal.syslog.query, ')']|join("")|to_nice_json }}
}
}
]
es_host: 'localhost'
es_port: 9200
index: '{{ item.index|default("logstash-*") }}'
name: '{{ item.name }}'
description: '{{ item.description }}'
type: '{{ item.type }}'
alert:
{% for alert in item.alert %}
- '{{ alert }}'
{% endfor %}
include:
- 'hostname'
{% for entry in ['alert_subject', 'alert_text'] %}
{% if item[entry] is defined %}
{{ entry }}: '{{ item[entry] }}'
{% endif %}
{% endfor %}
{% for entry in ['alert_subject_args', 'alert_text_args'] %}
{% if item[entry] is defined %}
{{ entry }}:
{% for line in item[entry] %}
- '{{ line }}'
{% endfor %}
{% endif %}
{% endfor %}
{% for extra in item.extra|default([]) %}
{{ extra }}: {{ item.extra[extra]|to_nice_json }}
{% endfor %}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment