Improve configuration

handlers/main.yml

@@ -6,3 +6,8 @@
     name: elastalert
     state: started
     enabled: yes
+
+- name: Restart elastalert
+  service:
+    name: elastalert
+    state: restarted

tasks/install.yml

@@ -31,6 +31,8 @@
     - config.json
     - elastalert.yaml
     - elastalert-test.yaml
+  notify:
+    - Restart elastalert
   tags:
     - Config
 
@@ -43,6 +45,7 @@
     mode: 0755
   notify:
     - Add elastalert to autostart
+    - Restart elastalert
 
 - name: Configure Logrotate
   template:

tasks/rules.yml

@@ -9,5 +9,7 @@
     group: root
     mode: 0644
   with_items: '{{ elastalerts|default([]) }}'
+  notify:
+    - Restart elastalert
   tags:
     - Rules

templates/elastalert

@@ -27,7 +27,7 @@ CONFIG_NAME=config/elastalert.yaml
 # if RULE_OPTS is empty, then rules_folder from config is used
 RULE_OPTS=""
 #RULE_OPTS="--rule $EA_DIR/cpu_high.yaml"
-DAEMON_ARGS="--config $EA_DIR/$CONFIG_NAME $RULE_OPTS --debug --verbose"
+DAEMON_ARGS="--config $EA_DIR/$CONFIG_NAME $RULE_OPTS --verbose"
 
 PID_DIR="/var/run/$NAME"
 PID_FILE="$PID_DIR/$NAME.pid"

templates/elastalert-test.yaml

@@ -14,12 +14,12 @@ rules_folder: rules
 # How often ElastAlert will query elasticsearch
 # The unit can be anything from weeks to seconds
 run_every:
-  seconds: 30
+  seconds: 10
 
 # ElastAlert will buffer results from the most recent
 # period of time, in case some log sources are not in real time
 buffer_time:
-  minutes: 1
+  minutes: 5
 
 # Optional URL prefix for elasticsearch
 #es_url_prefix: elasticsearch

templates/elastalert.yaml

@@ -12,12 +12,12 @@ rules_folder: rules
 # How often ElastAlert will query elasticsearch
 # The unit can be anything from weeks to seconds
 run_every:
-  seconds: 30
+  seconds: 10
 
 # ElastAlert will buffer results from the most recent
 # period of time, in case some log sources are not in real time
 buffer_time:
-  minutes: 1
+  minutes: 5
 
 # Optional URL prefix for elasticsearch
 #es_url_prefix: elasticsearch