forked from Yelp/elastalert
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
40 changed files
with
3,737 additions
and
1,461 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,9 @@ | ||
FROM ubuntu:latest | ||
|
||
RUN apt-get update && apt-get upgrade -y | ||
RUN apt-get -y install build-essential python-setuptools python2.7 python2.7-dev libssl-dev git tox python-pip | ||
RUN apt-get -y install build-essential python3.6 python3.6-dev python3-pip libssl-dev git | ||
|
||
WORKDIR /home/elastalert | ||
|
||
ADD requirements*.txt ./ | ||
RUN pip install -r requirements-dev.txt | ||
RUN pip3 install -r requirements-dev.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
.. _loaders: | ||
|
||
Rules Loaders | ||
======================== | ||
|
||
RulesLoaders are subclasses of ``RulesLoader``, found in ``elastalert/loaders.py``. They are used to | ||
gather rules for a particular source. Your RulesLoader needs to implement three member functions, and | ||
will look something like this: | ||
|
||
.. code-block:: python | ||
class AwesomeNewRulesLoader(RulesLoader): | ||
def get_names(self, conf, use_rule=None): | ||
... | ||
def get_hashes(self, conf, use_rule=None): | ||
... | ||
def get_yaml(self, rule): | ||
... | ||
You can import loaders by specifying the type as ``module.file.RulesLoaderName``, where module is the name of a | ||
python module, and file is the name of the python file containing a ``RulesLoader`` subclass named ``RulesLoaderName``. | ||
|
||
Example | ||
------- | ||
|
||
As an example loader, let's retrieve rules from a database rather than from the local file system. First, create a | ||
modules folder for the loader in the ElastAlert directory. | ||
|
||
.. code-block:: console | ||
$ mkdir elastalert_modules | ||
$ cd elastalert_modules | ||
$ touch __init__.py | ||
Now, in a file named ``mongo_loader.py``, add | ||
|
||
.. code-block:: python | ||
from pymongo import MongoClient | ||
from elastalert.loaders import RulesLoader | ||
import yaml | ||
class MongoRulesLoader(RulesLoader): | ||
def __init__(self, conf): | ||
super(MongoRulesLoader, self).__init__(conf) | ||
self.client = MongoClient(conf['mongo_url']) | ||
self.db = self.client[conf['mongo_db']] | ||
self.cache = {} | ||
def get_names(self, conf, use_rule=None): | ||
if use_rule: | ||
return [use_rule] | ||
rules = [] | ||
self.cache = {} | ||
for rule in self.db.rules.find(): | ||
self.cache[rule['name']] = yaml.load(rule['yaml']) | ||
rules.append(rule['name']) | ||
return rules | ||
def get_hashes(self, conf, use_rule=None): | ||
if use_rule: | ||
return [use_rule] | ||
hashes = {} | ||
self.cache = {} | ||
for rule in self.db.rules.find(): | ||
self.cache[rule['name']] = rule['yaml'] | ||
hashes[rule['name']] = rule['hash'] | ||
return hashes | ||
def get_yaml(self, rule): | ||
if rule in self.cache: | ||
return self.cache[rule] | ||
self.cache[rule] = yaml.load(self.db.rules.find_one({'name': rule})['yaml']) | ||
return self.cache[rule] | ||
Finally, you need to specify in your ElastAlert configuration file that MongoRulesLoader should be used instead of the | ||
default FileRulesLoader, so in your ``elastalert.conf`` file:: | ||
|
||
rules_loader: "elastalert_modules.mongo_loader.MongoRulesLoader" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.