Press "Enter" to skip to content

elastalert 注册成系统服务 (配置和拍错)

Last updated on 2020-06-27

编辑配置:

[root@fivmoep01 system]# /usr/lib/systemd/system
[root@fivmoep01 system]# vi elastalertd.service
[Unit]
Description=elastalertd
After=elasticsearch.service
[Service]
Type=simple
User=root
Group=root
Restart=on-failure
WorkingDirectory=/opt/soft/elastalert (elastalert文件所在的路径)
ExecStart=/usr/bin/elastalert –config /opt/soft/elastalert/config.yaml –rule /data/elastalert/example_rules/my_rule.yaml (红色部分选填)

如果你在config.yaml中定义了rules的文件夹,在启动的时候不选择–rules — 会自动加载文件夹里面所有的rules

[Install]
WantedBy=multi-user.target

注册服务发现起不来,经过配置文件确认没有问题,因为是可以通过直接执行的方式<< (命令:python -m elastalert.elastalert --config /opt/soft/elastalert/config.yaml --verbose )

想来想去也就是elastalert这个命令有问题,结果直接运行真的有问题。。。。。如下记录输出
[root@fivmoep01 system]# systemctl start elastalertd
[root@fivmoep01 system]# systemctl status elastalertd
● elastalertd.service – elastalertd
Loaded: loaded (/etc/systemd/system/elastalertd.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Sat 2020-05-23 11:07:18 CST; 4s ago
Process: 70329 ExecStart=/usr/bin/elastalert –config /etc/elastalert/config.yaml –verbose (code=exited, status=1/FAILURE)
Main PID: 70329 (code=exited, status=1/FAILURE)

May 23 11:07:17 fivmoep01 elastalert[70329]: pkg_resources.DistributionNotFound: cffi>=1.11.5
May 23 11:07:17 fivmoep01 systemd[1]: elastalertd.service: main process exited, code=exited, status=1/FAILURE
May 23 11:07:17 fivmoep01 systemd[1]: Unit elastalertd.service entered failed state.
May 23 11:07:17 fivmoep01 systemd[1]: elastalertd.service failed.
May 23 11:07:18 fivmoep01 systemd[1]: elastalertd.service holdoff time over, scheduling restart.
May 23 11:07:18 fivmoep01 systemd[1]: Stopped elastalertd.
May 23 11:07:18 fivmoep01 systemd[1]: start request repeated too quickly for elastalertd.service
May 23 11:07:18 fivmoep01 systemd[1]: Failed to start elastalertd.
May 23 11:07:18 fivmoep01 systemd[1]: Unit elastalertd.service entered failed state.
May 23 11:07:18 fivmoep01 systemd[1]: elastalertd.service failed.

[root@fivmoep01 system]# elastalert
Traceback (most recent call last):
File “/usr/bin/elastalert”, line 5, in
from pkg_resources import load_entry_point
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 3007, in
working_set.require(requires)
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 728, in require
needed = self.resolve(parse_requirements(requirements))
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 626, in resolve
raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: cffi>=1.11.5
[root@fivmoep01 system]# cd /opt/soft/elastalert/

查看/usr/bin/elastalert文件发现,是由于运行环境使用的python2.7

修改改为python3,因为我的系统吧默认的python换成了python3 所以我此处用的是python

`#!/usr/bin/python

EASY-INSTALL-ENTRY-SCRIPT: ‘elastalert==0.2.1′,’console_scripts’,’elastalert’

requires = ‘elastalert==0.2.1’
import sys
from pkg_resources import load_entry_point

if name == ‘main‘:
sys.exit(
load_entry_point(‘elastalert==0.2.1’, ‘console_scripts’, ‘elastalert’)()
)
~
`
[root@fivmoep01 system]# python -V
Python 3.6.9
[root@fivmoep01 system]# python2 -V
Python 2.7.5
[root@fivmoep01 system]#

成功后如下:

[root@fivmoep01 system]# systemctl start elastalertd
[root@fivmoep01 system]# systemctl status elastalertd
● elastalertd.service – elastalertd
Loaded: loaded (/usr/lib/systemd/system/elastalertd.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2020-05-23 11:24:25 CST; 5s ago
Main PID: 71580 (elastalert)
CGroup: /system.slice/elastalertd.service
└─71580 /usr/bin/python /usr/bin/elastalert –config /opt/soft/elastalert/config.yaml

May 23 11:24:25 fivmoep01 systemd[1]: Started elastalertd.
[root@fivmoep01 system]#
[root@fivmoep01 system]# systemctl enable elastalertd
Created symlink from /etc/systemd/system/multi-user.target.wants/elastalertd.service to /usr/lib/systemd/system/elastalertd.service.
[root@fivmoep01 system]#
[root@fivmoep01 system]#

发表评论

电子邮件地址不会被公开。 必填项已用*标注

15 − 9 =