mac:ElastAlert 安装

一 Python安装过程

初次使用Python。记录下操作过程，还不如jdk那样简单明了。

安装Python：python setup.py install

python setup.py install
running install
Checking .pth file support in /Library/Python/2.7/site-packages/
error: can't create or remove files in install directory

The following error occurred while trying to add or remove files in the
installation directory:

    [Errno 13] Permission denied: '/Library/Python/2.7/site-packages/test-easy-install-17697.pth'

The installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /Library/Python/2.7/site-packages/

Perhaps your account does not have write access to this directory?  If the
installation directory is a system-owned directory, you may need to sign in
as the administrator or "root" account.  If you do not have administrative
access to this machine, you may wish to choose a different installation
directory, preferably one that is listed in your PYTHONPATH environment
variable.

For information on other options, you may wish to consult the
documentation at:

  https://pythonhosted.org/setuptools/easy_install.html

Please make the appropriate changes for your system and try again.

提示mac已经安装了。看一下，果然mac有预装的

python
Python 2.7.10 (default, Feb 22 2019, 21:55:15) 
[GCC 4.2.1 Compatible Apple LLVM 10.0.1 (clang-1001.0.37.14)] on darwin
Type "help", "copyright", "credits" or "license" for more information.

那么直接安装elastalert 吧。

git clone https://github.com/Yelp/elastalert.git
 pip install -r requirements.txt
-bash: pip: command not found

预装了Python，但是pip没有。pip是python的包管理工具，需要手动安装。看别人使用了sudo easy_install pip。试试：

Searching for pip
Reading https://pypi.python.org/simple/pip/
Download error on https://pypi.python.org/simple/pip/: EOF occurred in violation of protocol (_ssl.c:590) -- Some packages may not be found!
Couldn't find index page for 'pip' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.python.org/simple/
No local packages or download links found for pip
error: Could not find suitable distribution for Requirement.parse('pip')

不行，可以看到重定向以后的网址是https的， Python.org sites 终止支持TLS1.0和1.1版本，TLS需要>=1.2。所以改用curl.

curl 'https://bootstrap.pypa.io/get-pip.py' > get-pip.py

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 1734k  100 1734k    0     0  21009      0  0:01:24  0:01:24 --:--:-- 28070

再执行sudo python get-pip.py 

DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
WARNING: The directory '/Users/benmu/Library/Caches/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
WARNING: The directory '/Users/benmu/Library/Caches/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting pip
  Downloading https://files.pythonhosted.org/packages/00/b6/9cfa56b4081ad13874b0c6f96af8ce16cfbc1cb06bedf8e9164ce5551ec1/pip-19.3.1-py2.py3-none-any.whl (1.4MB)
     |████████████████████████████████| 1.4MB 43kB/s 
Collecting wheel
  Downloading https://files.pythonhosted.org/packages/00/83/b4a77d044e78ad1a45610eb88f745be2fd2c6d658f9798a15e384b7d57c9/wheel-0.33.6-py2.py3-none-any.whl
Installing collected packages: pip, wheel
Successfully installed pip-19.3.1 wheel-0.33.6

这马上就是2020.1.1了，不支持2.7版本了。

Python官网的版本排第一的是3.8了。https://www.python.org/ftp/python/3.8.0/python-3.8.0-macosx10.9.pkg

实在下载太慢，1k左右，1小时还没下完。受不了。从网上随便找个3.7.4安装包了。

安装完之后，还是会显示老的。

open  ~/.bash_profile

增加一行

alias python="/usr/local/bin/python3.7" - 修改默认指向

source ~/.bash_profile 让配置生效。

在输入Python就是：

Python 3.7.4 (v3.7.4:e09359112e, Jul  8 2019, 14:54:52) 
[Clang 6.0 (clang-600.0.57)] on darwin
Type "help", "copyright", "credits" or "license" for more information.

二 安装Elastalert

git clone https://github.com/Yelp/elastalert.git

Cloning into 'elastalert'...
remote: Enumerating objects: 14, done.
remote: Counting objects: 100% (14/14), done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 9169 (delta 4), reused 5 (delta 2), pack-reused 9155
Receiving objects: 100% (9169/9169), 3.77 MiB | 3.00 KiB/s, done.
Resolving deltas: 100% (6405/6405), done.

cd elastalert/

安装完python3,会自带pip3. 可以使用pip3 -V 查看版本，要是没有，安装pip3:

curl https://bootstrap.pypa.io/get-pip.py | python3

使用pip3 安装。这里的requirements.txt文件中包含所有需要安装的包，可以一次安装。

pip3 install -r requirements.txt

pip3 install -r requirements.txt
Collecting apscheduler>=3.3.0 (from -r requirements.txt (line 1))
  Using cached https://files.pythonhosted.org/packages/f3/34/9ef20ed473c4fd2c3df54ef77a27ae3fc7500b16b192add4720cab8b2c09/APScheduler-3.6.3-py2.py3-none-any.whl
Collecting aws-requests-auth>=0.3.0 (from -r requirements.txt (line 2))
  Using cached https://files.pythonhosted.org/packages/a7/ba/e1601d0508b4150f8fe503f681079a7c9a17f7aa44e0d5cc42b9e3abdb8e/aws-requests-auth-0.4.2.tar.gz
Collecting blist>=1.3.6 (from -r requirements.txt (line 3))
  Using cached https://files.pythonhosted.org/packages/6b/a8/dca5224abe81ccf8db81f8a2ca3d63e7a5fa7a86adc198d4e268c67ce884/blist-1.3.6.tar.gz
Collecting boto3>=1.4.4 (from -r requirements.txt (line 4))
  Using cached https://files.pythonhosted.org/packages/61/93/50f132ecc90e2d45f5b9754d0b9c913213e5a09e309fa3647ce10abde221/boto3-1.10.39-py2.py3-none-any.whl
Collecting cffi>=1.11.5 (from -r requirements.txt (line 5))
  Using cached https://files.pythonhosted.org/packages/d5/61/32b1aa5ef1bf60be4ef679c4aae082a7ceef98517e0e0fde68072c6ef8b6/cffi-1.13.2-cp37-cp37m-macosx_10_6_intel.whl
Collecting configparser>=3.5.0 (from -r requirements.txt (line 6))
  Downloading https://files.pythonhosted.org/packages/7a/2a/95ed0501cf5d8709490b1d3a3f9b5cf340da6c433f896bbe9ce08dbe6785/configparser-4.0.2-py2.py3-none-any.whl
Collecting croniter>=0.3.16 (from -r requirements.txt (line 7))
  Downloading https://files.pythonhosted.org/packages/c8/4c/04dea44f87b963d5c3f2bbc391e6c69d0a14aa896e35590be56213a04e4f/croniter-0.3.30-py2.py3-none-any.whl
Collecting elasticsearch>=7.0.0 (from -r requirements.txt (line 8))
  Downloading https://files.pythonhosted.org/packages/86/3c/047e4985f81af98b71f19e318a6207187987bcd8af73b1edd4470cdee76b/elasticsearch-7.1.0-py2.py3-none-any.whl (83kB)
    100% |████████████████████████████████| 92kB 5.7kB/s 
Collecting envparse>=0.2.0 (from -r requirements.txt (line 9))
  Downloading https://files.pythonhosted.org/packages/2f/8d/bee8a59732c169a455627ff1557d0db180f7c352b0274480267ad3e46875/envparse-0.2.0.tar.gz
Collecting exotel>=0.1.3 (from -r requirements.txt (line 10))
  Downloading https://files.pythonhosted.org/packages/c6/68/6373dedcc7f7eadc017f9629e2f1b33393e8f740fb9c801962a3ce4dfa91/exotel-0.1.5.tar.gz
Collecting jira<1.0.15,>=1.0.10 (from -r requirements.txt (line 11))
  Downloading https://files.pythonhosted.org/packages/54/47/bae490e2f14ac9228a5bc5a71fa08a785faaf099b858071ef6325894f324/jira-1.0.14-py2.py3-none-any.whl (95kB)
    100% |████████████████████████████████| 102kB 106kB/s 
Collecting jsonschema>=3.0.2 (from -r requirements.txt (line 12))
  Downloading https://files.pythonhosted.org/packages/c5/8f/51e89ce52a085483359217bc72cdbf6e75ee595d5b1d4b5ade40c7e018b8/jsonschema-3.2.0-py2.py3-none-any.whl (56kB)
    100% |████████████████████████████████| 61kB 6.4MB/s 
Collecting mock>=2.0.0 (from -r requirements.txt (line 13))
  Downloading https://files.pythonhosted.org/packages/05/d2/f94e68be6b17f46d2c353564da56e6fb89ef09faeeff3313a046cb810ca9/mock-3.0.5-py2.py3-none-any.whl
Collecting prison>=0.1.2 (from -r requirements.txt (line 14))
  Downloading https://files.pythonhosted.org/packages/d4/50/7b3c8e694ebe7e1f0ee07e7603c3bcee4db90bc055e6f86c0f66f321ddbb/prison-0.1.2-py2.py3-none-any.whl
Collecting py-zabbix==1.1.3 (from -r requirements.txt (line 15))
  Downloading https://files.pythonhosted.org/packages/4a/6c/08bd059c7c576f40464f1959abee94e4e8043a2048a83eb100d80094c03a/py_zabbix-1.1.3-py2.py3-none-any.whl
Collecting PyStaticConfiguration>=0.10.3 (from -r requirements.txt (line 16))
  Downloading https://files.pythonhosted.org/packages/26/2f/52494aef24daa85c1ca817ef3c16c452f2c8c9f447ce77f5b63981907038/PyStaticConfiguration-0.10.4-py2.py3-none-any.whl
Collecting python-dateutil<2.7.0,>=2.6.0 (from -r requirements.txt (line 17))
  Downloading https://files.pythonhosted.org/packages/4b/0d/7ed381ab4fe80b8ebf34411d14f253e1cf3e56e2820ffa1d8844b23859a2/python_dateutil-2.6.1-py2.py3-none-any.whl (194kB)
    100% |████████████████████████████████| 194kB 83kB/s 
Collecting python-magic>=0.4.15 (from -r requirements.txt (line 18))
  Downloading https://files.pythonhosted.org/packages/42/a1/76d30c79992e3750dac6790ce16f056f870d368ba142f83f75f694d93001/python_magic-0.4.15-py2.py3-none-any.whl
Collecting PyYAML>=5.1 (from -r requirements.txt (line 19))
  Downloading https://files.pythonhosted.org/packages/8d/c9/e5be955a117a1ac548cdd31e37e8fd7b02ce987f9655f5c7563c656d5dcb/PyYAML-5.2.tar.gz (265kB)
    100% |████████████████████████████████| 266kB 320kB/s 
Collecting requests>=2.0.0 (from -r requirements.txt (line 20))
  Downloading https://files.pythonhosted.org/packages/51/bd/23c926cd341ea6b7dd0b2a00aba99ae0f828be89d72b2190f27c11d4b7fb/requests-2.22.0-py2.py3-none-any.whl (57kB)
    100% |████████████████████████████████| 61kB 5.4MB/s 
Collecting stomp.py>=4.1.17 (from -r requirements.txt (line 21))
  Downloading https://files.pythonhosted.org/packages/52/7e/22ca617f61e0d5904e06c1ebd5d453adf30099526c0b64dca8d74fff0cad/stomp.py-4.1.22.tar.gz (50kB)
    100% |████████████████████████████████| 51kB 6.8MB/s 
Collecting texttable>=0.8.8 (from -r requirements.txt (line 22))
  Downloading https://files.pythonhosted.org/packages/82/a8/60df592e3a100a1f83928795aca210414d72cebdc6e4e0c95a6d8ac632fe/texttable-1.6.2.tar.gz
Collecting thehive4py>=1.4.4 (from -r requirements.txt (line 23))
  Downloading https://files.pythonhosted.org/packages/d7/39/5ebe83b80199cef8822b1fd3bab02798acba84c9ddf0694ff0dd3c670f58/thehive4py-1.6.0-py3-none-any.whl
Collecting twilio==6.0.0 (from -r requirements.txt (line 24))
  Downloading https://files.pythonhosted.org/packages/f6/20/c6d72e0f29030206342e4b5bef9f573bdb7c305615ea77c11c81f5c0196d/twilio-6.0.0.tar.gz (304kB)
    100% |████████████████████████████████| 307kB 322kB/s 
Collecting six>=1.4.0 (from apscheduler>=3.3.0->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/65/26/32b8464df2a97e6dd1b656ed26b2c194606c16fe163c695a992b36c11cdf/six-1.13.0-py2.py3-none-any.whl
Requirement already satisfied: setuptools>=0.7 in /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages (from apscheduler>=3.3.0->-r requirements.txt (line 1)) (40.8.0)
Collecting pytz (from apscheduler>=3.3.0->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/e7/f9/f0b53f88060247251bf481fa6ea62cd0d25bf1b11a87888e53ce5b7c8ad2/pytz-2019.3-py2.py3-none-any.whl (509kB)
    100% |████████████████████████████████| 512kB 320kB/s 
Collecting tzlocal>=1.2 (from apscheduler>=3.3.0->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/ef/99/53bd1ac9349262f59c1c421d8fcc2559ae8a5eeffed9202684756b648d33/tzlocal-2.0.0-py2.py3-none-any.whl
Collecting botocore<1.14.0,>=1.13.39 (from boto3>=1.4.4->-r requirements.txt (line 4))
  Downloading https://files.pythonhosted.org/packages/d1/0d/2fafa55aa26c3469b2ed32f08c1284d68b20d34d6173fa3a45c14f694dc9/botocore-1.13.39-py2.py3-none-any.whl (5.8MB)
    100% |████████████████████████████████| 5.8MB 300kB/s 
Collecting s3transfer<0.3.0,>=0.2.0 (from boto3>=1.4.4->-r requirements.txt (line 4))
  Downloading https://files.pythonhosted.org/packages/16/8a/1fc3dba0c4923c2a76e1ff0d52b305c44606da63f718d14d3231e21c51b0/s3transfer-0.2.1-py2.py3-none-any.whl (70kB)
    100% |████████████████████████████████| 71kB 10.9MB/s 
Collecting jmespath<1.0.0,>=0.7.1 (from boto3>=1.4.4->-r requirements.txt (line 4))
  Downloading https://files.pythonhosted.org/packages/83/94/7179c3832a6d45b266ddb2aac329e101367fbdb11f425f13771d27f225bb/jmespath-0.9.4-py2.py3-none-any.whl
Collecting pycparser (from cffi>=1.11.5->-r requirements.txt (line 5))
  Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB)
    100% |████████████████████████████████| 163kB 165kB/s 
Collecting urllib3>=1.21.1 (from elasticsearch>=7.0.0->-r requirements.txt (line 8))
  Downloading https://files.pythonhosted.org/packages/b4/40/a9837291310ee1ccc242ceb6ebfd9eb21539649f193a7c8c86ba15b98539/urllib3-1.25.7-py2.py3-none-any.whl (125kB)
    100% |████████████████████████████████| 133kB 21.6MB/s 
Collecting pbr>=3.0.0 (from jira<1.0.15,>=1.0.10->-r requirements.txt (line 11))
  Downloading https://files.pythonhosted.org/packages/7a/db/a968fd7beb9fe06901c1841cb25c9ccb666ca1b9a19b114d1bbedf1126fc/pbr-5.4.4-py2.py3-none-any.whl (110kB)
    100% |████████████████████████████████| 112kB 20.0MB/s 
Collecting requests-oauthlib>=0.6.1 (from jira<1.0.15,>=1.0.10->-r requirements.txt (line 11))
  Downloading https://files.pythonhosted.org/packages/a3/12/b92740d845ab62ea4edf04d2f4164d82532b5a0b03836d4d4e71c6f3d379/requests_oauthlib-1.3.0-py2.py3-none-any.whl
Collecting requests-toolbelt (from jira<1.0.15,>=1.0.10->-r requirements.txt (line 11))
  Downloading https://files.pythonhosted.org/packages/60/ef/7681134338fc097acef8d9b2f8abe0458e4d87559c689a8c306d0957ece5/requests_toolbelt-0.9.1-py2.py3-none-any.whl (54kB)
    100% |████████████████████████████████| 61kB 8.5MB/s 
Collecting defusedxml (from jira<1.0.15,>=1.0.10->-r requirements.txt (line 11))
  Downloading https://files.pythonhosted.org/packages/06/74/9b387472866358ebc08732de3da6dc48e44b0aacd2ddaa5cb85ab7e986a2/defusedxml-0.6.0-py2.py3-none-any.whl
Collecting importlib-metadata; python_version < "3.8" (from jsonschema>=3.0.2->-r requirements.txt (line 12))
  Downloading https://files.pythonhosted.org/packages/e9/71/1a1e0ed0981bb6a67bce55a210f168126b7ebd2065958673797ea66489ca/importlib_metadata-1.3.0-py2.py3-none-any.whl
Collecting pyrsistent>=0.14.0 (from jsonschema>=3.0.2->-r requirements.txt (line 12))
  Downloading https://files.pythonhosted.org/packages/6c/6f/c1a2e8da80a0029f6b618d7e20e1a6f2a61dd04e2e54225309c2cc4268f7/pyrsistent-0.15.6.tar.gz (107kB)
    100% |████████████████████████████████| 112kB 6.9MB/s 
Collecting attrs>=17.4.0 (from jsonschema>=3.0.2->-r requirements.txt (line 12))
  Downloading https://files.pythonhosted.org/packages/a2/db/4313ab3be961f7a763066401fb77f7748373b6094076ae2bda2806988af6/attrs-19.3.0-py2.py3-none-any.whl
Collecting chardet<3.1.0,>=3.0.2 (from requests>=2.0.0->-r requirements.txt (line 20))
  Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB)
    100% |████████████████████████████████| 143kB 224kB/s 
Collecting idna<2.9,>=2.5 (from requests>=2.0.0->-r requirements.txt (line 20))
  Downloading https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl (58kB)
    100% |████████████████████████████████| 61kB 2.9MB/s 
Collecting certifi>=2017.4.17 (from requests>=2.0.0->-r requirements.txt (line 20))
  Downloading https://files.pythonhosted.org/packages/b9/63/df50cac98ea0d5b006c55a399c3bf1db9da7b5a24de7890bc9cfd5dd9e99/certifi-2019.11.28-py2.py3-none-any.whl (156kB)
    100% |████████████████████████████████| 163kB 252kB/s 
Collecting docopt>=0.6.2 (from stomp.py>=4.1.17->-r requirements.txt (line 21))
  Downloading https://files.pythonhosted.org/packages/a2/55/8f8cab2afd404cf578136ef2cc5dfb50baa1761b68c9da1fb1e4eed343c9/docopt-0.6.2.tar.gz
Collecting future (from thehive4py>=1.4.4->-r requirements.txt (line 23))
  Downloading https://files.pythonhosted.org/packages/45/0b/38b06fd9b92dc2b68d58b75f900e97884c45bedd2ff83203d933cf5851c9/future-0.18.2.tar.gz (829kB)
    100% |████████████████████████████████| 829kB 84kB/s 
Collecting PyJWT>=1.4.2 (from twilio==6.0.0->-r requirements.txt (line 24))
  Downloading https://files.pythonhosted.org/packages/87/8b/6a9f14b5f781697e51259d81657e6048fd31a113229cf346880bb7545565/PyJWT-1.7.1-py2.py3-none-any.whl
Collecting pysocks (from twilio==6.0.0->-r requirements.txt (line 24))
  Downloading https://files.pythonhosted.org/packages/8d/59/b4572118e098ac8e46e399a1dd0f2d85403ce8bbaad9ec79373ed6badaf9/PySocks-1.7.1-py3-none-any.whl
Collecting docutils<0.16,>=0.10 (from botocore<1.14.0,>=1.13.39->boto3>=1.4.4->-r requirements.txt (line 4))
  Downloading https://files.pythonhosted.org/packages/22/cd/a6aa959dca619918ccb55023b4cb151949c64d4d5d55b3f4ffd7eee0c6e8/docutils-0.15.2-py3-none-any.whl (547kB)
    100% |████████████████████████████████| 552kB 3.6MB/s 
Collecting oauthlib>=3.0.0 (from requests-oauthlib>=0.6.1->jira<1.0.15,>=1.0.10->-r requirements.txt (line 11))
  Downloading https://files.pythonhosted.org/packages/05/57/ce2e7a8fa7c0afb54a0581b14a65b56e62b5759dbc98e80627142b8a3704/oauthlib-3.1.0-py2.py3-none-any.whl (147kB)
    100% |████████████████████████████████| 153kB 104kB/s 
Collecting zipp>=0.5 (from importlib-metadata; python_version < "3.8"->jsonschema>=3.0.2->-r requirements.txt (line 12))
  Downloading https://files.pythonhosted.org/packages/74/3d/1ee25a26411ba0401b43c6376d2316a71addcc72ef8690b101b4ea56d76a/zipp-0.6.0-py2.py3-none-any.whl
Collecting more-itertools (from zipp>=0.5->importlib-metadata; python_version < "3.8"->jsonschema>=3.0.2->-r requirements.txt (line 12))
  Downloading https://files.pythonhosted.org/packages/68/03/0604cec1ea13c9f063dd50f900d1a36160334dd3cfb01fd0e638f61b46ba/more_itertools-8.0.2-py3-none-any.whl (40kB)
    100% |████████████████████████████████| 40kB 18kB/s 
Installing collected packages: six, pytz, tzlocal, apscheduler, chardet, urllib3, idna, certifi, requests, aws-requests-auth, blist, docutils, python-dateutil, jmespath, botocore, s3transfer, boto3, pycparser, cffi, configparser, croniter, elasticsearch, envparse, exotel, pbr, oauthlib, requests-oauthlib, requests-toolbelt, defusedxml, jira, more-itertools, zipp, importlib-metadata, pyrsistent, attrs, jsonschema, mock, prison, py-zabbix, PyStaticConfiguration, python-magic, PyYAML, docopt, stomp.py, texttable, future, thehive4py, PyJWT, pysocks, twilio
  Running setup.py install for aws-requests-auth ... done
  Running setup.py install for blist ... done
  Running setup.py install for pycparser ... done
  Running setup.py install for envparse ... done
  Running setup.py install for exotel ... done
  Running setup.py install for pyrsistent ... done
  Running setup.py install for PyYAML ... done
  Running setup.py install for docopt ... done
  Running setup.py install for stomp.py ... done
  Running setup.py install for texttable ... done
  Running setup.py install for future ... done
  Running setup.py install for twilio ... done
Successfully installed PyJWT-1.7.1 PyStaticConfiguration-0.10.4 PyYAML-5.2 apscheduler-3.6.3 attrs-19.3.0 aws-requests-auth-0.4.2 blist-1.3.6 boto3-1.10.39 botocore-1.13.39 certifi-2019.11.28 cffi-1.13.2 chardet-3.0.4 configparser-4.0.2 croniter-0.3.30 defusedxml-0.6.0 docopt-0.6.2 docutils-0.15.2 elasticsearch-7.1.0 envparse-0.2.0 exotel-0.1.5 future-0.18.2 idna-2.8 importlib-metadata-1.3.0 jira-1.0.14 jmespath-0.9.4 jsonschema-3.2.0 mock-3.0.5 more-itertools-8.0.2 oauthlib-3.1.0 pbr-5.4.4 prison-0.1.2 py-zabbix-1.1.3 pycparser-2.19 pyrsistent-0.15.6 pysocks-1.7.1 python-dateutil-2.6.1 python-magic-0.4.15 pytz-2019.3 requests-2.22.0 requests-oauthlib-1.3.0 requests-toolbelt-0.9.1 s3transfer-0.2.1 six-1.13.0 stomp.py-4.1.22 texttable-1.6.2 thehive4py-1.6.0 twilio-6.0.0 tzlocal-2.0.0 urllib3-1.25.7 zipp-0.6.0

开始网络慢，有异常就重试，一下载的会跳过。

三 配置config

cp config.yaml.example config.yaml

vim config.yaml ，如下所示

# This is the folder that contains the rule yaml files
# Any .yaml file will be loaded as a rule
rules_folder: example_rules

# How often ElastAlert will query Elasticsearch
# The unit can be anything from weeks to seconds
run_every:
  minutes: 1

# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
  minutes: 15

# The Elasticsearch hostname for metadata writeback
# Note that every rule can have its own Elasticsearch host
es_host: elasticsearch.example.com

# The Elasticsearch port
es_port: 9200

# The AWS region to use. Set this when using AWS-managed elasticsearch
#aws_region: us-east-1

# The AWS profile to use. Use this if you are using an aws-cli profile.
# See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
# for details
#profile: test

# Optional URL prefix for Elasticsearch
#es_url_prefix: elasticsearch

# Connect with TLS to Elasticsearch
#use_ssl: True

# Verify TLS certificates
#verify_certs: True

# GET request with body is the default option for Elasticsearch.
# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
# for details
#es_send_get_body_as: GET

# Option basic-auth username and password for Elasticsearch
#es_username: someusername
#es_password: somepassword

# Use SSL authentication with client certificates client_cert must be
# a pem file containing both cert and key for client
#verify_certs: True
#ca_certs: /path/to/cacert.pem
#client_cert: /path/to/client_cert.pem
#client_key: /path/to/client_key.key

# The index on es_host which is used for metadata storage
# This can be a unmapped index, but it is recommended that you run
# elastalert-create-index to set a mapping
writeback_index: elastalert_status
writeback_alias: elastalert_alerts

# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
alert_time_limit:
  days: 2

# Custom logging configuration
# If you want to setup your own logging configuration to log into
# files as well or to Logstash and/or modify log levels, use
# the configuration below and adjust to your needs.
# Note: if you run ElastAlert with --verbose/--debug, the log level of
# the "elastalert" logger is changed to INFO, if not already INFO/DEBUG.
#logging:
#  version: 1
#  incremental: false
#  disable_existing_loggers: false
#  formatters:
#    logline:
#      format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s'
#
#    handlers:
#      console:
#        class: logging.StreamHandler
#        formatter: logline
#        level: DEBUG
#        stream: ext://sys.stderr
#
#      file:
#        class : logging.FileHandler
#        formatter: logline
#        level: DEBUG
#        filename: elastalert.log
#
#    loggers:
#      elastalert:
#        level: WARN
#        handlers: []
#        propagate: true
#
#      elasticsearch:
#        level: WARN
#        handlers: []
#        propagate: true
#
#      elasticsearch.trace:
#        level: WARN
#        handlers: []
#        propagate: true
#
#      '':  # root logger
#        level: WARN
#          handlers:
#            - console
#            - file
#        propagate: false

内容较多，需要参照下官网文档，看看对应的含义。下篇整理。

***************************

希望这篇文章能帮到你。

来源：CSDN

作者：bohu83

链接：https://blog.csdn.net/bohu83/article/details/103541538