External Emailing Non-Pro
#13959
Replies: 1 comment
-
|
For non-Pro users, Elastalert rules and alerters are managed via the cli by dropping your elastalert rules in |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Version
2.4.80
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
10
RAM
30
Storage for /
400
Storage for /nsm
400
Network Traffic Collection
tap
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
Hi Everyone,
Previously our SO environment, I think 2.4.20?, crashed and decided to start fresh. Before it crashed, it was able to email to our internal SMTP server without a problem.
After installation of new, from SO's ISO, everything is running great except for email alerting. Quick googling found that they put standard email alerting under professional SO. Lame.
After looking through GitHub I found a couple threads that might work, #13380 and #12474 but I wanted to see if anyone has gotten anything to work before I start digging. Official documentation does say something about nullmailer but provided no steps.
I did try creating a copy of the docker so-elastalert:/opt/elastalert/config.yaml, editing it then moving it over to the docker container. Everything worked except, the most important part, moving the edited file into docker. Kept saying that another resource is using it (and I can't find what resource is using it because the docker kernal is restricted from SO).
Any help is appreciated.
Thanks again!
Zil
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions