Elastalert https post

JennS · December 2, 2019, 8:40pm

I have data going into Elastalert and I am getting email alerts. I am also trying to post to an https page and I keep getting this error ERROR:root:Error while running alert http_post: Error posting HTTP Post alert: HTTPSConnectionPool(host='notify.ltnglobal.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

No matter where I put the certificates. My rule looks like this:

name: snmp data ingest pipeline down
type: flatline
index: snmplogger-*
ca_certs: /etc/ssl/certs/ca-bundle.pem
threshold: 500000

use_count_query: true
doc_type: "doc"

realert:
hours: 12

threshold_cur: 10

timeframe:
minutes: 15

alert:

"email"

"post"

email:

"name@company.com"
smtp_host: "imap.company.com"
from_addr: "name@company.com"

post:
http_post_url: "https://page.com"
http_post_payload:
notification_type: "SNMPtrap"
identifier: "hostname"
end_date_time: "2050-12-31 02:00:00"
description: "This is a test"
communication_types: ["zendesk", "email", "noc_notification"]
http_post_headers:
content-type: "application/json"
Authorization: "N6a777vFju"

The email part works but the post part does not.

Any ideas?

spinscale · December 3, 2019, 10:12am

As this is a not elastalert supported forum, but rather about Elasticsearch, you are probably find more people willing to help you out if you ask on more elastalert specific forums/github repos/whatever other means of support they might have.

Hope this helps!

system · December 31, 2019, 10:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.