APJ
August 3, 2018, 3:54am
1
I am trying to simulate an environment wherein if the temperature exceeds 40β, an email is sent to the user. I am running logstash on my local.
Here is the config file.
weather_data.conf
input {
http_poller {
urls => {
weather => {
url => "http://api.openweathermap.org/data/2.5/weather?id=5490223&appid="MY_APP_ID"&units=metric"
headers => {
Accept => "application/json"
}
}
}
schedule => { cron => "* * * * * *" }
codec => json
}
}
filter {
mutate {
remove_field => ["@version" ,"command" ,"host" ,"cod" ,"id" ,"base" ,"coord" ,"sys" ,"dt"]
}
ruby{
code => ' if Time.now.to_i % 120 == 0 ; event.set("[main][temp]", 15 + event.get("[main][temp]")); end'
}
split { field => "weather" }
}
output {
if [main][temp] >= 40 {
email {
to => 'john@gmail.com'
subject => 'Alert - Temperature exceeded threshold'
body => "Exceeded temperature"
}
}
elasticsearch {
hosts => ["localhost:9200"]
index => "weather"
}
stdout {
codec => rubydebug
}
}
Exactly two minutes after running the config file, I get an error like this,
[2018-08-02T20:22:22,004][INFO ][logstash.inputs.http_poller] Registering http_poller Input {:type=>nil, :schedule=>{"cron"=>"* * * * * *"}, :timeout=>nil}
[2018-08-02T20:22:22,082][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0xca32fb8 run>"}
[2018-08-02T20:22:22,238][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2018-08-02T20:22:22,898][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-08-02T20:24:02,700][ERROR][logstash.outputs.email ] Something happen while delivering an email {:exception=>#<Errno::ECONNREFUSED: Connection refused - connect(2) for "localhost" port 25>}
What wrong am I doing? How can I make sure the email is sent? Do I have to include the logstash port?
Can someone please help me out here? I would really appreciate if you could. Thanks in advance.
NerdSec
August 3, 2018, 5:47am
2
How are you planning to send the email? Do you SMTP access or will it be a mailbox?
You might need to specify the address or domain and the auth setting if needed to send the email.
Here is another config that you could look at:
Hi everyone,
Before all, sorry for my English, it's not my native language.
I try to configure Logstash for sending mail when some specific events coming with the logstash-output-email plugin.
I'm using SMTPS mail server on port 465 ( the same as me, which is working for my user. )
my configuration file look like to that :
filter {
grok {
match => { "severity" => "warning" }
add_tag => ["warning"]
}
}
output {
if "warning" in [tagsβ¦
NerdSec
August 3, 2018, 5:51am
3
Also, are you running anything like postfix or sendmail locally? Try doing telnet localhost 25.
APJ
August 3, 2018, 5:54am
4
Hi NerdSec,
Not really sure what SMTP access is. I haven't actually set anything. For testing purpose, I only want to send an email to my personal email ID (I presume this means mailbox). Also, logstash is running on localhost. How should I go about doing this?
APJ
August 3, 2018, 6:00am
5
I tried running telnet localhost 25
I get the following error,
PS C:\Windows\System32\WindowsPowerShell\v1.0> telnet localhost 25
Connecting To localhost...Could not open connection to the host, on port 25: Connect failed
Could you please tell me how I can fix this?
NerdSec
August 3, 2018, 6:05am
6
Ok. So you don't have access to an SMTP or a mailbox locally.
Why don't you send an email via Gmail itself?
Try doing the following:telnet smtp.gmail.com 587
NerdSec
August 3, 2018, 6:08am
7
If you are able to telnet then try using the following config:
email {
to => "xyz@gmail.com"
body => "Message: %{message}"
address => "smtp.gmail.com"
port => 587
username => "xyz@gmail.com"
password => "mypass"
use_tls => true
}
APJ
August 3, 2018, 6:09am
8
Thanks! I did as you said.
I got an output like this,
220 smtp.gmail.com ESMTP s14-v6sm8644374pfj.105 - gsmtp
Also, As per my logstash configuration I am sending an email through gmail right?
APJ
August 3, 2018, 6:20am
9
Here is my updated logstash config
input {
http_poller {
urls => {
weather => {
url => "http://api.openweathermap.org/data/2.5/weather?id=5490223&appid="MY_APP_ID"&units=metric"
headers => {
Accept => "application/json"
}
}
}
schedule => { cron => "* * * * * *" }
codec => json
}
}
filter {
mutate {
remove_field => ["@version" ,"command" ,"host" ,"cod" ,"id" ,"base" ,"coord" ,"sys" ,"dt"]
}
ruby{
code => ' if Time.now.to_i % 15 == 0 ; event.set("[main][temp]", 15 + event.get("[main][temp]")); end'
}
split { field => "weather" }
}
output {
email {
to => "myusername@gmail.com"
body => "Message: %{message}"
address => "smtp.gmail.com"
port => 587
username => "myusername@gmail.com"
password => "mypassword"
use_tls => true
}
elasticsearch {
hosts => ["localhost:9200"]
index => "weather"
}
stdout {
codec => rubydebug
}
}
When i try running the config file, I get an error like this,
[2018-08-02T23:15:58,498][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-08-02T23:16:02,653][ERROR][logstash.outputs.email ] Something happen while delivering an email {:exception=>#<Net::SMTPAuthenticationError: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbsQ
>}
[2018-08-02T23:16:03,596][ERROR][logstash.outputs.email ] Something happen while delivering an email {:exception=>#<Net::SMTPAuthenticationError: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbvY
>}
NerdSec
August 3, 2018, 6:22am
10
Are you using 2FA with Gmail? If so, you might have to use App passwords.
https://support.google.com/accounts/answer/185833
APJ
August 3, 2018, 6:26am
11
I am not using 2FA. 2FA is not available for my account.
NerdSec
August 3, 2018, 6:29am
12
Then, are you sure the password is correct? It seems to be an authentication error.
APJ
August 3, 2018, 6:33am
13
Yes. Password is absolutely right. I even successfully logged in through using chrome browser.
NerdSec
August 3, 2018, 7:28am
14
I have successfully tested this on my setup and the following config works perfectly fine:
email {
to => "nerdsec@gmail.com"
body => "Message: %{message}"
address => "smtp.gmail.com"
port => 587
username => "nerdsec@gmail.com"
password => "lasdasd"
use_tls => true
}
I am using 2FA so, have used an App password for authentication.
1 Like
You need to enable "Less secure apps" (sic) in your Gmail account if you want to connect to it via SMTP without a dedicated app password: https://support.google.com/accounts/answer/6010255?hl=en
1 Like
APJ
August 3, 2018, 8:07am
16
Thanksa lot! It works now!
APJ
August 3, 2018, 8:09am
17
I had to change my google settings to allow less secure apps! After making the settings, it worked! Thanks a lot again NerdSec!
2 Likes
system
August 31, 2018, 8:09am
18
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
