I am creating an application where I need to send mail for some particular logs. Here is my rule file:
es_host: localhost
es_port: 9200
name: Log Level Test
type: frequency
index: testindexv4
num_events: 1
timeframe:
hours: 4
filter:
- term:
log_level.keyword: "ERROR"
- query:
query_string:
query: "log_level.keyword: ERROR"
alert:
- "email"
email:
- "<mailId>@gmail.com"
Here is the config.yaml
rules_folder: myrules
run_every:
seconds: 2
buffer_time:
seconds: 10
es_host: localhost
es_port: 9200
writeback_index: elastalert_status
alert_time_limit:
days: 2
Here is smpt_auth.yaml
alert:
- email
email:
- "<mailId>@gmail.com"
smtp_host: "smtp.gmail.com"
smtp_port: 587
smtp_ssl: true
from_addr: "<mailId>@gmail.com"
smtp_auth_file: 'D:\ELK_Info\ElastAlert\elastalert-master\smtp_auth_user.yaml'
Here is smtp_auth_user.yaml
user: "<mailId>@gmail.com"
password: "<password>"
When I run this command:
python -m elastalert.elastalert --verbose --rule myrules\myrule.yaml
I get an error as:
ERROR:root: Error while running alert email: Error connecting to SMTP host: [Errno 10061] No connection could be made because the target machine actively refused it.
Any idea on how to resolve the same, please?
Try checking the following link please:
https://stackoverflow.com/a/36532619/5062759
From my understanding, it's not recommended AT ALL to use Gmail to send emails out. There's a limit to it, so if you're doing it for production services (especially logs) you'll hit the cap quickly. Amazon's SES system gives developer credits I believe so you can tinker with that or if you really like Google you could use: https://cloud.google.com/appengine/docs/standard/go/mail/.