Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Theoooooo add discord alerter #2379

Open
wants to merge 9 commits into
base: beta
Choose a base branch
from
Open

Theoooooo add discord alerter #2379

wants to merge 9 commits into from

Conversation

Theoooooo
Copy link

@Theoooooo Theoooooo commented Aug 1, 2019
edited
Loading

Added a discord alerter to ElastAlert.
I think i didn't forget to put any necessary piece of code for it to work.

I'm not a python expert to there is probably plenty of room for improvements.
I'm testing this alerter for about 2 week now when i have spare time but it's working properly for me and i'm using it for production level to be able to send alerts to peoples who are using discord.

That's why i'm putting this as a draft to let other peoples review what i've done ^^

There is a description for the biggest commit i did. I also add and modify single lines after that so feel free to navigate though the commits to read the description.

There is clearly verification to do on this work, i'm not really a python expert but i tried to follow the same logic of the alerts.py file while i wrote this alerter.

@Theoooooo
Update loaders.py
1b1e8e8
@Theoooooo
Update schema.yaml
566196c 
Add discord_webhook_url schema to type string.
This will prevent errors while working with %s and % in the alerts.py file.
@Theoooooo
Update alerts.py
16bfc88 
Add discord module needed for the alerter to work properly. (need pip install disword-webhook")

Add a new alerter AlerterDiscord at the end of the file.

This alerter new at least the url of the webhook the alerter will use to process the alert.
I add many options available ;

self.discord_emoji_title : Option to replace the static ⚠️ in the title of the message posted (tested)
self.discord_http_proxy and self.discord_https_proxy : Used to make the alerter work behind a proxy (tested)
self.discord_proxy_login and discord_proxy_password : Used for the alerter to authenticate himself behind a proxy (not tested)
self.discord_embed_color : Used to choose the color of the embed content send by the alerter (tested)
self.discord_embed_footer : Used to add content on the footer of the embed content (tested)
self.discord_embed_icon_url : Used to add an icon in the footer of the embed content (tested)
I also setup the crop body to 2047 because the limit of the description field in an discord message if 2048 length long. I then update the message displayed if it is too long (not tested)
@Theoooooo
Update alerts.py
ef37f02 
Import discord module to be able to send webhook messages
@Theoooooo
Create exemple_discord_any.yaml
2cc16be 
Add an exemple of a discord alerter that i wrote.
@Theoooooo
Update alerts.py
cad482b 
add another condition if you just want to add a icon-url to the footer unstead of text.
@Theoooooo
Update loaders.py
f204413
@Theoooooo
Update requirements.txt
2879d57 
Add discord-webhook as a requirement
@Theoooooo
Update exemple_discord_any.yaml
60b51db 
added more description
@Theoooooo Theoooooo marked this pull request as ready for review August 2, 2019 08:08
@CharlieC3
Copy link

@Theoooooo Any updates to this? Would love to see this merged.

@Theoooooo
Copy link
Author

@CharlieC3 The PR is all done. The only issue that appears in the CI checks is the exemple alert i've put inside the PR.
Appart from this exemple file, the alerter is working properly and the code is correct. You can copy/paste the code to your elastalert instance by your own.

@TabakM4n
Copy link

TabakM4n commented Oct 30, 2020
edited
Loading

Hello,
Is this gonna be fixed(the CI issue) and merged anytime soon?
If not, can you tell me how to build docker image with your code?
I am currently using this https://github.com/jertel/elastalert-docker and I am not sure how to modify it - to install this version.

@nsano-rururu
Copy link
Contributor

nsano-rururu commented Jan 8, 2021
edited
Loading

@TabakM4n

There is a way to create a docker image by modifying the https://github.com/jertel/elastalert-docker/blob/master/Dockerfile of jertel / elastalert-docker as follows. We have not confirmed the operation.

FROM python:3.6-alpine

LABEL description="ElastAlert suitable for Kubernetes and Helm"
LABEL maintainer="Jason Ertel (jertel at codesim.com)"

#ARG ELASTALERT_VERSION=0.2.4

# add git
RUN apk --update upgrade && \
    apk add gcc libffi-dev musl-dev python3-dev openssl-dev tzdata libmagic git && \
    rm -rf /var/cache/apk/*

# Install ElastAlert v0.2.0b2 with Theoooooo add discord alerter #2379
RUN mkdir -p  /opt/elastalert_install_work && \
    cd /opt/elastalert_install_work && \
    git clone https://github.com/Yelp/elastalert.git && \
    cd elastalert && \
    git fetch origin pull/2379/head:Theoooooo-add-discord-alertert && \
    git checkout Theoooooo-add-discord-alertert && \
    python setup.py install

RUN apk del gcc libffi-dev musl-dev python3-dev openssl-dev

RUN mkdir -p /opt/elastalert && \
    echo "#!/bin/sh" >> /opt/elastalert/run.sh && \
    echo "set -e" >> /opt/elastalert/run.sh && \
    echo "elastalert-create-index --config /opt/config/elastalert_config.yaml" >> /opt/elastalert/run.sh && \
    echo "exec elastalert --config /opt/config/elastalert_config.yaml \"\$@\"" >> /opt/elastalert/run.sh && \
    chmod +x /opt/elastalert/run.sh

ENV TZ "UTC"

WORKDIR /opt/elastalert
ENTRYPOINT ["/opt/elastalert/run.sh"]

@nsano-rururu
Copy link
Contributor

nsano-rururu commented Jan 17, 2021
edited
Loading

I found that it doesn't work even if it is merged in the current state.

discord-webhook>=0.4.1 doesn't seem to be used in the program. So it seems to move.
You don't need to modify requirements.txt ...

and

bug

1、alerts.py L26

The following description is not required

./elastalert/alerts.py:26:1: F401 'discord_webhook.DiscordWebhook' imported but unused
./elastalert/alerts.py:26:1: F401 'discord_webhook.DiscordEmbed' imported but unused

from discord_webhook import DiscordWebhook, DiscordEmbed

2、alerts.py L2198

./elastalert/alerts.py:2198:21: F821 undefined name 'unicode'

before

 body += unicode(BasicMatchString(self.rule, match))

after

 body += str(BasicMatchString(self.rule, match))

3、alerts.py L2229

./elastalert/alerts.py:2209:9: F841 local variable 'auth' is assigned to but never used
./elastalert/alerts.py:2229:17: F841 local variable 'result' is assigned to but never used

before

result = requests.post(self.discord_webhook_url, data=json.dumps(data), headers=headers, proxies=proxies)

fix

response = requests.post(self.discord_webhook_url, data=json.dumps(data), headers=headers, proxies=proxies, auth=auth)
warnings.resetwarnings()
response.raise_for_status()

4、other

./elastalert/alerts.py:2178:1: E302 expected 2 blank lines, found 1
./elastalert/alerts.py:2182:22: E231 missing whitespace after ','
./elastalert/alerts.py:2202:17: E117 over-indented
./elastalert/alerts.py:2220:17: E117 over-indented
./elastalert/alerts.py:2224:17: E117 over-indented
./elastalert/alerts.py:2229:17: E117 over-indented
./elastalert/alerts.py:2231:17: E117 over-indented
./elastalert/alerts.py:2237:13: E117 over-indented

There still seems to be a bug

15:42:10.691Z ERROR elastalert-server:
    ProcessController:  ERROR:root:Traceback (most recent call last):
      File "/opt/elastalert/elastalert/elastalert.py", line 1464, in alert
        return self.send_alert(matches, rule, alert_time=alert_time, retried=retried)
      File "/opt/elastalert/elastalert/elastalert.py", line 1558, in send_alert
        alert.alert(matches)
      File "/opt/elastalert/elastalert/alerts.py", line 2214, in alert
        proxies['http'] = '%s' % (self.discord_http_proxy) if self.discord_http_proxy else None
    TypeError: 'NoneType' object does not support item assignment
    
    
15:42:10.691Z ERROR elastalert-server:
    ProcessController:  ERROR:root:Uncaught exception running rule a: 'NoneType' object does not support item assignment

I deleted "proxies ['http'] ='% s'% (self.discord_http_proxy) if self.discord_http_proxy else None" and it worked. Probably proxies http is no longer set.

alerts.py

self.discord_http_proxy = self.rule.get('discord_http_proxy', None)
self.discord_https_proxy = self.rule.get('discord_https_proxy', None)

self.discord_proxy = self.rule.get('discord_proxy', None)

proxies = {} if self.discord_http_proxy or self.discord_https_proxy else None
proxies['http'] = '%s' % (self.discord_http_proxy) if self.discord_http_proxy else None
proxies['https'] = '%s' % (self.discord_https_proxy) if self.discord_https_proxy else None

proxies = {'https': self.discord_proxy} if self.discord_proxy else None

キャプチャ

example_rules/exemple_discord_any.yaml

discord_http_proxy: http_proxy_address
discord_https_proxy: https_proxy_address

discord_proxy: proxy_address

README.md and docs/source/elastalert.rst

add 「- Discord」

docs/source/ruletypes.rst

add



Discord
~~~~~~~

Discord will send notification to a Line application. The body of the notification is formatted the same as with other alerters.

Required:

``discord_webhook_url``:  The webhook URL.

Optional:

``discord_emoji_title``: By default ElastAlert will use the ``:warning:`` emoji when posting to the channel. You can use a different emoji per ElastAlert rule. Any Apple emoji can be used, see http://emojipedia.org/apple/ . If slack_icon_url_override parameter is provided, emoji is ignored.

``discord_proxy``: By default ElastAlert will not use a network proxy to send notifications to Discord. Set this option using hostname:port if you need to use a proxy.

``discord_proxy_login``: The Discord proxy auth username.

``discord_proxy_password``: The Discord proxy auth username.

``discord_embed_color``: embed color. By default ``0xffffff``.

``discord_embed_footer``: embed footer.

``discord_embed_icon_url``: You can provide icon_url to use custom image. Provide absolute address of the pciture.

@nsano-rururu
Copy link
Contributor

@TabakM4n

It has been merged by pull requesting discord alerter to jertel/elastalert:alt.
Probably added to the docker image jertel/elastalert-docker:latest-alt
https://hub.docker.com/r/jertel/elastalert-docker

@TabakM4n
Copy link

@nsano-rururu Thank you very much!

@nsano-rururu
Copy link
Contributor

@TabakM4n

example

alert:
  - discord
alert_subject: a
alert_subject_args: []
alert_text: b
alert_text_args: []
discord_webhook_url: 'https://discord.com/api/webhooks/xxxx/xxxx'
discord_emoji_title: ':lock:'
discord_embed_color: 0xE24D42
discord_embed_footer: 'Message sent by ElastAlert from your computer'
discord_embed_icon_url: 'https://humancoders-formations.s3.amazonaws.com/uploads/course/logo/38/thumb_bigger_formation-elasticsearch.png'
filter:
  - query:
      query_string:
        query: 'message:Quit'
index: mariadblog-*
is_enabled: true
name: a
realert:
  minutes: 1
timestamp_field: '@timestamp'
timestamp_type: iso
type: any
use_strftime_index: false

キャプチャ

@nsano-rururu
Copy link
Contributor

Merged into elastalert2

@nsano-rururu nsano-rururu mentioned this pull request Oct 3, 2021
Closed
@nsano-rururu nsano-rururu mentioned this pull request Mar 12, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Theoooooo @CharlieC3 @TabakM4n @nsano-rururu