9

I am creating an application where I need to send mail for some particular logs. Here is my rule file: 

es_host: localhost
es_port: 9200
name: Log Level Test
type: frequency
index: testindexv4
num_events: 1
timeframe:
   hours: 4
filter:
 - term:
     log_level.keyword: "ERROR"
 - query:
     query_string:
       query: "log_level.keyword: ERROR"
alert:
- "email"
email:
- "<mailId>@gmail.com"

Here is the config.yaml

rules_folder: myrules
run_every:
  seconds: 2
buffer_time:
  seconds: 10
es_host: localhost
es_port: 9200
writeback_index: elastalert_status
alert_time_limit:
  days: 2

Here is smpt_auth.yaml

alert:
 - email
email:
 - "<mailId>@gmail.com"
smtp_host: "smtp.gmail.com" 
smtp_port: 587 
smtp_ssl: true
from_addr: "<mailId>@gmail.com"
smtp_auth_file: 'D:\ELK_Info\ElastAlert\elastalert-master\smtp_auth_user.yaml'

Here is smtp_auth_user.yaml

user: "<mailId>@gmail.com"
password: "<password>"

When I run this command:

python -m elastalert.elastalert --verbose --rule myrules\myrule.yaml

I get an error as: 

ERROR:root: Error while running alert email: Error connecting to SMTP host: [Errno 10061] No connection could be made because the target machine actively refused it.

Any idea on how to resolve the same, please?

Deva
  • 1,039
  • 1
  • 14
  • 40
  • When I read the title I knew which mail server you are using. Gmail has all kind of safety features preventing abuse and is not the best choice for anything other than personal use. – Klaus D. Sep 18 '18 at 12:28
  • @KlausD. It works on one of my colleague's windows machine..but not mine. I think it may have some solution. Let me know if you have any idea regarding the same. – Deva Sep 18 '18 at 12:30
  • One solution would be to have your own mail server. Gmail is not suitable for your use-case. – Klaus D. Sep 18 '18 at 12:35

3 Answers3

3

Try checking the following link please:

https://stackoverflow.com/a/36532619/5062759

From my understanding, it's not recommended AT ALL to use Gmail to send emails out. There's a limit to it, so if you're doing it for production services (especially logs) you'll hit the cap quickly. Amazon's SES system gives developer credits I believe so you can tinker with that or if you really like Google you could use: https://cloud.google.com/appengine/docs/standard/go/mail/.

James O
  • 90
  • 5
2

The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail will fail when trying to connect to localhost.

To work around this, specify server in sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true server=mail.bar.com

Karn Kumar
  • 8,518
  • 3
  • 27
  • 53
  • Thanks for your time, can you please elaborate more on what do you mean by 'specify server in sendemail' ? Would grateful to you if you could possibly provide steps for the same. – Deva Sep 26 '18 at 04:53
0

Can you try setting smtp_host in smtp_auth.yaml to a local smtp host (email server). Your admin can help you with figuring one out.

Prem
  • 85
  • 3
  • Thanks for your time, we actually tried with local server, still same issue. Any other suggestions are most welcome. – Deva Sep 27 '18 at 08:49
  • Did you try using an email address (for 'From: field of email) that can be recognized by the local host? You can check the email logs as well to get more details of why the host is failing to accept your connection. If you are using 'sendmail', check logs at /var/log/mail.log. – Prem Sep 27 '18 at 09:07