I am creating an application where I need to send mail for some particular logs. Here is my rule file:
es_host: localhost
es_port: 9200
name: Log Level Test
type: frequency
index: testindexv4
num_events: 1
timeframe:
hours: 4
filter:
- term:
log_level.keyword: "ERROR"
- query:
query_string:
query: "log_level.keyword: ERROR"
alert:
- "email"
email:
- "<mailId>@gmail.com"
Here is the config.yaml
rules_folder: myrules
run_every:
seconds: 2
buffer_time:
seconds: 10
es_host: localhost
es_port: 9200
writeback_index: elastalert_status
alert_time_limit:
days: 2
Here is smpt_auth.yaml
alert:
- email
email:
- "<mailId>@gmail.com"
smtp_host: "smtp.gmail.com"
smtp_port: 587
smtp_ssl: true
from_addr: "<mailId>@gmail.com"
smtp_auth_file: 'D:\ELK_Info\ElastAlert\elastalert-master\smtp_auth_user.yaml'
Here is smtp_auth_user.yaml
user: "<mailId>@gmail.com"
password: "<password>"
When I run this command:
python -m elastalert.elastalert --verbose --rule myrules\myrule.yaml
I get an error as:
ERROR:root: Error while running alert email: Error connecting to SMTP host: [Errno 10061] No connection could be made because the target machine actively refused it.
Any idea on how to resolve the same, please?
1-Disable WMI services : run - services. msc - Windows Management Instrumentation(WMI) - stop the service. 2-Delete the files under C:\Windows\System32\wbem\Repository 3-Open regedit: Go to HKEY_LOCAL_MACHINE > Software and HKEY_CURRENT_USER > Software.
The 10061 is a winsock connection error meaning the connection was refused. No connection could be made because the target machine actively refused it. This usually results from trying to connect to a service that is inactive on the foreign host i.e. one with no server application running.
Any configuration mistakes in these settings can cause email errors due to authentication failures and show the message “Unable to connect to SMTP host”. If the connection is attempted to a different mail server, it will not work. This can happen especially in the cases of website migration from one server to another.
It may fail due to server-side firewall restrictions, an incorrect mail server name or port, or other reasons, and displays the error: And, based on the mail server’s reaction, we’ve seen two distinct variations of this error: Causes: SMTP ERROR: Failed to connect to server? 1. SMTP restrictions on the server
These restrictions lead to SMTP errors. The setting in WHM ‘Server Configuration > Tweak Settings > Mail => ‘Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)’, blocks outgoing SMTP from website software. Another setting in WHM that provides the same restriction is, “WHM Home » Security Center » SMTP Restrictions”.
If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail will fail when trying to connect to localhost. Show activity on this post.
Try checking the following link please:
https://stackoverflow.com/a/36532619/5062759
From my understanding, it's not recommended AT ALL to use Gmail to send emails out. There's a limit to it, so if you're doing it for production services (especially logs) you'll hit the cap quickly. Amazon's SES system gives developer credits I believe so you can tinker with that or if you really like Google you could use: https://cloud.google.com/appengine/docs/standard/go/mail/.
The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail
will fail when trying to connect to localhost.
To work around this, specify server in sendemail as follows:
my search terms | sendemail [email protected] sendresults=true server=mail.bar.com
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With