Skip to content

SukhanthN/elastalert-service-unit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

2 Commits
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

πŸš€ Service Unit: ElastAlert Setup and Logging

This guide explains how to configure ElastAlert on Ubuntu so it automatically starts after reboot, stores logs in a dedicated file, and manages log rotation. Perfect for adding to your public GitHub repo πŸ“‚.

Suggested Repository Name: elastalert-service-unit

πŸ–₯️ Server Details

  • OS: Ubuntu 22.04.4 LTS (Amazon EC2)
  • Hostname: ip-10-0-0-222
  • Python: 3.x
  • ElastAlert Directory: /opt/elastalert
  • Config File: /opt/elastalert/config.yaml

βš™οΈ Step 1: Create a systemd Service

1️⃣ Create service file

sudo nano /etc/systemd/system/elastalert.service

2️⃣ Add the following content

[Unit]
Description=ElastAlert Service
After=network.target

[Service]
Type=simple
WorkingDirectory=/opt/elastalert
ExecStart=/usr/bin/python3 -m elastalert.elastalert --config /opt/elastalert/config.yaml --verbose
Restart=always
RestartSec=5
User=root
StandardOutput=append:/var/log/elastalert/elastalert.log
StandardError=append:/var/log/elastalert/elastalert.log

[Install]
WantedBy=multi-user.target

3️⃣ Reload and enable service

sudo systemctl daemon-reload
sudo systemctl enable elastalert
sudo systemctl start elastalert

βœ… Check service status:

sudo systemctl status elastalert

πŸ“œ View logs:

tail -f /var/log/elastalert/elastalert.log

πŸ“ Step 2: Create Log Directory

sudo mkdir -p /var/log/elastalert
sudo touch /var/log/elastalert/elastalert.log
sudo chown root:root /var/log/elastalert/elastalert.log

πŸ’‘ Ensure proper permissions so ElastAlert can write logs.

πŸ”„ Step 3: Configure Logrotate

3.1 Create logrotate config

sudo nano /etc/logrotate.d/elastalert

3.2 Add the following

/var/log/elastalert/elastalert.log {
    daily
    rotate 7
    compress
    delaycompress
    missingok
    notifempty
    copytruncate
}

3.3 Explanation

  • πŸ“… daily β†’ Rotate logs every day
  • πŸ”„ rotate 7 β†’ Keep only the last 7 rotations
  • πŸ“¦ compress β†’ Gzip old logs
  • ⏳ delaycompress β†’ Compress starting from the 2nd rotation
  • βœ… missingok β†’ Skip if file is missing
  • 🚫 notifempty β†’ Don’t rotate empty files
  • βœ‚οΈ copytruncate β†’ Truncate active log safely while running

3.4 Test the rotation

sudo logrotate -f /etc/logrotate.d/elastalert
ls -lh /var/log/elastalert/

Expected output:

elastalert.log
elastalert.log.1.gz
elastalert.log.2.gz
...
elastalert.log.7.gz

🎯 Outcome

  • βœ… ElastAlert runs automatically on reboot.
  • πŸ“ Logs stored at /var/log/elastalert/elastalert.log.
  • ♻️ Logs rotate daily, with 7-day retention and compression.

πŸ“Œ Pro Tip

Add screenshots of your service status and logrotate output to your repo’s README for better visuals 🌟.

πŸ’¬ Contribution: PRs welcome to improve this guide or automate it via a bash script.

πŸ“„ License: MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published