Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Don't look for rules in subdirectories that start with a period

See original GitHub issue

I’m using Kubernetes to mount Elastalert rules into a directory, and the way that Kuberentes mounts files is with links, like so:

/ # ls -alR /rules/
/rules/:
total 12
drwxrwxrwx    3 root     root          4096 Apr 12 13:33 .
drwxr-xr-x    1 root     root          4096 Apr 12 13:33 ..
drwxr-xr-x    2 root     root          4096 Apr 12 13:33 ..4984_12_04_13_33_37.139875337
lrwxrwxrwx    1 root     root            31 Apr 12 13:33 ..data -> ..4984_12_04_13_33_37.139875337
lrwxrwxrwx    1 root     root            17 Apr 12 13:33 rule1.yaml -> ..data/rule1.yaml
lrwxrwxrwx    1 root     root            17 Apr 12 13:33 rule2.yaml -> ..data/rule2.yaml

/rules/..4984_12_04_13_33_37.139875337:
total 16
drwxr-xr-x    2 root     root          4096 Apr 12 13:33 .
drwxrwxrwx    3 root     root          4096 Apr 12 13:33 ..
-rw-r--r--    1 root     root           598 Apr 12 13:33 rule1.yaml
-rw-r--r--    1 root     root           555 Apr 12 13:33 rule2.yaml

When I try to point my rule directory at /rules/, I get the following error:

Traceback (most recent call last):
  File "/usr/local/bin/elastalert", line 11, in <module>
    load_entry_point('elastalert==0.1.8', 'console_scripts', 'elastalert')()
  File "/usr/local/lib/python2.7/site-packages/elastalert/elastalert.py", line 1578, in main
    client = ElastAlerter(args)
  File "/usr/local/lib/python2.7/site-packages/elastalert/elastalert.py", line 95, in __init__
    self.conf = load_rules(self.args)
  File "/usr/local/lib/python2.7/site-packages/elastalert/config.py", line 425, in load_rules
    raise EAException('Error loading file %s: %s' % (rule_file, e))
elastalert.util.EAException: Error loading file /rules/..4984_12_04_13_30_12.887977537/rule2.yaml: Duplicate rule named Admin Privilege Gain

Can Elastalert ignore rules in subdirectores that begin with a period .?

Issue Analytics

State:
Created 6 years ago
Reactions:9
Comments:7 (3 by maintainers)

Top GitHub Comments

10reactions

micahhauslercommented, Apr 12, 2017

I just found the scan_subdirectories flag is available and that solves my use case, but I’d still like to know if this is a feature worth providing. I’d be willing to implement it if so.

0reactions

greg-cookcommented, Dec 18, 2017

Sorry, should have run it in --verbose. It is in fact working, it’s just very silent 😄 Thanks @micahhausler for the tip and @Qmando for responding!

Top Results From Across the Web

How to git ignore subfolders / subdirectories? - Stack Overflow

It works, except if there is a sub-folder with another project in e.g. Solution/Module/Project so for now I've added /*/*/bin/Debug and /*/*/*/bin/Debug (for ......

How to get a linux directory listing for files beginning with a ...

ls -ld : It will give the list of directories, without descending into subdirectories. Example:.

How to exclude/ignore hidden files and directories in a ...

This prints all files that are descendants of your directory, skipping hidden files and directories: find . -not -path '*/.*'. So if you're...

How to list files without directories, and filter by name (ls options)

9 Answers 9 · Use -maxdepth to only return the current directory, not recursivly search inside subfolders · Use -type f to only...

Linux configuration: Understanding *.d directories in /etc

Placing those included files in sub-directories has also been an option since the beginning. Let's review use cases and see how to get...