diff --git a/CHANGELOG.md b/CHANGELOG.md index 10990bb1..c1040d4a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ - [Docs] Extend FAQ / troubleshooting section with information on Elasticsearch RBAC - [#1324](https://github.com/jertel/elastalert2/pull/1324) - @chr-b - Upgrade to Python 3.12 - [#1327](https://github.com/jertel/elastalert2/pull/1327) - @jertel - Support hourly index patterns - [#1328](https://github.com/jertel/elastalert2/pull/1328) - @jmacdone +- Correction in IRIS and GELF alerter [#1331](https://github.com/jertel/elastalert2/pull/1331) - @malinkinsa # 2.15.0 diff --git a/docs/source/ruletypes.rst b/docs/source/ruletypes.rst index 64309e70..13a6579b 100644 --- a/docs/source/ruletypes.rst +++ b/docs/source/ruletypes.rst @@ -2576,9 +2576,9 @@ Optional: ``gelf_http_headers``: Additional headers. (Only used if gelf_type=http) -``gelf_ca_cert``: Path to custom CA certificate. +``gelf_ca_cert``: Set this option to True or a path to a CA cert bundle or directory (eg: /etc/ssl/certs/ca-certificates.crt) to validate the SSL certificate.The default value is: False. -``gelf_http_ignore_ssl_errors``: Ignore ssl error. (Only used if gelf_type=http) +``gelf_http_ignore_ssl_errors``: Ignore ssl error. (Only used if gelf_type=http).The default value is: False. ``gelf_timeout``: Custom timeout. @@ -2727,7 +2727,7 @@ The alerter requires the following option: Optional: -``iris_ca_cert``: Path to custom CA certificate. +``iris_ca_cert``: Set this option to True or a path to a CA cert bundle or directory (eg: /etc/ssl/certs/ca-certificates.crt) to validate the SSL certificate.The default value is: False. ``iris_ignore_ssl_errors``: Ignore ssl error. The default value is: ``False``. diff --git a/elastalert/alerters/gelf.py b/elastalert/alerters/gelf.py index 02f8d5bb..19221716 100644 --- a/elastalert/alerters/gelf.py +++ b/elastalert/alerters/gelf.py @@ -31,7 +31,7 @@ def __init__(self, rule): self.gelf_version = self.rule.get('gelf_version', '1.1') self.gelf_log_level = self.rule.get('gelf_log_level', 5) self.additional_headers = self.rule.get('gelf_http_headers') - self.ca_cert = self.rule.get('gelf_ca_cert', False) + self.ca_cert = self.rule.get('gelf_ca_cert') self.http_ignore_ssl_errors = self.rule.get('gelf_http_ignore_ssl_errors', False) self.timeout = self.rule.get('gelf_timeout', 30) @@ -43,7 +43,7 @@ def send_http(self, gelf_msg): if self.ca_cert: verify = self.ca_cert else: - verify = False + verify = not self.http_ignore_ssl_errors if self.http_ignore_ssl_errors: requests.packages.urllib3.disable_warnings() diff --git a/elastalert/alerters/iris.py b/elastalert/alerters/iris.py index dd23ca63..0b23e788 100644 --- a/elastalert/alerters/iris.py +++ b/elastalert/alerters/iris.py @@ -16,7 +16,7 @@ def __init__(self, rule): self.url = f"https://{self.rule.get('iris_host')}" self.api_token = self.rule.get('iris_api_token') self.customer_id = self.rule.get('iris_customer_id') - self.ca_cert = self.rule.get('iris_ca_cert', False) + self.ca_cert = self.rule.get('iris_ca_cert') self.ignore_ssl_errors = self.rule.get('iris_ignore_ssl_errors', False) self.description = self.rule.get('iris_description', None) self.overwrite_timestamp = self.rule.get('iris_overwrite_timestamp', False) @@ -113,7 +113,7 @@ def alert(self, matches): if self.ca_cert: verify = self.ca_cert else: - verify = False + verify = not self.ignore_ssl_errors if self.ignore_ssl_errors: requests.packages.urllib3.disable_warnings() diff --git a/elastalert/schema.yaml b/elastalert/schema.yaml index 666d06b0..6c8efd99 100644 --- a/elastalert/schema.yaml +++ b/elastalert/schema.yaml @@ -511,7 +511,7 @@ properties: required: [ field ] properties: field: { type: string, minLength: 1 } - gelf_ca_cert: {type: string} + gelf_ca_cert: {type: [boolean, string]} gelf_http_ignore_ssl_errors: {type: boolean} gelf_timeout: {type: integer} @@ -544,7 +544,7 @@ properties: iris_type: {type: string, enum: ['alert', 'case']} iris_customer_id: {type: integer} iris_ignore_ssl_errors: {type: boolean} - iris_ca_cert: {type: string} + iris_ca_cert: {type: [boolean, string]} iris_overwrite_timestamp: {type: boolean} iris_case_template_id: {type: integer} iris_description: {type: string} diff --git a/tests/alerters/gelf_test.py b/tests/alerters/gelf_test.py index ec3b30f0..5799d37b 100644 --- a/tests/alerters/gelf_test.py +++ b/tests/alerters/gelf_test.py @@ -41,7 +41,7 @@ def test_gelf_sent_http(caplog): url=rule['gelf_endpoint'], headers={'Content-Type': 'application/json'}, json=mock.ANY, - verify=False, + verify=True, timeout=30, ) diff --git a/tests/alerters/iris_test.py b/tests/alerters/iris_test.py index 79884538..62257aec 100644 --- a/tests/alerters/iris_test.py +++ b/tests/alerters/iris_test.py @@ -406,7 +406,7 @@ def test_iris_alert_alert(caplog): 'Authorization': f'Bearer {rule["iris_api_token"]}' }, json=mock.ANY, - verify=False, + verify=True, ) assert expected_data == mock_post_request.call_args_list[0][1]['json']