Faild alert.service

Diaz

After restarting the alert.service, it fails to start and displays the error 'alert.service failed'

The service restart doesn't help

Diaz

ov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46494), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46496), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/elasticsearch-7.12.1-py3.6.egg/elasticsearch/client/init.py:214: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46498), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: self.nodes = NodesClient(self)
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/elasticsearch-7.12.1-py3.6.egg/elasticsearch/client/init.py:214: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46500), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: self.nodes = NodesClient(self)
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/elasticsearch-7.12.1-py3.6.egg/elasticsearch/client/init.py:214: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46502), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: self.nodes = NodesClient(self)
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46504), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46506), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46508), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46510), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46512), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46514), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46516), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:178: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46518), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: return super().construct_scalar(node)
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:178: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46520), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: return super().construct_scalar(node)
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46522), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46524), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46526), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:13:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 41310), raddr=('127.0.0.1', 25)>
Nov 05 12:13:33 siem_els alert[19046]: self.sock = None
Nov 05 12:13:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 41314), raddr=('127.0.0.1', 25)>
Nov 05 12:13:33 siem_els alert[19046]: self.sock = None
Nov 05 12:13:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 41318), raddr=('127.0.0.1', 25)>
Nov 05 12:13:33 siem_els alert[19046]: self.sock = None
Nov 05 12:13:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 41326), raddr=('127.0.0.1', 25)>
Nov 05 12:13:33 siem_els alert[19046]: self.sock = None
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/elastalert_mod.py:268: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 46528), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: query = {'query': {'bool': es_filters}}
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 52996), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 52998), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53000), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53004), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53006), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53008), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53010), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:13:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53012), raddr=('127.0.0.1', 9200)>
Nov 05 12:13:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53014), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53016), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53018), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53020), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53022), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53024), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53026), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53028), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53030), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53032), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53034), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53036), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 47820), raddr=('127.0.0.1', 25)>
Nov 05 12:14:33 siem_els alert[19046]: self.sock = None
Nov 05 12:14:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 47824), raddr=('127.0.0.1', 25)>
Nov 05 12:14:33 siem_els alert[19046]: self.sock = None
Nov 05 12:14:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 47828), raddr=('127.0.0.1', 25)>
Nov 05 12:14:33 siem_els alert[19046]: self.sock = None
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/init.py:80: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 53038), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: major, minor = list(map(int, self.es_version.split(".")[:2]))
Nov 05 12:14:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 47832), raddr=('127.0.0.1', 25)>
Nov 05 12:14:33 siem_els alert[19046]: self.sock = None
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59506), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59508), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59510), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59514), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59516), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59518), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59520), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59522), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59524), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59526), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59528), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59530), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:14:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59532), raddr=('127.0.0.1', 9200)>
Nov 05 12:14:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59534), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59536), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59538), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59540), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59542), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59544), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59546), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 54330), raddr=('127.0.0.1', 25)>
Nov 05 12:15:33 siem_els alert[19046]: self.sock = None
Nov 05 12:15:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 54334), raddr=('127.0.0.1', 25)>
Nov 05 12:15:33 siem_els alert[19046]: self.sock = None
Nov 05 12:15:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 54338), raddr=('127.0.0.1', 25)>
Nov 05 12:15:33 siem_els alert[19046]: self.sock = None
Nov 05 12:15:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 54342), raddr=('127.0.0.1', 25)>
Nov 05 12:15:33 siem_els alert[19046]: self.sock = None
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/elasticsearch-7.12.1-py3.6.egg/elasticsearch/client/utils.py:177: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 59548), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: self.client = client
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/APScheduler-3.9.1-py3.6.egg/apscheduler/util.py:436: PytzUsageWarning: The localize method is no longer necessary, as this time zone supports the fold attribute (PEP 495). For more details on migrating to a PEP 495-compliant implementation, see https://pytz-deprecation-shim.readthedocs.io/en/latest/migration.html
Nov 05 12:15:33 siem_els alert[19046]: return tzinfo.localize(dt)
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37820), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37822), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37824), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37826), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37830), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37832), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37834), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37836), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37838), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37840), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37842), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37844), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37846), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37848), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37850), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:15:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37852), raddr=('127.0.0.1', 9200)>
Nov 05 12:15:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37854), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37856), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37858), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37860), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/init.py:80: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 37862), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: major, minor = list(map(int, self.es_version.split(".")[:2]))
Nov 05 12:16:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 60876), raddr=('127.0.0.1', 25)>
Nov 05 12:16:33 siem_els alert[19046]: self.sock = None
Nov 05 12:16:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 60900), raddr=('127.0.0.1', 25)>
Nov 05 12:16:33 siem_els alert[19046]: self.sock = None
Nov 05 12:16:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 60908), raddr=('127.0.0.1', 25)>
Nov 05 12:16:33 siem_els alert[19046]: self.sock = None
Nov 05 12:16:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 60916), raddr=('127.0.0.1', 25)>
Nov 05 12:16:33 siem_els alert[19046]: self.sock = None
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:178: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44332), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: return super().construct_scalar(node)
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44334), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44336), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44338), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:411: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44340), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: data = {}
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:411: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44342), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: data = {}
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:59: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44346), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: for generator in state_generators:
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:59: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44348), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: for generator in state_generators:
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:59: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44350), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: for generator in state_generators:
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44352), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44354), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44356), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44358), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44360), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44362), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44364), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44366), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44368), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44370), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:16:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44372), raddr=('127.0.0.1', 9200)>
Nov 05 12:16:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:16:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 39156), raddr=('127.0.0.1', 25)>
Nov 05 12:16:33 siem_els alert[19046]: self.sock = None
Nov 05 12:16:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 39160), raddr=('127.0.0.1', 25)>
Nov 05 12:16:33 siem_els alert[19046]: self.sock = None
Nov 05 12:18:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 39164), raddr=('127.0.0.1', 25)>
Nov 05 12:18:33 siem_els alert[19046]: self.sock = None
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/elasticsearch-7.12.1-py3.6.egg/elasticsearch/client/init.py:223: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 44374), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.enrich = EnrichClient(self)
Nov 05 12:18:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 39168), raddr=('127.0.0.1', 25)>
Nov 05 12:18:33 siem_els alert[19046]: self.sock = None
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50862), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50864), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50866), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:38: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50868), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:38: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50870), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50872), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50874), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50878), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50880), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50882), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50884), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50886), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50888), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50890), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=109, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50892), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50894), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:29: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50896), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/resolver.py:150: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50898), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: for tag, regexp in resolvers + wildcard_resolvers:
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50900), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/constructor.py:49: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50902), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: node = self.get_single_node()
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/elasticsearch-7.12.1-py3.6.egg/elasticsearch/client/utils.py:137: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 50904), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: for k, v in (kwargs.pop("headers", None) or {}).copy().items()
Nov 05 12:18:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=107, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 45686), raddr=('127.0.0.1', 25)>
Nov 05 12:18:33 siem_els alert[19046]: self.sock = None
Nov 05 12:18:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 45710), raddr=('127.0.0.1', 25)>
Nov 05 12:18:33 siem_els alert[19046]: self.sock = None
Nov 05 12:18:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 45718), raddr=('127.0.0.1', 25)>
Nov 05 12:18:33 siem_els alert[19046]: self.sock = None
Nov 05 12:18:33 siem_els alert[19046]: /usr/lib64/python3.6/socket.py:657: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('127.0.0.1', 45726), raddr=('127.0.0.1', 25)>
Nov 05 12:18:33 siem_els alert[19046]: self.sock = None
Nov 05 12:18:33 siem_els alert[19046]: /opt/alert/lib64/python3.6/site-packages/PyYAML-6.0-py3.6-linux-x86_64.egg/yaml/nodes.py:38: ResourceWarning: unclosed <socket.socket fd=19, family=AddressFamily.AF_INET, type=2049, proto=6, laddr=('127.0.0.1', 57372), raddr=('127.0.0.1', 9200)>
Nov 05 12:18:33 siem_els alert[19046]: self.tag = tag

Diaz

Nov 07 12:02:16 siem_els systemd[1]: Started Alert.
Nov 07 12:02:17 siem_els alert[1488]: Traceback (most recent call last):
Nov 07 12:02:17 siem_els alert[1488]: File "/opt/alert/elastalert_modules/alert", line 204, in <module>
Nov 07 12:02:17 siem_els alert[1488]: d.load_entry_point("console_scripts", "elastalert_mod")()
Nov 07 12:02:17 siem_els alert[1488]: File "/opt/alert/lib64/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/elastalert_mod.py", line 1632, in main
Nov 07 12:02:17 siem_els alert[1488]: client = ElastAlerter(args)
Nov 07 12:02:17 siem_els alert[1488]: File "/opt/alert/lib64/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/elastalert_mod.py", line 202, in init
Nov 07 12:02:17 siem_els alert[1488]: self.rules = self.rules_loader.load(self.conf, self.args)
Nov 07 12:02:17 siem_els alert[1488]: File "/opt/alert/lib64/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/loaders.py", line 117, in load
Nov 07 12:02:17 siem_els alert[1488]: rule = self.load_configuration(rule_file, conf, args)
Nov 07 12:02:17 siem_els alert[1488]: File "/opt/alert/lib64/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/loaders.py", line 185, in load_configuration
Nov 07 12:02:17 siem_els alert[1488]: self.load_modules(rule, args)
Nov 07 12:02:17 siem_els alert[1488]: File "/opt/alert/lib64/python3.6/site-packages/elastalert-0.2.4-py3.6.egg/elastalert/loaders.py", line 437, in load_modules
Nov 07 12:02:17 siem_els alert[1488]: rule['type'] = rule['type'](rule, args)
Nov 07 12:02:17 siem_els alert[1488]: File "/opt/alert/elastalert_modules/logserver.py", line 49, in init
Nov 07 12:02:17 siem_els alert[1488]: self.expand_entries('blacklist-ioc')
Nov 07 12:02:17 siem_els alert[1488]: File "/opt/alert/elastalert_modules/logserver.py", line 67, in expand_entries
Nov 07 12:02:17 siem_els alert[1488]: with open(filename, 'r') as f:
Nov 07 12:02:17 siem_els alert[1488]: PermissionError: [Errno 13] Permission denied: '/etc/logstash/lists/misp_ip.yml'
Nov 07 12:02:17 siem_els systemd[1]: alert.service: main process exited, code=exited, status=1/FAILURE
Nov 07 12:02:17 siem_els systemd[1]: Unit alert.service entered failed state.
Nov 07 12:02:17 siem_els systemd[1]: alert.service failed.
Nov 07 12:02:17 siem_els systemd[1]: alert.service holdoff time over, scheduling restart.
Nov 07 12:02:17 siem_els systemd[1]: Stopped Alert.

WojtekG

Hi,
"PermissionError: [Errno 13] Permission denied: '/etc/logstash/lists/misp_ip.yml"

Suggests that alert service doesn't have access to the file, you need to verify if it is in correct group and what are rights to file.

Diaz

As soon as all the default WatchGuard rules were disabled, the service restarted and began working

Diaz

Prior to this, we had an issue where enabling the WatchGuard rule 'Multiple Firewall Deny to 80 from same IP' would constantly trigger, and even after disabling the rule, the triggers continued. Therefore, we disabled the rule and restarted the service.

SzymonC

Could you please send over screenshot of this rule? I'm wondering if there's connection between rule and misp_ip file.