Docker container keeps randomly stopping

I am running this command to create and run a docker container in a CentOS VM:

docker run -d -v /tmp/elastalert.yaml:/opt/elastalert/config.yaml ghcr.io/jertel/elastalert2/elastalert2

My container starts and I can see it running with the docker ps command. However after a few minutes the container is no longer present in the docker ps command. I have used the docker start command to start the container back up, but still after a few minutes it stops again. Can anyone help?

Have you checked the container logs?

These are the logs that were generated after starting the container and then having it stop on its own:

Dec 13 20:13:50 ELK-Stack.uhtasi.local dockerd[4123]: time="2021-12-13T20:13:49.771006557-10:00" level=info msg="ignoring event" container=312195d30815db552a1d553421b304559587a81ab5410887fd4ef46f176a051f module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"

Dec 13 20:15:02 ELK-Stack.uhtasi.local dockerd[4123]: time="2021-12-13T20:15:02.153181893-10:00" level=info msg="ignoring event" container=312195d30815db552a1d553421b304559587a81ab5410887fd4ef46f176a051f module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
(END)

Also these are the logs from the docker logs 312195d30815db552a1d553421b304559587a81ab5410887fd4ef46f176a051f/ command:

(312195d30815db552a1d553421b304559587a81ab5410887fd4ef46f176a051f is the container name)

Traceback (most recent call last) :
  File "/usr/local/bin/elastalert-create-index", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.10/site-packages/elastalert/create_index.py", line 224, in main
    host = args.host if args.host else input('Enter Elasticsearch host: ')
EOFError: EOF when reading a line
Enter Elasticsearch host: Traceback (most recent call last) :
  File "/usr/local/bin/elastalert-create-index", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.10/site-packages/elastalert/create_index.py", line 224, in main
    host = args.host if args.host else input('Enter Elasticsearch host: ')
EOFError: EOF when reading a line
Enter Elasticsearch host:

It looks like it tries to ask for the elasticsearch host. Can you share the configuration file?

1 Like

Here is my elastalert.yaml’s contents:

# This is the folder that contains the rule yaml files
# This can also be a list of directories
# Any .yaml file will be loaded as a rule
   rules_folder: /etc/elastalert/elastalert_rules

# How often ElastAlert will query Elasticsearch
# The unit can be anything from weeks to seconds
   run_every:
     minutes: 1

# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
   buffer_time:
     minutes: 15

# The Elasticsearch hostname for metadata writeback
# Note that every rule can have its own Elasticsearch host
   es_host: 10.100.10.36

# The Elasticsearch port
   es_port: 9200

# The AWS region to use. Set this when using AWS-managed elasticsearch
   #aws_region: us-east-1

# The AWS profile to use. Use this if you are using an aws-cli profile.
# See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
# for details
   #profile: test

# Optional URL prefix for Elasticsearch
#   es_url_prefix: elasticsearch

# Optional prefix for statsd metrics
   statsd_instance_tag: elastalert

# Optional statsd host
   #statsd_host: dogstatsd

# Connect with TLS to Elasticsearch
   use_ssl: False

# Verify TLS certificates
   verify_certs: False

# Show TLS or certificate related warnings
   ssl_show_warn: True

# GET request with body is the default option for Elasticsearch.
# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
# for details
   es_send_get_body_as: GET

# Option basic-auth username and password for Elasticsearch
   es_username: elastic
   es_password: changeme

# Use SSL authentication with client certificates client_cert must be
# a pem file containing both cert and key for client
   #ca_certs: /path/to/cacert.pem
   #client_cert: /path/to/client_cert.pem
   #client_key: /path/to/client_key.key

# The index on es_host which is used for metadata storage
# This can be a unmapped index, but it is recommended that you run
# elastalert-create-index to set a mapping
   writeback_index: elastalert_status

# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
   alert_time_limit:
       days: 2

# Optional timestamp format.
# ElastAlert will print timestamps in alert messages and in log messages using this format.
   #custom_pretty_ts_format: '%Y-%m-%d %H:%M'

# Custom logging configuration
#
#If you want to setup your own logging configuration to log into
# files as well or to Logstash and/or modify log levels, use
# the configuration below and adjust to your needs.
# Note: if you run ElastAlert with --verbose/--debug, the log level of
# the "elastalert" logger is changed to INFO, if not already INFO/DEBUG.
#       #logging:
#       #  version: 1
#       #  incremental: false
#       #  disable_existing_loggers: false
#       #  formatters:
#       #    logline:
#       #      format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s'
#       #
#       #  handlers:
#       #    console:
#       #      class: logging.StreamHandler
#       #      formatter: logline
#       #      level: DEBUG
#       #      stream: ext://sys.stderr
#       #
#       #    file:
#       #      class : logging.FileHandler
#       #      formatter: logline
#       #      level: DEBUG
#       #      filename: elastalert.log
#       #
#       #  loggers:
#       #    elastalert:
#       #      level: WARN
#       #      handlers: []
#       #      propagate: true
#       #
#       #    elasticsearch:
#       #      level: WARN
#       #      handlers: []
#       #      propagate: true
#       #
#       #    elasticsearch.trace:
#       #      level: WARN
#       #      handlers: []
#       #      propagate: true
#       #
#       #    '':  # root logger
#       #      level: WARN
#       #      handlers:
#       #        - console
#       #        - file
#       #      propagate: false

Your configuration contains the hostname. I tried it and got a different error message. The container tried to access elasticsearch but could not find the IP address obviously.

Then I tried with an empty config file and got the same message. Are you sure source path of the configuration file is correct?