Installed the Docker Engine on our CentOS VM. I then created the Docker container for our Elastalert.

When running this command:

docker build . -t elastalert2

I was receiving this error:

unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /usr/share/man/man5/Dockerfile: no such file or directory

I then navigated to /usr/share/man/man5 but could not find the Dockerfile. Instead I found Dockerfile.5.gz which I extracted for the Dockerfile.5 file.

However when running the

docker build . -t elastalert2

command again I was receiving the same error. I then renamed the Dockerfile.5 file to Dockerfile and was now receiving a new error, this being:

Sending build context to Docker daemon 1.223MB
Error response from daemon: dockerfile parse error line 1: unknown instruction: .NH

.nh is present at the top of the Dockerfile

That is not a Dockerfile. That’s a manual for Dockerfile so you could run man Dockerfile on Linux to get some documentation.

When you got the error message, exactly which directory were you on the filesystem? I guess it was /usr/share/man/man5 because this is the case when you get the exact same error message that you quoted. Docker simply could not find any “Dockerfile”

So apparently I have no Dockerfile. Other than the Dockerfile manual file, running the command

whereis Dockerfile

comes up with nothing else.

So what do I do?

Please, read the documentation before you rely on a command

whereis is not for searching for files on the filesystem.

whereis --help

Locate the binary, source, and manual-page files for a command.

Dockerfile is not a command

We can’t find the Dockerfile for you. And I am not sure you need one. You started this topic with this

If you want to create a container (which you haven’t done yet apparently) you don’t need to build a docker image. Just follow the instructions in the Elastalert documentation/description

Thank you for the clarification! I just created my container with this command given in the Elastalert documentation:

docker run -d -v /tmp/elastalert.yaml:/opt/elastalert/config.yaml ghcr.io/jertel/elastalert2/elastalert2

Which created this container:

d2c6f331b82481828f7daa9d12a4fab6132dc58a23675f2ef6eb460311baa2e9

I am currently in this directory:

/var/lib/docker/containers/d2c6f331b82481828f7daa9d12a4fab6132dc58a23675f2ef6eb460311baa2e9

But I’m confused on what to do next…

Also it says:

“A properly configured config.yaml file must be mounted into the container during startup of the container.”

Do I put that config.yaml (which will be called /tmp/elastalert.yaml) into the actual container directory (/var/lib/docker/containers/d2c6f331b82481828f7daa9d12a4fab6132dc58a23675f2ef6eb460311baa2e9), or do I put it into /tmp ?

I am currently running that command without a config.

How did you end up in that directory? You make a habit of playing with system folders. Don’t go there! because you could brake your container or even the entire Docker service.

Use docker exec if you want to enter a container. I can see you have a problem with the basics. Try this tutorial: Overview of the get started guide | Docker Docs and start with some simple application before elastalert.

So how do I use docker exec to run Elastalert commands (such as elastalert-create-index) in the container that I created via the docker run command?

Please, read the documentation for that. Everything you need to know is in that. If you don’t understand the documentation after trying for some time, share how you tried and we can tell you what your mistake was.