Alert Wizard Plugin for Graylog
Alert Wizard plugin for Graylog to manage the alert rules
An alert wizard for configuring alert rules on Graylog.
Perfect for example to configure together and at the same time a stream, an alert condition and a logging alert notification.
Required Graylog version: see compatibility table below for required version
Required Graylog plugins:
Graylog and Plugins Version Compatibility
| Wizard Plugin Version |
Graylog Version |
Logging Alert Plugin Version |
Aggregation Count Plugin Version |
Correlation Count Plugin Version |
| 4.1.x |
4.2.x |
4.1.x |
4.1.x |
4.1.x |
| 4.0.x |
4.1.x |
4.0.x |
4.0.x |
4.0.x |
| 3.3.x |
3.3.x |
2.2.x |
2.2.x |
2.2.x |
| 3.2.x |
3.2.x |
2.1.x |
2.1.x |
2.1.x |
| 3.1.x |
3.0.x |
1.2.x |
1.2.x |
1.2.x |
| 3.0.x |
3.0.x |
1.2.x |
1.2.x |
1.2.x |
| 2.0.x |
2.5.x |
1.1.x |
1.1.x |
1.1.x |
| 1.1.x |
2.5.x |
1.0.x |
1.0.x |
1.0.x |
| 1.0.0 |
2.4.x |
1.0.x |
1.0.x |
1.0.x |
Upgrading to 3.2.0
Possible issues to Import alert rules from version 3.0.0 or 3.1.0:
- The field "grace" (Now display in Graylog and the Wizard as "Execute search every") have to be strictly greater than 0
- The Log Body of the notification will not be imported, the default one in the general configuration of the plugin
Logging Alert
will be use, and have to follow the Notification format
(Same as the Email Notification)
Upgrading to 3.0.0
WARNING: The REST API for the Wizard Configuration has changed.
Upgrading to 2.0.0
WARNING: With Wizard plugin in version 2.0.0 and higher you can't import alert rules that have been exported from version 1.X.X.
Upgrading notice:
- Import your alert rules from version 1.X.X
- Upgrade to version 2.0.0
- Export your alert rules in the new format
Installation
Download the plugin
and place the .jar file in your Graylog plugin directory. The plugin directory
is the plugins/ folder relative from your graylog-server directory by default
and can be configured in your graylog.conf file.
Restart graylog-server and you are done.
Usage
Manage the alert rules
Create an alert rule
Use of lists
WARNING: The first time your create a rule with a list, the Wizard automatically create a lookup with cache and data adapter. But you must manually set up the authorization key with your login:password in base 64 for the data adapter.
The field "Name" should be filled by "Authorization"
The field "Value" should be filled by "Basic" followed by "user:password" in base64 for example "Basic TXlVc2Vy0k15UGFzc3dvcmQK" where TXlVc2Vy0k15UGFzc3dvcmQK is the result of "echo -n 'MyUser:MyPassword'|base64"
Instead of a user and its password you can also use a token.
Use the token's value as username and use the word "token" as password.
For example if the token's value is supertoken1234567890:
"echo -n 'supertoken1234567890:token'|base64"
MyUser must be a user with admin rights
Build
This project is using Maven 3 and requires Java 8 or higher.
- Clone this repository.
- Run
mvn package to build a JAR file.
- Optional: Run
mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package respectively.
- Copy generated JAR file in target directory to your Graylog plugin directory.
- Restart the Graylog.
License
This plugin is released under version 1 of the Server Side Public License (SSPL).
dlancelin
free!
jbilliau
about 2 years
ago
Is there a 4.0.x version? I am only seeing 3.3.0 on the Github page.