Alert Wizard Plugin for Graylog
Alert Wizard plugin for Graylog to manage the alert rules
An alert wizard for configuring alert rules on Graylog.
Perfect for example to configure together and at the same time a stream, an alert condition and a logging alert notification.
Required Graylog version: see compatibility table below for required version
Required Graylog plugins:
Graylog and Plugins Version Compatibility
Upgrading to 3.2.0
|Wizard Plugin Version
||Logging Alert Plugin Version
||Aggregation Count Plugin Version
||Correlation Count Plugin Version
Possible issues to Import alert rules from version 3.0.0 or 3.1.0:
Upgrading to 3.0.0
- The field "grace" (Now display in Graylog and the Wizard as "Execute search every") have to be strictly greater than 0
- The Log Body of the notification will not be imported, the default one in the general configuration of the plugin
will be use, and have to follow the Notification format
(Same as the Email Notification)
Upgrading to 2.0.0
WARNING: The REST API for the Wizard Configuration has changed.
WARNING: With Wizard plugin in version 2.0.0 and higher you can't import alert rules that have been exported from version 1.X.X.
- Import your alert rules from version 1.X.X
- Upgrade to version 2.0.0
- Export your alert rules in the new format
Download the plugin
and place the
.jar file in your Graylog plugin directory. The plugin directory
plugins/ folder relative from your
graylog-server directory by default
and can be configured in your
Manage the alert rules
graylog-server and you are done.
Create an alert rule
Use of lists
WARNING: The first time your create a rule with a list, the Wizard automatically create a lookup with cache and data adapter. But you must manually set up the authorization key with your login:password in base 64 for the data adapter.
The field "Name" should be filled by "Authorization"
The field "Value" should be filled by "Basic" followed by "user:password" in base64 for example "Basic TXlVc2Vy0k15UGFzc3dvcmQK" where TXlVc2Vy0k15UGFzc3dvcmQK is the result of "echo -n 'MyUser:MyPassword'|base64"
MyUser must be a user with admin rights
This project is using Maven 3 and requires Java 8 or higher.
- Clone this repository.
mvn package to build a JAR file.
- Optional: Run
mvn jdeb:jdeb and
mvn rpm:rpm to create a DEB and RPM package respectively.
- Copy generated JAR file in target directory to your Graylog plugin directory.
- Restart the Graylog.
This plugin is released under version 3.0 of the GNU General Public License.