Alert Wizard

Plugin 3.2.3

Alert Wizard plugin for Graylog to manage the alert rules

dlancelin

free!

Download from Github View on Github 10 22

Published

16 Sep 12:02

Last Push

16 Sep 11:50

Marketplace Rating

No rating yet

Discussion

1 Comments

Readme from Github

Alert Wizard Plugin for Graylog

Alert Wizard plugin for Graylog to manage the alert rules

An alert wizard for configuring alert rules on Graylog.

Perfect for example to configure together and at the same time a stream, an alert condition and a logging alert notification.

Required Graylog version: 3.2.x

Required Graylog plugins:

Graylog and Plugins Version Compatibility

Wizard Plugin Version	Graylog Version	Logging Alert Plugin Version	Aggregation Count Plugin Version	Correlation Count Plugin Version
3.2.x	3.2.x	2.1.x	2.1.x	2.1.x
3.1.x	3.0.x	1.2.x	1.2.x	1.2.x
3.0.x	3.0.x	1.2.x	1.2.x	1.2.x
2.0.x	2.5.x	1.1.x	1.1.x	1.1.x
1.1.x	2.5.x	1.0.x	1.0.x	1.0.x
1.0.0	2.4.x	1.0.x	1.0.x	1.0.x

Upgrading to 3.2.0

Possible issues to Import alert rules from version 3.0.0 or 3.1.0:

The field "grace" (Now display in Graylog and the Wizard as "Execute search every") have to be strictly greater than 0
The Log Body of the notification will not be imported, the default one in the general configuration of the plugin Logging Alert will be use, and have to follow the Notification format (Same as the Email Notification)

Upgrading to 3.0.0

WARNING: The REST API for the Wizard Configuration has changed.

Upgrading to 2.0.0

WARNING: With Wizard plugin in version 2.0.0 and higher you can't import alert rules that have been exported from version 1.X.X.

Upgrading notice:

Import your alert rules from version 1.X.X
Upgrade to version 2.0.0
Export your alert rules in the new format

Installation

Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.

Restart graylog-server and you are done.

Usage

Manage the alert rules

Create an alert rule

Use of lists

WARNING: The first time your create a rule with a list, the Wizard automatically create a lookup with cache and data adapter. But you must manually set up the authorization key with your login:password in base 64 for the data adapter.

The field "Name" should be filled by "Authorization"

The field "Value" should be filled by "Basic" followed by "user:password" in base64 for example "Basic TXlVc2Vy0k15UGFzc3dvcmQK" where TXlVc2Vy0k15UGFzc3dvcmQK is the result of "echo -n 'MyUser:MyPassword'|base64"

MyUser must be a user with admin rights

Build

This project is using Maven 3 and requires Java 8 or higher.

Clone this repository.
Run mvn package to build a JAR file.
Optional: Run mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package respectively.
Copy generated JAR file in target directory to your Graylog plugin directory.
Restart the Graylog.

License

This plugin is released under version 3.0 of the GNU General Public License.

Your Rating

Please sign in to rate this add-on.

Comments

jbilliau 9 months ago

cool concept but i couldnt get it to work. Advanced settings goes to a page cannot be found page. Groups are greyed out along with some other things.

Please sign in to comment.

Back to listing