Hi, guys
I have a question about installing the Alert Wizard plugin for Graylog
Is this plugin specific to the Enterprise version of Graylog?
I went step by step with the link below and I didn’t get any error, but this plugin doesn’t activate for Graylog version 3.1
From what I read here && Here
I noticed the following under “results” below. I personally don’t use this plugin so I’m not 100% sure it will work, but I would think if its not working something should be in the logs.
Results:
using GL Node version 3.1
graylog-plugin-aggregation-count-1.2.2.jar <–OK
graylog-plugin-collector-3.1.4.jar
graylog-plugin-threatintel-3.1.4.jar
graylog-plugin-alert-wizard-3.0.0.jar <— 3.1 Upgrade
graylog-plugin-correlation-count-1.2.0.jar ← Ok
graylog-plugin-aws-3.1.4.jar
graylog-plugin-logging-alert-1.2.0.jar <— 1.3 upgrade
You can post to the person that created it either here or on GitHub.
As I said in Alert Wizard plugin for Graylog to manage the alert rules - #4 by frantz there is no Wizard version compatible with Graylog v3.1.
I would recommend you to upgrade Graylog to v4.2 and take the lastest Wizard version.
We’ll soon release a Wizard version compatible with Graylog 4.3.
To answer your first question it’s not related with Graylog Enterprise, it’s an open source plugin developped by Airbus CyberSecurity.
This plugin was initially developped because it was a pain to create a correlation rule in Graylog, first you had to create a Stream to filter logs (you couldn’t set a search query directly in the rule), then you had to create an event definition and finally a notification. Thanks to this plugin you can configure main things on one page and it creates everything in backend.
Nowadays Graylog has really been improved on these points and has its own wizard. But this plugin is still useful.