Alert Wizard
Plugin 4.1.0
Alert Wizard plugin for Graylog to manage the alert rules
@dlancelin
Alert Wizard Plugin for Graylog
Alert Wizard plugin for Graylog to manage the alert rules
An alert wizard for configuring alert rules on Graylog.
Perfect for example to configure together and at the same time a stream, an alert condition and a logging alert notification.
Required Graylog version: see compatibility table below for required version
Required Graylog plugins:
Graylog and Plugins Version Compatibility
| Wizard Plugin Version | Graylog Version | Logging Alert Plugin Version | Aggregation Count Plugin Version | Correlation Count Plugin Version |
|---|---|---|---|---|
| 4.1.x | 4.2.x | 4.1.x | 4.1.x | 4.1.x |
| 4.0.x | 4.1.x | 4.0.x | 4.0.x | 4.0.x |
| 3.3.x | 3.3.x | 2.2.x | 2.2.x | 2.2.x |
| 3.2.x | 3.2.x | 2.1.x | 2.1.x | 2.1.x |
| 3.1.x | 3.0.x | 1.2.x | 1.2.x | 1.2.x |
| 3.0.x | 3.0.x | 1.2.x | 1.2.x | 1.2.x |
| 2.0.x | 2.5.x | 1.1.x | 1.1.x | 1.1.x |
| 1.1.x | 2.5.x | 1.0.x | 1.0.x | 1.0.x |
| 1.0.0 | 2.4.x | 1.0.x | 1.0.x | 1.0.x |
Upgrading to 3.2.0
Possible issues to Import alert rules from version 3.0.0 or 3.1.0:
- The field âgraceâ (Now display in Graylog and the Wizard as âExecute search everyâ) have to be strictly greater than 0
- The Log Body of the notification will not be imported, the default one in the general configuration of the plugin Logging Alert will be use, and have to follow the Notification format (Same as the Email Notification)
Upgrading to 3.0.0
WARNING : The REST API for the Wizard Configuration has changed.
Upgrading to 2.0.0
WARNING : With Wizard plugin in version 2.0.0 and higher you canât import alert rules that have been exported from version 1.X.X.
Upgrading notice:
- Import your alert rules from version 1.X.X
- Upgrade to version 2.0.0
- Export your alert rules in the new format
Installation
Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.
Restart graylog-server and you are done.
Usage
Manage the alert rules
Create an alert rule
Use of lists
WARNING : The first time your create a rule with a list, the Wizard automatically create a lookup with cache and data adapter. But you must manually set up the authorization key with your login:password in base 64 for the data adapter.
The field âNameâ should be filled by âAuthorizationâ
The field âValueâ should be filled by âBasicâ followed by âuser:passwordâ in base64 for example âBasic TXlVc2Vy0k15UGFzc3dvcmQKâ where TXlVc2Vy0k15UGFzc3dvcmQK is the result of âecho -n âMyUser:MyPasswordâ|base64â
Instead of a user and its password you can also use a token. Use the tokenâs value as username and use the word âtokenâ as password. For example if the tokenâs value is supertoken1234567890: âecho -n âsupertoken1234567890:tokenâ|base64â
MyUser must be a user with admin rights
Build
This project is using Maven 3 and requires Java 8 or higher.
- Clone this repository.
- Run
mvn packageto build a JAR file. - Optional: Run
mvn jdeb:jdebandmvn rpm:rpmto create a DEB and RPM package respectively. - Copy generated JAR file in target directory to your Graylog plugin directory.
- Restart the Graylog.
License
This plugin is released under version 1 of the Server Side Public License (SSPL).
