Best way to "forward" logs to another system for additional routing/alerting

rayterrill · 2018-03-21 17:11:50 UTC

The Graylog alerting mechanisms in the current release are not super flexible.

We’ve built an alert that sends messages from a stream to a HTTP callback which is running some NodeJS code for additional routing and alerting.

I was just wondering if there was a better way.

I looked at the Graylog Outputs, but there doesn’t appear to be a HTTP output or GELF HTTP output available in either core or the marketplace.

Is anyone else doing this and have a slicker approach that I’m not thinking of?

Cheers,
-Ray

jochen · 2018-03-22 08:16:18 UTC

You can always write your own plugins for these.

rayterrill · 2018-03-22 14:05:46 UTC

Right. But unfortunately my Java skills are nonexistent.

Would it be worth putting in a feature request for an HTTP Stream Output or maybe a HTTP GELF Output to be added to Core? I think that could be beneficial for a ton of people. It sort of already exists at the alert notification level and I’m using it there, just not at the Streams level.

jochen · 2018-03-22 14:23:03 UTC

Please contact our sales team via https://www.graylog.org/contact-sales or sales@graylog.com to discuss the possibility to sponsor a feature for one of the next Graylog versions.

rayterrill · 2018-03-22 14:32:42 UTC

I’ll see what I can do with that internally. We’re government so that could be a little tricky. I may put a feature request in on github in the meantime as a placeholder. Thanks for all your help mate.

system · 2018-04-05 14:32:50 UTC

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.