Best way to "forward" logs to another system for additional routing/alerting

rayterrill · March 21, 2018, 5:11pm

The Graylog alerting mechanisms in the current release are not super flexible.

We’ve built an alert that sends messages from a stream to a HTTP callback which is running some NodeJS code for additional routing and alerting.

I was just wondering if there was a better way.

I looked at the Graylog Outputs, but there doesn’t appear to be a HTTP output or GELF HTTP output available in either core or the marketplace.

Is anyone else doing this and have a slicker approach that I’m not thinking of?

Cheers,
-Ray

jochen · March 22, 2018, 8:16am

You can always write your own plugins for these.

rayterrill · March 22, 2018, 2:05pm

Right. But unfortunately my Java skills are nonexistent.

Would it be worth putting in a feature request for an HTTP Stream Output or maybe a HTTP GELF Output to be added to Core? I think that could be beneficial for a ton of people. It sort of already exists at the alert notification level and I’m using it there, just not at the Streams level.

jochen · March 22, 2018, 2:23pm

Please contact our sales team via https://www.graylog.org/contact-sales or sales@graylog.com to discuss the possibility to sponsor a feature for one of the next Graylog versions.

rayterrill · March 22, 2018, 2:32pm

I’ll see what I can do with that internally. We’re government so that could be a little tricky. I may put a feature request in on github in the meantime as a placeholder. Thanks for all your help mate.

system · April 5, 2018, 2:32pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.