Is it possible to include message info in a HTTP notification?
I want to dynamically send HTTP notifications by using the message source name. For instance:
URL:http://somesite.com/${message.source}
Thanks in advance!
gsmith
May 26, 2021, 9:37pm
2
Hello and Welcome,
I believe it can be done. I havent used HTTP notifications in my environment but I have done this with Email notifications.
Is this what you refering to as shown below?
https://graylog-server.domain.com:9000/messages/${message.index}/${message.id}
This is the Notification configuration.
--- [Event Definition] ---------------------------
Title: ${event_definition_title}
Description: ${event_definition_description}
Type: ${event_definition_type}
--- [Event] --------------------------------------
Timestamp: ${event.timestamp}
Message: ${event.message}
Source: ${event.source}
Priority: ${event.priority}
Alert: ${event.alert}
Timestamp Processing: ${event.timestamp}
Timerange Start: ${event.timerange_start}
Timerange End: ${event.timerange_end}
Stream URL: ${event.stream_name}
${if stream_url}Stream URL: ${stream_url}${end}
${if backlog}
--- [Backlog] ------------------------------------
Last messages accounting for this alert:
${foreach backlog message}
https://graylog-server.domain.com:9000/messages/${message.index}/${message.id}
User: ${message.fields.TargetUserName}
WorkStation Name: ${message.fields.WorkstationName}
Event Time: ${message.fields.EventReceivedTime}
Source: ${message.source}
Logon Type: ${message.LogonType}
---[backlog end]---------------------------------
${end}
${end}
Hope that helps
Hello gsmith,
Thanks for your reply. I’m indeed referring to the message info you have replied, but it seems this only works for the e-mail notifications. What I want to do is send HTTP notifications to urls which have message information in them.
So for instance; when there are any rsyslog level 0 messages found I want to send a HTTP notification to the url http://somesite?msg=lvl_0_logs_found_from_${message.source} . When there are any rsyslog level 1 messages found; a HTTP notification to http://somesite?msg=lvl_1_logs_found_from_${message.source} etc.
gsmith
May 28, 2021, 4:02am
4
Hello,
Have you seen this?
hello,
I’m trying to pass variables in Alert Configuration. I’ve tried HTTP Callback Alarm
in the form Editing alert configuration :
Title : Test Alert
URL : http://server/graylog.php?info=${message}
I try to pass message or id message : I set with the syntax “${message}”… Is there a way to pass the variable please ?
opened 03:58AM - 17 Nov 20 UTC
closed 06:32PM - 17 Nov 23 UTC
feature
triaged
alerting
[Currently there is no way to change the headers, Method and body of a HTTP POST… notification.](https://docs.graylog.org/en/3.3/pages/alerts.html)
This requires the receiving system to do the translation.
What is needed is an option like the custom E-Mail template.
It should work pretty much like the E-Mail template
The input fields should be
URL: http|https://Server{:port}/path/key/val.......?junk=val
HTTP Method: GET|POST|DELETE|...
Custom Heaaders:
Header: value
X-CustomerToken: value
Body: Same layout as Email Template
## Why?
The receiving system does not accept the default post method body and there is no way to
change it.
Make it just like the Email Template...
Then I can do something like this:
```
<EVENT>
<TITLE>${event_definition_title}</TITLE>
<Description>${event_definition_description}</Description>
<EVENTTYPE>${event_definition_type}</EVENTTYPE>
<Fields>
${foreach event.fields field} <FIELD>${field.key}</FIELD> <VALUE>${field.value}</VALUE>
${end}
</Fields>
...
${foreach backlog message}
<MESSAGE>${message}<MESSAGE>
${end}
</MESSAGES>
${end}
</EVENT>
```
## Your Environment
* Graylog Version: v3.3.8+e223f85, (3.38 OVA)
opened 08:29PM - 11 Feb 18 UTC
closed 04:59PM - 05 Jan 21 UTC
feature
triaged
alerting
Support for HTML email alerts/notifications
## Expected Behavior
Either co… nfigurable or on by default, would be helpful in formatting and general visibility of the alert. As an example, when I want to include the stream URL via ${if stream_url}${stream_url}${end}, the URL will be exceptionally long in some cases. It'd be ideal to be able to format with <a> tags
I looked around for some stuff on this and couldnt find anything (requests, posts on community board, etc)
## Current Behavior
HTML is not rendered because the email is sent with the following headers
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
## Possible Solution
In https://github.com/Graylog2/graylog2-server/blob/master/graylog2-server/src/main/java/org/graylog2/alerts/FormattedEmailAlertSender.java line 171 you could use org.apache.commons.mail.HtmlEmail instead of SimpleEmail. Calling setHtmlMsg and then setTextMsg if users have configured HTML email and their clients dont support it (just an idea)
Although I am wiling to bet that this may cause issues with JMTE due to format and syntax requirements?
## Steps to Reproduce (for bugs)
1. Configure an alert/notification
2. Use HTML in the template
3. Send test email
4. Observe that the email header is text/plain and HTML is not rendered
## Context
## Your Environment
* Graylog Version: 2.4.0
* Operating System: CentOS 7.4
https://docs.graylog.org/en/4.0/pages/plugins/event_notifications.html#example-event-notification
Hello gsmith,
Thank you! I had been searching for an answer on the forum already but didn’t find the thread you’ve replied. That fixes it!
