Hi folks,
I’m starting in Graylog and I want tell that is great this tools. I’m trying do some things like execute rule but in order but I can’t do It.
So I want create this rule for example:
This idea is for:
I don’t see the way do It, sorry but I’m new in Graylog.
Thank you
with the current release it is not possible - but 3.1 will move into this direction and make it possible.
ETA - August this year
Great Jan! Thank you for reply!!
This plugin is exactly what you need: https://github.com/airbus-cyber/graylog-plugin-correlation-count
Hi Frantz
Yes, i’ve seen the plugin but i think this plugin not works for order. Do you test this plugin for “order” sequential (one, then two, etc…)???
Regards
This plugin works for order.
If it doesn’t please open an issue: https://github.com/airbus-cyber/graylog-plugin-correlation-count/issues
You can easily do “one then two”.
If you want “one then two then three” you need to add another plugin (https://github.com/airbus-cyber/graylog-plugin-logging-alert) which generates a log for “one then two”, so you can use this genrated log to do “then three”.
I’ll check that Frantz.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
