GrayLog 6 - Source Alert

pmarko · June 13, 2024, 1:23pm

Hello everyone,

My setup - graylog 6.0.3
I have a firewall stream and in this stream 10 firewalls send the logs
Now I would like to know, when a firewall no longer send logs?

I would like to receive an alarm message - SMS or notification

How can I best implement this?
Suggestions?

Thanks!

patrickmann · June 14, 2024, 10:01am

pmarko · June 18, 2024, 11:19am

Thanks, but how can I trigger an alert from an event?

thx

patrickmann · June 18, 2024, 11:58am

https://go2docs.graylog.org/current/interacting_with_your_log_data/alerts.html

frantz · June 19, 2024, 2:58pm

The links provided by @patrickmann will help you to create an alert if the Stream has no log, which means all firewall stopped to send logs.
Unfortunately as far as I know it isn’t possible to create a rule to be alerted if only one firewall stop to send logs (or you need to create a specific rule for each firewall but it’s really not handy)

pmarko · June 21, 2024, 7:56am

Can anyone tell me what is meant by GrayLog Cluster Alert ?

thx

system · July 5, 2024, 7:57am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Send mail when Log Input stops Graylog Central (peer support) alert	2	235	November 6, 2023
GrayLog 5 and Alerts Graylog Central (peer support)	3	365	June 30, 2023
Event definitions and alert if no logs graylog 3.2.5 Graylog Central (peer support)	3	1110	June 26, 2020
Monitoring whether the source is sending logs Graylog Central (peer support) alert	3	199	December 22, 2023
Alerts not working Graylog Central (peer support)	3	968	July 21, 2020

GrayLog 6 - Source Alert

Related topics