Graylog alerts from a branch office

Magneton · January 8, 2018, 12:06pm

Hi All,

I have a quick question. Imagine the following scenario.

Two Office’s -
Main Office 200 users plus infratsructure
Branch Office - 50 users plus infrastructure

The offices are connected by a link but it does not have significant bandwidth.

I want to install Graylog in both locations and I want the log in the branch office to be stored at that location, so that the logs do not travel across the link between the offices.

My question is this, is there a way to send alerts from the Graylog instance in the branch office to the main Office? Can the http post alarm callback be used to register brach office alarm in the main office.

Obviously, I could use the email alarm to send emails but I would prefer to have the alarms all register in one place i.e central office.

Any helps

Cheers

Jake

jan · January 8, 2018, 3:16pm

Hi @Magneton

how you send out alerts depends on your plugins and configuration. But Graylog is not able to receive alerts via http callback and act on them.

You would need to rethink how you handle alerts and could create a stream that only receive messages if you want to alert on that.
This specific alert stream is then forwarded to the main office and you receive only a small amount of messages but have all alerts central.

Magneton · January 8, 2018, 4:11pm

Hi Jan,

So I might i send an alert from the branch office graylog to the main graylog?

Which output plugin would I use to forward the alert?

Am I mising / not understanding something?

Jake

jan · January 8, 2018, 4:52pm

no plugin is used with that.

you create a stream, all messages you want to get a alert on should be routed in that stream.

That stream is forwarded to the main office via gelf output of the stream to a gelf input in your main office.

Magneton · January 8, 2018, 7:44pm

Hi Jan,

I was hoping to send over just the alerts to the office. I don’t want to send all the stream traffic as I have some semi verbose log sources.

I will look at using Slack maybe to get alerting to teams.

Looking at the API , it seems that there is no way to create an alert programmatically. Would this be a good feature suggestions in your view.

Jake

jan · January 9, 2018, 8:46am

it sound like you look for something like Icinga, Opsgenie or Pagerduty (just to name a few).

That is not in focus of Graylog and will never.

system · January 23, 2018, 8:46am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Best way to "forward" logs to another system for additional routing/alerting Graylog Central (peer support)	5	787	April 5, 2018
Alert notification setup assistance Graylog Central (peer support)	3	277	October 29, 2020
To stream graylog email alerts into nagios Graylog Central (peer support)	3	406	June 25, 2021
Http alarm callback Graylog Central (peer support)	6	1401	February 6, 2018
Post alert messages to a Graylog Stream using the Graylog Api Graylog Central (peer support)	5	2018	July 2, 2018

Graylog alerts from a branch office

Related Topics