I have a quick question. Imagine the following scenario.
Two Office’s -
Main Office 200 users plus infratsructure
Branch Office - 50 users plus infrastructure
The offices are connected by a link but it does not have significant bandwidth.
I want to install Graylog in both locations and I want the log in the branch office to be stored at that location, so that the logs do not travel across the link between the offices.
My question is this, is there a way to send alerts from the Graylog instance in the branch office to the main Office? Can the http post alarm callback be used to register brach office alarm in the main office.
Obviously, I could use the email alarm to send emails but I would prefer to have the alarms all register in one place i.e central office.
how you send out alerts depends on your plugins and configuration. But Graylog is not able to receive alerts via http callback and act on them.
You would need to rethink how you handle alerts and could create a stream that only receive messages if you want to alert on that.
This specific alert stream is then forwarded to the main office and you receive only a small amount of messages but have all alerts central.
