How powerful are Graylog alerts?


I would like to know if it is possible to use the graylog alert system to detect DDOS attacks (more than x requests coming from the same IP in 10 minutes) or a number of connection attempts too important for a user (a user ID that tries 10 passwords in less than 5 or 10 minutes)

I have explored graylog alerts and I have the feeling that they are based exclusively on whether a line contains a string or not. So I wonder if graylog can meet my need.


Ya very common to write alerts like this, you want to do an aggregation with a group by Alerts and Events

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.