How powerful are Graylog alerts?

mobarzik · April 11, 2023, 10:26am

Hello,

I would like to know if it is possible to use the graylog alert system to detect DDOS attacks (more than x requests coming from the same IP in 10 minutes) or a number of connection attempts too important for a user (a user ID that tries 10 passwords in less than 5 or 10 minutes)

I have explored graylog alerts and I have the feeling that they are based exclusively on whether a line contains a string or not. So I wonder if graylog can meet my need.

Thanks

Joel_Duffield · April 11, 2023, 11:57am

Ya very common to write alerts like this, you want to do an aggregation with a group by Alerts and Events

system · April 25, 2023, 11:58am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Tuning Graylog Email Alerts Graylog Central (peer support)	3	392	October 29, 2018
Graylog notification for alerts Graylog Central (peer support) alert	2	68	June 11, 2024
Graylog alerts and notifications Graylog Central (peer support)	2	553	October 24, 2019
Graylog 3.2 alert when host drops off Graylog Central (peer support)	2	426	September 3, 2020
GrayLog 5 and Alerts Graylog Central (peer support)	3	366	June 30, 2023

How powerful are Graylog alerts?

Related topics