How powerful are Graylog alerts?

mobarzik · April 11, 2023, 10:26am

Hello,

I would like to know if it is possible to use the graylog alert system to detect DDOS attacks (more than x requests coming from the same IP in 10 minutes) or a number of connection attempts too important for a user (a user ID that tries 10 passwords in less than 5 or 10 minutes)

I have explored graylog alerts and I have the feeling that they are based exclusively on whether a line contains a string or not. So I wonder if graylog can meet my need.

Thanks

Joel_Duffield · April 11, 2023, 11:57am

Ya very common to write alerts like this, you want to do an aggregation with a group by Alerts and Events

system · April 25, 2023, 11:58am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Tuning Graylog Email Alerts Graylog Central (peer support)	3	354	October 29, 2018
Graylog alerts and notifications Graylog Central (peer support)	2	457	October 24, 2019
Graylog 3.2 alert when host drops off Graylog Central (peer support)	2	369	September 3, 2020
GrayLog 5 and Alerts Graylog Central (peer support)	3	261	June 30, 2023
Properly setting up an alert Graylog Central (peer support)	1	513	March 1, 2019

How powerful are Graylog alerts?

Related Topics