Notification on rotation failure

My Graylog node was logging “Deflector is pointing to [gl-system-events_6], not the newest one: [gl-system-events_7]. Re-pointing.” for a long time before I noticed.

How can I get notified of this error by email?


That message should be in the log file/s and indexed in Elasticsearch. If this is correct, then you can create a Stream /w Event Definition to send the email alert.

It’s in the docker log, and the system messages when I look at the overview, but I don’t see it in any of the indices.

Sorry I’m not very good with docker, but I would try to get those logs from your docker container and indexed into elasticsearch. Not sure if your using Rsyslog, Nxlog, or graylog-sidecar.
That would be the easiest way I know.

Maybe something here might help get the Docker log/s into Graylog.

