Sending the desired logs via e-mail in Graylog

mustafa · December 13, 2022, 2:24pm

Hi everyone,

I want to send only the “new user created” and “a user deleted” logs among the logs that I have taken using graylog.

I can send e-mail to the address I specified at the moment, but this process does not work properly.
When I forward the logs to my own e-mail address, about 100 e-mails are received within 1 minute.
I also want to add information such as the IP address of my server and the name of the created user in this e-mail.

I am using 4.2.13-1 version of graylog.
My logs coming from windows server 2016 vm
I am using nxlog for taking the logs

I created the event and notification but I think they not work properly neither

I think I am missing something

Thank you in advance for your help

ihe · December 13, 2022, 4:22pm

Hi @mustafa
I think in the first place you will need to get your events right. Make sure, you have only the right messages filtered in your event definition.
The second step you already took: attaching a notification to an event makes this to an alert.

If you want to include fields from the message alerting you you will need to use the “Field”-Tab in the event-definition. To make sure you have unique values in those fields you need to group by them in the “Filter and Aggregation”-Tab.

system · December 27, 2022, 4:23pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog does not send one type of log to an email Graylog Central (peer support)	12	670	March 10, 2022
Sending Email Summary of Events Graylog Central (peer support) alert	4	263	June 15, 2023
Windows event security log Graylog Central (peer support)	1	792	January 10, 2019
Graylog Alerting issue Graylog Central (peer support)	1	297	March 6, 2019
Alerts email quickly Graylog Central (peer support)	14	1277	November 29, 2019

Sending the desired logs via e-mail in Graylog

Related Topics