I have the requirement to watch several thousand URLs to be available (HTTP HEAD > STATUS 200). If some URL fail a URL specific email contact must be alerted.
My current approach would be:
Elastic heartbeat with a configuration for every URL, enriched by metadata about the contact email address to be alerted.
graylog alert to actually send the alerts
To be able to address the right email contact the notification has to be take a parameter from the events source as the receipient.
Ist this possible? If not wouldn’t it be worth implementing this?
Another approach would be:
Create an API for sending alert emails and use the HTTP notification.
Use another toolset instead of heartbeat & graylog
Yes I am aware of the HTTP alert notification . I see this as an alternative. My question was, if i can use an event field as a receipient in the email alert notification.
No it’s no possible, you can define only user account, or specific e-mail address in notification definition.
But I don’t think, that graylog is a right tool for your task. Maybe NMS system like Zabbix is better tool for your requirements. Zabbix has special functionality for web monitoring, it can not only get status of http response, but also text from http response to compare and so on.
I know ZABBIX and this is actually one solution on my list ;-). Since it can be controled by API it would also be nicely integratable.
But since graylog is already set as a central logging solution I thought it would be a fit, also because in combination with elastic heartbeat the setup is quite easy to handle. I am aware though that graylogs alerting feature is not perfect (missing “back to normal” alert).
