What type should I choose for my add-on?

Hi everyone.

I am building an Oracle to Graylog solution, that will integrate Oracle audit events with Graylog. This solution is based on two main components:

  1. Oracle side - a full Oracle deployment, PL/SQL package and objects (tables and a Scheduler job), that will retrieve audit records and deliver them to Graylog via GELF TCP Input - push mode.
  2. Graylog side - a collection of dashboards, alerts, reports, (optionally) streams.

And I intend to upload them to Marketplace as two separate projects. These two components are logically separated, because the first is independent from the second, one can choose just to have the Oracle audit events and built his own dashboards, alerts …; while the second can also be independent from the first as one can choose to retrieve the audit events from Oracle via a JDBC on Graylog/logstash - in pull mode; and a such not to use the first component.

While I am clear that the second component should be uploaded at Marketplace as a “Content Pack”, I am unclear for the first. Clearly the first component look not a simple GELF library, the Plugin type looks to fit for things residing inside Graylog (while this component is inside Oracle), and the “Other Solutions” type talks about “guide/configuration” - while the case is a Development PL/SQL package and Oracle objects (tables), not a guide and not just a configuration of Oracle - but a development.

What Marketplace type should I choose for the first component:
GELF library, Plugin or Other Solution?

best regards


If the Content Pack is built around Oracle using GELF then I would go with "Other’ unless there is a category for Oracle . I personally haven’t uploaded to GL Market.

thank you very much @gsmith

The second component, Graylog-side, dashboards, reports, alerts … that is clearly a Content Pack.

I am unsure how to clasify the first component - the solution that runs Oracle-side, within the DB, and manages the delivery of audit events - push mode - toward Graylog. And which it is NOT a Content Pack as it resides outside of Graylog

The question is: what can the first component be?

Options remaining are:

Plugin - as far as I have seen plugins do reside only within Graylog, while in my case it is out of Graylog, and within the DB.

GELF library - it could be called a library, in the sense that it maps audit field names and content to
JSON syntax for GELF. But it has also operational features, when managing collection of latest events and delivery to Graylog. Thus it is an “operational software” - and not just a library

Other solutions - here I got the impression that it is beeing talked only for guides (page URL: /addons?kind=guide) and documents that describe how to configure a certain system to produce events for Graylog. In my case I am not configuring things in Oracle, I am deploying a software piece within it.

I would be happy to have see an explanation of the four types Graylog add-ons can be. I have searched long but not found.

best regards


I think @tmacgbay has done this before., he might able to help with directing you or another community member. Sorry I cant give a direct answer.

First thing to note is that the Graylog Marketplace is really a thin front end to Github. Most definitely build up your project(s) in Github with all documentation and when you are ready to present, then add it into Marketplace… because once you add something to Marketplace you can NOT change it.

Marketplace needs some work. I wouldn’t worry about which section you put it in too much, I personally search from the tags. If you are making it one large project then use “Other”. :upside_down_face:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.