This plugin can be used for connecting Graylog alerts to the Prometheus AlertManager.
The plugin development is based on Graylog2/graylog-plugin-sample which is mentioned in the Graylog plugin documentation.
You are using a Graylog for checking the logs for errors, a Prometheus for checking the service metrics and you would like to organize your alerts with a AlertManager you need to get your Graylog alerts into the AlertManager. This plugin provides the possibility to send your Graylog notifications with a AlertManager-Callback to your AlertManager.
The plugin uses the /api/v1/alerts endpoint of AlertManager. You can find some documentation about this endpoint here.
The plugin provides the AlertManager several information out of the box:
stream_title- The title of the stream triggering the alert condition in Graylogtriggered_at- The time of triggering the alert condition in Graylogtriggered_rule_description- The generated rule description of triggered alert condition in Graylogtriggered_rule_title- The title of alert condition rule in Graylog
All of those information will be added as annotation.
The values startsAt, endsAt and generatorURL will be transmitted to the AlertManager as well.
startsAt will be set to the point of time when the condition triggered the alert.
endsAt will be set to the point of time when the condition triggered the alert plus the set grace time which is configured for the alert.
Additionally you can configure your own custom annotations and labels which should be submitted to the AlertManager (see screenshot below). You can use the JMTE Template as you might already know from the Graylog E-Mail Notification Callback.
List of provided keys you can use inside JMTE Templates:
stream_url- The stream url.stream- The specific stream object. There you can use the properties of the stream object e.g.stream.titlealertCondition- The specific triggered alert condition. There you can use the properties of the alert condition oject e.g.alertCondition.createdAtcheck_result- The specific check result. There you can use the properties of the check result object e.g.check_result.triggeredAtbacklog- A list containing messages matching the triggered condition if any. You can iterate through them with${foreach backlog message}${message} ${end}backlog_size- The amount of matching messages.
You can easily build the plugin by executing ./gradlew build -x check --no-daemon.
Afterwards there should be a .jar file inside the build/libs/ directory.
Follow the instructions mentioned here to deploy this .jar file.
You would like to contribute anything? - Take a look at CONTRIBUTING.md.
- The test alert will not be shown in AlertManager
- When clicking on
Testto test your callback configuration it will show a green ok bar when everything is fine but the alert will not be shown in the AlertManager - You have to create a stream with a alert condition to test the callback alert in AlertManager
- When clicking on
You would like to contribute anything? - Take a look at CONTRIBUTING.md.
See LICENSE
Copyright (c) 2019 G DATA CyberDefense AG and other authors.