[graylog2] Re: Graylog Training Courses
any news on this? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a89a9381-8783-4e47-89ac-7c1df71d34ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: email callback and message.source..
ok, I am to stupid for this.. the body looks like: ## Alert Description: ${check_result.resultDescription} Date: ${check_result.triggeredAt} Stream ID: ${stream.id} Stream title: ${stream.title} Stream description: ${stream.description} ${if stream_url}Stream URL: ${stream_url}${end} source= ${message.source} messagefield= ${message.fields.ssh_login_username} Triggered condition: ${check_result.triggeredCondition} ## ${if backlog}Last messages accounting for this alert: ${foreach backlog message}${message} ${end}${else} ${end} but i get: ## Alert Description: Stream received messages matching (Current grace time: 0 minutes) Date: 2016-06-30T10:11:27.213Z Stream ID: 57692df6e4b02d1805abd229 Stream title: ssh success logins Stream description: successfull ssh logins Stream URL: Please configure 'transport_email_web_interface_url' in your Graylog configuration file. source= messagefield= Triggered condition: 28483061-1db9-4676-9b81-6aacc653b1f9: FIELD_CONTENT_VALUE={field: ssh_login_username, value: root}, stream:={ 57692df6e4b02d1805abd229: "ssh success logins"} ## -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a387a959-e206-4912-856c-902dd07406a1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: email callback and message.source..
Hi Jochen, sorry for my bad english. I've a Stream, and i want a message if root is logged in via ssh (that works fine) but i want to see in the email the source/server where the message come from (sshserver1, sshserver2,etc) bests Stefan -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8e8572d5-11a4-4090-a83b-c0dbf145785b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: email callback and message.source..
Hi Jochen, ok if I understand it correct, it is not possible to alert me if root as been logged in, because no backlog exist, right? best regards Stefan -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/572fe4cb-bff0-40cc-b457-85ffda6af9ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: email callback and message.source..
Hi Jochen, ok if I understand it correct, it is not possible to alert me if root as been logged in, because no backlog exist, right? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/c9964271-e77b-49e5-973a-567007d2e3cb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] email callback and message.source..
Hello I've create a stream and an alert with email-call back, that works, but not all variables are filled, here the callback: body: ## Alert Description: ${check_result.resultDescription} Date: ${check_result.triggeredAt} Stream ID: ${stream.id} Stream title: ${stream.title} Stream description: ${stream.description} ${if stream_url}Stream URL: ${stream_url}${end} Triggered condition: ${check_result.triggeredCondition} ## ${if backlog}Last messages accounting for this alert: ${foreach backlog message}${message} ${end}${else} ${end} sender: sys...@mydomain.de subject: root logged in on ${message.source} but ${message.source} is empty, but why? thanks for help! PS: is it possible to get special fields in this email? for example message.ssh_login_username or other fields? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/37a098f6-f38c-4502-a4ba-535389db704f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: HTTP Callback and variables
It's a pity, but i created a feature request.. https://github.com/Graylog2/graylog2-server/issues/2333 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8360a2c5-f6f0-4e7c-a20f-648083fb4e73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] HTTP Callback and variables
Hello short question, is it possible to input some variables in the graylog http callback? somthing like: https://api.example.org/mybot/sendMessage?chat_id=123456789="Stream: ${stream.title} ... ${source} ${message}" thanks in advance! -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/db168ee0-df9b-4c5d-9950-6ecd332999ca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: rewrite incoming messages
wow.. thanks that was easy.. i try something like regex ([\d]+.[\d]+.) and copy.. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9f055582-08da-4acd-bef7-7ad89c13a6cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] rewrite incoming messages
Hello, I would like to send apache-logs to graylog ( at the moment i don't know whcih variant i would choose) is it possible to change the IP from the access.log? for example I would like to change the IP from 192.168.1.123 to 192.168.x.x Thanks for help! -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/bca00329-affc-4b5f-9965-ae392d3fe719%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.