Graylog2 Streams via Email

I was recently asked how to get emails working from streams you have created within the Graylog2 web ui. Seeing as I had done this just recently I thought I would share what I did to get them working.

So the first thing you need to do is modify /etc/graylog2.conf and find the section # Email Transport and modify like below. That way you can get emails to flowing from Graylog2.

nano /etc/graylog2.conf
# Email transport
transport_email_enabled = true
transport_email_protocol = smtp
transport_email_hostname = yoursmtpserver
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_auth_username = you@example.com
transport_email_auth_password = secret
transport_email_subject_prefix = [graylog2]
transport_email_from_email = email@yourdomain.com
transport_email_from_name = Graylog2
transport_email_web_interface_url = http://yourgraylogservername.domain.com

Now create your streams however you want and set the thresholds.

22-58-23 22-58-59 22-59-23 22-59-54 23-00-17

 

Make the alarm active and select I want to receive alarms. And set your messages, minutes and grace period.

23-07-14

 

Now edit your username and make sure that you have an email address added for your user that you want to receive emails.

23-02-03

 

That’s it!

Enjoy!

8 thoughts on “Graylog2 Streams via Email

  1. Thanks for this post. Nice!

    I have configured my server..

    However, I don't get any email field on any on my users that's created…

    Seems weird, is this anything you've seen?

  2. I have the same problem here. Enabled the XMPP and Email Transport in the graylog2.conf, restarted the whole server but i don´t get any input field for the e-mail address. I installed graylog with your automatic script ( which is just awesome by the way 😉 ) on a ubuntu 12.04.4 64bit.

  3. Nevermind, i´ve edited the "/opt/graylog2-server/graylog2.conf" and not the "/etc/graylog2.conf". Now everything works 🙂

  4. Thanks for the tutorial! You have some wonderful information! Was wondering if there is a way to send the actual contents of the message in the alarms like the older version of graylog2 instead of a hyperlink?

  5. Pingback: Security Visibility in the Cloud – Logging and Monitoring in AWS : GuidePoint Security

Leave a Reply

Your email address will not be published. Required fields are marked *

*