Graylog2 Streams via Email

I was recently asked how to get emails working from streams you have created within the Graylog2 web ui. Seeing as I had done this just recently I thought I would share what I did to get them working.

So the first thing you need to do is modify /etc/graylog2.conf and find the section # Email Transport and modify like below. That way you can get emails to flowing from Graylog2.

nano /etc/graylog2.conf
# Email transport
transport_email_enabled = true
transport_email_protocol = smtp
transport_email_hostname = yoursmtpserver
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_auth_username =
transport_email_auth_password = secret
transport_email_subject_prefix = [graylog2]
transport_email_from_email =
transport_email_from_name = Graylog2
transport_email_web_interface_url =

Now create your streams however you want and set the thresholds.

22-58-23 22-58-59 22-59-23 22-59-54 23-00-17


Make the alarm active and select I want to receive alarms. And set your messages, minutes and grace period.



Now edit your username and make sure that you have an email address added for your user that you want to receive emails.



That’s it!


8 thoughts on “Graylog2 Streams via Email

  1. Thanks for this post. Nice!

    I have configured my server..

    However, I don't get any email field on any on my users that's created…

    Seems weird, is this anything you've seen?

  2. I have the same problem here. Enabled the XMPP and Email Transport in the graylog2.conf, restarted the whole server but i don´t get any input field for the e-mail address. I installed graylog with your automatic script ( which is just awesome by the way 😉 ) on a ubuntu 12.04.4 64bit.

  3. Nevermind, i´ve edited the "/opt/graylog2-server/graylog2.conf" and not the "/etc/graylog2.conf". Now everything works 🙂

  4. Thanks for the tutorial! You have some wonderful information! Was wondering if there is a way to send the actual contents of the message in the alarms like the older version of graylog2 instead of a hyperlink?

  5. Pingback: Security Visibility in the Cloud – Logging and Monitoring in AWS : GuidePoint Security

Leave a Reply

Your email address will not be published. Required fields are marked *