Graylog2 Streams via Email

less than 1 minute read

I was recently asked how to get emails working from streams you have created within the Graylog2 web ui. Seeing as I had done this just recently I thought I would share what I did to get them working.

So the first thing you need to do is modify /etc/graylog2.conf and find the section # Email Transport and modify like below. That way you can get emails to flowing from Graylog2.

nano /etc/graylog2.conf
# Email transport
transport_email_enabled = true
transport_email_protocol = smtp
transport_email_hostname = yoursmtpserver
transport_email_port = 25
transport_email_use_auth = false
transport_email_use_tls = false
transport_email_auth_username = [email protected]
transport_email_auth_password = secret
transport_email_subject_prefix = [graylog2]
transport_email_from_email = [email protected]
transport_email_from_name = Graylog2
transport_email_web_interface_url = http://yourgraylogservername.domain.com

Now create your streams however you want and set the thresholds.

22-58-23

22-58-59

22-59-23

22-59-54

23-00-17

Make the alarm active and select I want to receive alarms. And set your messages, minutes and grace period.

23-07-14

Now edit your username and make sure that you have an email address added for your user that you want to receive emails.

23-02-03

That’s it!

Enjoy!

Updated:

Leave a comment