search

Yelp / elastalert

Easy & Flexible Alerting With ElasticSearch
https://elastalert.readthedocs.org
Apache License 2.0
7.99k stars 1.74k forks source link

Syslog Alerter #2254

Open aoliver13 opened 5 years ago

aoliver13 commented 5 years ago

What happened to the syslog alerter? I see at one point it may have been merged but no longer appears to be an option or note in documentation?

Has anyone been able to successfully using command and logger to send to a remote syslog server?

admlko commented 5 years ago

Command alerter with logger works fine here, but I needed to spoof the hostname in the syslog header. So I have been using pysyslogclient for a long time now, works like a charm.

p477d343 commented 11 months ago

Command alerter with logger works fine here, but I needed to spoof the hostname in the syslog header. So I have been using pysyslogclient for a long time now, works like a charm.

Can you give me some steps to use this? I am trying to use ElastAlert2's "command" alert module to send log to a remote syslog server.

here are the config rules I tried. 

command: ["/usr/bin/logger", "-n", "my_remote_server_ip", "-t", "elastalert"]
pipe_match_json: true