System notification should inform via Email alerts to admin role users.

[makstock]

The system notification is shown in System/Overview informs admin role users

What?

The specific/admin group of users should get notified of those trigger notifications via Email

Here are the sample notification:

Why?

It will not require a login each time to take necessary actions on such System notifications. The notified user can take action according to the urgency of the notification.

##Context HS-887267106/HS-880186036

Your Environment

• Graylog Version: ALL
• Elasticsearch Version:
• MongoDB Version:
• Operating System:
• Browser version:

[boosty]

This is a bit similar to https://github.com/Graylog2/graylog-plugin-enterprise/issues/2776, where we added support for receiving traffic notifications via email.

[patrickmann]

Instead of building another custom email notification we will tie this into the existing Event subsystem. We get to re-use that code and users can leverage the familiar notification types. System events will also be persisted to the System Events Stream; though this is not a hard requirement in the first step.

[coffee-squirrel]

@patrickmann Would that approach rely on everything being functional enough to write those events to an index in ES/OS? Just wondering if certain types of severe situations (e.g. blocked indices or other Graylog system notifications related to blocked/failing message ingestion) would still need to be dependent on something external for notifications.

[mpfz0r]

@coffee-squirrel that's a valid concern. the current plan, is to keep the notifications in mongodb. Maybe we will duplicate them into ES/OS, but this isn't really needed to send notifications.