elastalert icon indicating copy to clipboard operation
elastalert copied to clipboard
verified publisher icon Yelp

Syslog Alerter

Open aoliver13 opened this issue 6 years ago • 2 comments

What happened to the syslog alerter? I see at one point it may have been merged but no longer appears to be an option or note in documentation?

Has anyone been able to successfully using command and logger to send to a remote syslog server?

aoliver13 avatar May 22 '19 16:05 aoliver13

Command alerter with logger works fine here, but I needed to spoof the hostname in the syslog header. So I have been using pysyslogclient for a long time now, works like a charm.

admlko avatar Jun 14 '19 07:06 admlko

Command alerter with logger works fine here, but I needed to spoof the hostname in the syslog header. So I have been using pysyslogclient for a long time now, works like a charm.

Can you give me some steps to use this? I am trying to use ElastAlert2's "command" alert module to send log to a remote syslog server.

here are the config rules I tried.

command: ["/usr/bin/logger", "-n", "my_remote_server_ip", "-t", "elastalert"]
pipe_match_json: true

sickcell6000 avatar Sep 25 '23 07:09 sickcell6000