Skip to content

malinkinsa/graylog-alert-gateway

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

106 Commits

.github

.github

 
 

logs

logs

 
 

src

src

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

config.ini

config.ini

 
 

launch.py

launch.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

Graylog Alert Gateway

Web based application designed to integrate graylog with different IRP systems.

Description

This application allows you to deliver graylog alert data to the following irp systems:

And to Telegram (Optional)

Environment

This app has been tested with the following versions:

  • Python 3.9
  • Graylog 4.2.2
  • TheHive4 4.1.16

Setup

Native

  • Create non root user:
sudo adduser --disabled-password gateway && \
sudo su - gateway
  • Checkout the code:
git clone git@github.com:malinkinsa/graylog-alert-gateway.git
  • Setup Virtual Environment:
virtualenv --python=python3 gateway-env && \
source gateway-env/bin/activate
  • Install python requirements:
pip3 install --no-cache-dir --upgrade pip --user && \
pip3 install --no-cache-dir -r requirements.txt --user
  • Setup the app via config.ini:
vi graylog-alert-gateway/config.ini

  • Logout from user gateway

  • Create init.d file:

sudo vi /etc/systemd/system/graylog-alert-gateway.service

[Unit]
Description=graylog-alert-gateway
After=multi-user.target

[Service]
Type=idle
ExecStart=/home/gateway/gateway-env/bin/python3 /home/gateway/graylog-alert-gateway/launch.py

# Connects standard output to journal
StandardOutput=journal

# Connects standard error to journal
StandardError=journal

[Install]
WantedBy=multi-user.target
  • Reload init.d configuration:
sudo systemctl daemon-reload
  • Launch app:
sudo systemctl start graylog-alert-gateway.service

Docker & Docker-compose

Pre-built

Supported tags

latest

  • Pull image:
docker pull malinkinsa/graylog-alert-gateway:latest
  • Download and configure config.ini:
wget https://raw.githubusercontent.com/malinkinsa/graylog-alert-gateway/master/config.ini && \
vi vonfig.ini
  • Start docker container:
docker run -d \
--name graylog-alert-gateway \
-v config.ini:/opt/graylog-alert-gateway/config.ini \
-p 8000:8000 \
malinkinsa/graylog-alert-gateway:latest

Your own

  • Checkout the code:
git clone git@github.com:malinkinsa/graylog-alert-gateway.git
  • Configure config.ini:
cd graylog-alert-gateway && \
vi config.ini
  • Build your own container:
docker build -t name:tag .
  • Start docker container:
docker run -d \
--name graylog-alert-gateway \
-p 8000:8000 \
name:tag

Graylog notification channel

  • Create new Graylog Notification channel: Graylog -> Alert -> Notifications -> Create Notification
  • Settings:
    • Specify title;
    • Notification Type: HTTP Notification;
    • URL: Add URL there application work; For example: http://emaxple.com:8000/input/
    • Add this URL to Graylog whitelist or disable whitelist in System -> Configurations -> URL Whitelist Configuration
  • Add this Notification channel to Event Definition;
  • Fields, what you are specified in Fields block of your Event Definition will be artifacts in IRP system;

To Do

  • Readme about graylog setup;
  • Sentry support;
  • Readme about modules:
    • stream_resolver;
    • telegram
  • Docker support;
  • README about Setup;
    • Native;
    • Dockerized;

About

Web based application designed to integrate graylog with different IRP systems.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages