Hi Scarlet,
you can create a stream which contains only those messages (e. g. by adding
a stream rule "Field protocol-id must be equal to 17"), call it
"Protocol-Attack: UDP", and then create an alert condition for this
specific stream which will fire if there are any messages in this stream.
Cheers,
Jochen
On Monday, 12 September 2016 05:02:22 UTC+2, Scarlet Eza wrote:
>
> Anyone that have exp about configuring email callback on Graylog, please
> advise me this case. In log that we receive have field: protocol-id.
>
>
> Now I can using it in email by using syntax:
> ${message.fields.protocol-id}. But value of this filed is number. I want to
> change it to string. I give example: if (protocol-id = 17) protocol-id =
> 'UDP'. I try code as below but I don't get anything:
>
>
> ${if ${message.fields.protocol-id}==17}Protocol-Attack: UDP
>
>
> How I can solve this case???
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/57269fa9-1172-4f7b-bd01-db9a59e1ec70%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
