Re: [graylog2] Re: alerting plugins seem to lack all context?

[Jason Haar]

On Wed, Sep 7, 2016 at 4:30 AM, Jochen Schalanda  wrote:

> You could also try to use netcat or Wireshark to record the request the
> HTTP Alarm Callback is sending.
>

Great idea. Now I see the problem. That POST is of a JSON blob - it's not a
normal "web form". That's why I can't find any POST variables  - there
aren't any.

So now I'm using the following to get me an array of field->values - works
fine :-)

$json = file_get_contents('php://input');
$obj = json_decode($json);



-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAFChrgJpZvvPHr6MYYbGy7THgMb3m38QFx1GCfd0Mp%3DJAM9%3DkA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: alerting plugins seem to lack all context?

[Jochen Schalanda]

Hi Jason,

I couldn't reproduce your problems with the HTTP Alarm Callback.

Just to make sure, I've added a test case to our test harness for Graylog 
(see 
https://github.com/Graylog2/graylog2-server/commit/2b05856b6982b14508f3d0d23957ccdb54ec0eeb
).

You could also try to use netcat or Wireshark to record the request the 
HTTP Alarm Callback is sending.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ed4b0e73-3646-46c7-a2a8-3a3d7c0b3bc3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: alerting plugins seem to lack all context?

[Jochen Schalanda]

Hi Jason,

which outputs are you using specifically?

If these are 3rd party plugins, you might want to create a GitHub issue in 
the issue trackers of those projects.

Cheers,
Jochen

On Tuesday, 6 September 2016 00:47:34 UTC+2, Jason Haar wrote:
>
> Hi there
>
> I've been playing around with alerts. The native "email" alert works as 
> expected, but the HTTP and "Execute command" alarm options lack all detail 
> about the event that triggered the alert
>
> I've written a script that simply dumps the command line options and 
> environment vars to a file - nothing related to the event shows up. 
> Similarly, the HTTP does a POST - but contains no variables at all
>
> What am I missing? The alerting options are really not that sophisticated, 
> so I'd rather dump "alerts" into my own workflow program - but nothing 
> besides email appears to have any actual data??
>
> -- 
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dec4bb1c-b913-4535-b152-026467329950%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.