Graylog: Alerting

How to send Graylog alerts by email, Slack, or Mattermost

👋 Welcome to the Stackhero documentation!

Stackhero offers a ready-to-use Graylog cloud solution that provides a host of benefits, including:

  • Unlimited and dedicated SMTP email server included.
  • Effortless updates with just a click.
  • Customizable domain name secured with HTTPS (for example, https://logs.your-company.com).
  • Optimal performance and robust security powered by a private and dedicated VM.

Save time and simplify your life: it only takes 5 minutes to try Stackhero's Graylog cloud hosting solution!

Graylog enables you to respond proactively to specific conditions by sending alerts through notifications. These notifications can be sent via email, Slack, Mattermost, or an HTTP webhook.

For more information on alerts, you can refer to the official documentation.

Configure email notifications

Every Graylog instance provided by Stackhero includes a built-in email server, allowing you to send unlimited emails directly from your instance at no additional cost.

To set up an email notification, you might consider following these steps:

  1. Access your Graylog service, navigate to Alerts > Notifications, and click the Get started! button or opt for Create notification.

  2. Enter a title for your notification and choose Email Notification under Notification type.

  3. In the Sender field, input noreply@<yourGraylogDomain>. Remember to replace <yourGraylogDomain> with your actual Graylog domain name, typically formatted as <XXXXXX>.stackhero-network.com.

    Important: Ensure you use your Graylog domain to avoid errors when sending emails.

  4. Specify the email address where you would like to receive alerts in the Email recipient field.

    Example of email configurationExample of email configuration

  5. Click the Execute test notification button to verify that everything functions correctly. Once confirmed, complete the setup by clicking Create.

Congratulations! Your email notification is now established and operational!

Handling the error: "Sending the email to the following server failed: postfix:25"

Should you encounter the error Error: Notification has email recipients and is triggered, but sending emails failed. Sending the email to the following server failed: postfix:25, it is likely because the sender input is not correctly formatted. It should follow the pattern <something>@<yourGraylogDomain>. "Something" is flexible (like "noreply"), but "yourGraylogDomain" must reflect your Graylog service domain, usually presented as <XXXXXX>.stackhero-network.com.

Configure Slack and Mattermost notifications

To set up a Slack or Mattermost Cloud notification, you will first need an "incoming webhook" from Slack or Mattermost Cloud.

Obtain an incoming webhook URL from Slack

For Slack users, visit https://api.slack.com/apps and click Create New App. Complete the form, validate it, then select Incoming Webhooks and enable them. Click Add New Webhook to Workspace and copy the Webhook URL for use in the next steps.

Obtain an incoming webhook URL from Mattermost

If you prefer Mattermost Cloud, the open-source alternative to Slack, navigate to your Mattermost interface. From the main menu, select Integrations, then Incoming Webhooks, click Add Incoming Webhook, and complete the form. You will be given a URL in the format https://<domain>/hooks/<token> to copy for future use.

Configure the notification

Before configuring Slack and Mattermost Cloud notifications, ensure the Integrations plugin is activated in the Stackhero dashboard. To do this, choose your Graylog service, click Configure, activate the Integrations plugin, and confirm the configuration.

Once configured, proceed to your Graylog instance under Alerts, Notifications, and click Get started! or Create notification.

Assign a title and select Slack Notification in Notification type. Paste the incoming webhook URL you obtained from Slack or Mattermost into Webhook URL.

Example of a Slack/Mattermost configurationExample of a Slack/Mattermost configuration

Click the Execute Test Notification button to ensure functionality, then finalize by clicking Create.

Congratulations, your Slack/Mattermost notification is now set up and ready for action!

Other articles for Graylog