# Graylog Integration

[Graylog](https://graylog.org) is a sophisticated log management and Security Information and Event Management (SIEM) solution that assists teams in addressing security, application, and IT infrastructure issues. It achieves this by providing a platform to combine, enrich, correlate, query, and visualize all your log data in a single location. This centralized approach enhances the efficiency of managing large volumes of log data, which is crucial for monitoring systems, debugging applications, and maintaining security.

With ilert integration for Graylog, you can receive alerts from Graylog via voice, push, SMS, and messenger notifications.

## In ilert: Create a Graylog alert source

1. Go to **Alert sources** -> **Alert sources** and click on **Create new alert source**

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FjX0cS4q7woTXKajZmc1W%2FScreenshot%202023-08-28%20at%2010.21.10.png?alt=media&#x26;token=8ef3666b-84eb-4b51-abee-f07303313941" alt=""><figcaption></figcaption></figure>
2. Search for **Graylog** in the search field, click on the Graylog tile and click on **Next**.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FlXzQlJpaTFSR49AZk0xA%2FScreenshot%202023-08-28%20at%2010.24.23.png?alt=media&#x26;token=cffeacb4-57b9-47d4-827d-b0f6b1afd914" alt=""><figcaption></figcaption></figure>
3. Give your alert source a name, optionally assign teams and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FNnuZqONaIhbOf6fn4OkZ%2FScreenshot%202023-08-28%20at%2011.37.47.png?alt=media&#x26;token=8a74f7b5-5bd2-4eea-97fa-1c1dbb041333" alt=""><figcaption></figcaption></figure>
5. Select you [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FueugN4JgHn1c90ggFA6u%2FScreenshot%202023-08-28%20at%2011.38.24.png?alt=media&#x26;token=b8009daf-3ca8-4264-a6fa-e42ef7333205" alt=""><figcaption></figcaption></figure>
6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on **Finish setup** for now.
7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FJ1QwcjLiVLOyieOrgmpC%2FScreenshot%202023-08-28%20at%2011.47.34.png?alt=media&#x26;token=72dc29a2-ded0-44cd-89bc-229bb0569626" alt=""><figcaption></figcaption></figure>

## In Graylog: Sending alerts via Graylog

1. In the Topbar click on **Alerts** -> **Notifications** -> **Create notification**.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2F6keM1EPFGCT7CkiSntMT%2Fgraylog_1.png?alt=media&#x26;token=b0e39406-b189-4b46-baba-409d790758f1" alt="" width="563"><figcaption></figcaption></figure>

2. Add a **Title** to the new notification.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2Fj9PtQ3m7Z6tYJaZbzDUp%2Fgraylog_2.png?alt=media&#x26;token=4b0a2e36-45bc-48e3-8c68-20014278585e" alt="" width="563"><figcaption></figcaption></figure>

3. In the **Notification Type** field choose HTTP Notification and add the previous generated ilert alert source URL into the **URL** field.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FcxYYA5LyecnsGb7CC6f1%2Fgraylog_3.png?alt=media&#x26;token=c4d87fbe-974f-45af-9cb7-0354550714a7" alt="" width="563"><figcaption></figcaption></figure>

4. Optional: Click on **Execute Test Notification** to test the notification.
5. Click on Create notification to save your new notification.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FnPALu66WxN6IkBqCsBsu%2Fgraylog_4.png?alt=media&#x26;token=5eb5fcf7-a940-4c22-a57d-ef8ad4c1d950" alt="" width="563"><figcaption></figcaption></figure>

## FAQ <a href="#faq" id="faq"></a>

**Will alerts in ilert be resolved automatically?**

Yes, as soon as Graylog sends an event with the key `alert` set to `false`, the associated alert in ilert is resolved.