graylog-labs / graylog-plugin-pagerduty Goto Github PK

View Code? Open in Web Editor NEW

11.0 13.0 12.0 287 KB

A Graylog plugin that triggers PagerDuty events

Home Page: https://www.graylog.org/

License: GNU General Public License v3.0

Java 91.73% JavaScript 8.27%

graylog-plugin pagerduty graylog alerting monitoring alarm-callback

graylog-plugin-pagerduty's Introduction

PagerDutyNotificationPlugin Plugin for Graylog

A Notification plugin to integrate Graylog with PagerDuty as documented here.

Required Graylog version: 3.3 and later

Deprecated

As of Graylog version 4.0.0, PagerDuty notifications are integrated into the core product. Do not use the graylog-labs plugin on versions 4.x and above as it lacks support for new notification types.

Installation

Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.

Restart graylog-server and you are done.

Usage

After deploying the plugin, a new Notification type will be available to select in the alerts screen. For more information about setting up an alert please see.

The following configuration parameters are required,

Routing Key: The PagerDuty Routing Key defined as "[...] the 32 character Integration Key for an integration on a service or on a global ruleset" here.
Incident Key Prefix: The prefix to identify the event in PagerDuty.
Client Name: A String to identify the integration in PagerDuty.
Client URL: This will add a link to the desired destination URL that will be included in the event. The PagerDuty event will also include a direct link to a Graylog search query using this URL.

The following configuration parameters are optional,

Use Custom Incident Key: Enabling it will generate a custom deduplication key for correlating, the value will follow the format,

Incident Key Prefix/[Source Streams Separated by Comma]/Event Title

This is an example of a notification triggered from Graylog.

Development

You can improve your development experience for the web interface part of your plugin dramatically by making use of hot reloading. To do this, do the following:

git clone https://github.com/Graylog2/graylog2-server.git
cd graylog2-server/graylog2-web-interface
ln -s $YOURPLUGIN plugin/
npm install && npm start

Getting started

This project is using Maven 3 and requires Java 8 or higher.

Clone this repository.
Run mvn package to build a JAR file.
Optional: Run mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package respectively.
Copy generated JAR file in target directory to your Graylog plugin directory.
Restart the Graylog.

Plugin Release

We are using the maven release plugin:

$ mvn release:prepare
[...]
$ mvn release:perform

This sets the version numbers, creates a tag and pushes to GitHub. Travis CI will build the release artifacts and upload to GitHub automatically.

graylog-plugin-pagerduty's People

Contributors

Stargazers

Watchers

Forkers

artn andreidotnet vchau riebart jamescarr robbanp techomaxx clipperjoe edgarmolina2 isabella232

graylog-plugin-pagerduty's Issues

Should PagerDuty 2.0 plugin work on Graylog 3.2.5 cluster?

I just deployed a Graylog 3.2.5 cluster on Amazon Linux 2 in AWS.
I installed the new PagerDuty 2.0 plugin in the plugins directory on both hosts before starting the graylog-server service.

I see this in the logs on both hosts:
2020-05-28T10:16:30.412Z INFO [CmdLineTool] Loaded plugin: PagerDutyNotificationPlugin 2.0.0 [org.graylog.plugins.pagerduty.PagerDutyNotificationPluginPlugin]

When I go to the Notifications screen and click Create Notification, I don't see the PagerDuty Notification under Notification Types. I see this:

Could I have missed a step?

Support for Graylog 4

When installing on a Graylog 4.0.1 server it seems to properly load the plugin:

2021-01-07 15:31:24,683 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: PagerDutyNotificationPlugin 2.0.0 [org.graylog.plugins.pagerduty.PagerDutyNotificationPluginPlugin]

However there is no Pager Duty notification option:

I assume there is no Graylog 4 support yet, since I do not see any error in the Graylog logs.

wrong time frame for link

with a condition of x number of message in the last 5 mins to trigger a pagerduty alert, the link in pagerduty is created with a relative timeframe resulting in the wrong logs shown. In other words, it shows the logs from the last 5 mins when I click on the link instead of when the incident was raised

i think the correct behaviour should be an absolute timeframe which trigger the condition so that even when the incident is view one hour later, the timeframe for the logs will still be correct

Publishing your artifacts to the mvnrepository

Is it possible to publish the release JAR file to mvnrepository?

Error packaging

Hi all, when running mvn package I am getting

[INFO] --- frontend-maven-plugin:1.6:yarn (yarn run build) @ graylog-plugin-pagerduty ---
[INFO] Running 'yarn run build' in /Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty
[INFO] yarn run v1.12.3
[INFO] $ webpack
[ERROR] /Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/webpack-cli/bin/cli.js:93
[ERROR] 				throw err;
[ERROR] 				^
[ERROR]
[ERROR] Error: Cannot find module '/Users/benjamincuthbert/dev/code/rnd/graylog2-server/graylog2-web-interface/manifests/vendor-manifest.json'
[ERROR]     at Function.Module._resolveFilename (internal/modules/cjs/loader.js:580:15)
[ERROR]     at Function.Module._load (internal/modules/cjs/loader.js:506:25)
[ERROR]     at Module.require (internal/modules/cjs/loader.js:636:17)
[ERROR]     at require (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/v8-compile-cache/v8-compile-cache.js:161:20)
[ERROR]     at new PluginWebpackConfig (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/graylog-web-plugin/lib/PluginWebpackConfig.js:25:25)
[ERROR]     at Object.<anonymous> (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/webpack.config.js:6:18)
[ERROR]     at Module._compile (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/v8-compile-cache/v8-compile-cache.js:194:30)
[ERROR]     at Object.Module._extensions..js (internal/modules/cjs/loader.js:699:10)
[ERROR]     at Module.load (internal/modules/cjs/loader.js:598:32)
[ERROR]     at tryModuleLoad (internal/modules/cjs/loader.js:537:12)
[ERROR]     at Function.Module._load (internal/modules/cjs/loader.js:529:3)
[ERROR]     at Module.require (internal/modules/cjs/loader.js:636:17)
[ERROR]     at require (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/v8-compile-cache/v8-compile-cache.js:161:20)
[ERROR]     at WEBPACK_OPTIONS (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/webpack-cli/bin/utils/convert-argv.js:114:13)
[ERROR]     at requireConfig (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/webpack-cli/bin/utils/convert-argv.js:116:6)
[ERROR]     at /Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/webpack-cli/bin/utils/convert-argv.js:123:17
[ERROR]     at Array.forEach (<anonymous>)
[ERROR]     at module.exports (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/webpack-cli/bin/utils/convert-argv.js:121:15)
[ERROR]     at yargs.parse (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/webpack-cli/bin/cli.js:71:45)
[ERROR]     at Object.parse (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/yargs/yargs.js:576:18)
[ERROR]     at /Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/webpack-cli/bin/cli.js:49:8
[ERROR]     at Object.<anonymous> (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/webpack-cli/bin/cli.js:366:3)
[ERROR]     at Module._compile (internal/modules/cjs/loader.js:688:30)
[ERROR]     at Object.Module._extensions..js (internal/modules/cjs/loader.js:699:10)
[ERROR]     at Module.load (internal/modules/cjs/loader.js:598:32)
[ERROR]     at tryModuleLoad (internal/modules/cjs/loader.js:537:12)
[ERROR]     at Function.Module._load (internal/modules/cjs/loader.js:529:3)
[ERROR]     at Module.require (internal/modules/cjs/loader.js:636:17)
[ERROR]     at require (internal/modules/cjs/helpers.js:20:18)
[ERROR]     at Object.<anonymous> (/Users/benjamincuthbert/dev/code/rnd/graylog-plugin-pagerduty/node_modules/webpack/bin/webpack.js:156:2)
[ERROR] error Command failed with exit code 1.
[INFO] info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Add selectable severity

Any plans to add the option to select the PD severity to be sent for that Graylog alert?

Would be good to be able to route both warning and critical type alerts to the same PD service and have PD handle the escalations appropriately.

As it stands I need to configure more than 1 PD service so I can handle urgent Graylog alerts separately to trivial ones.

Graylog 3.1 support

It would be good if this plugin would support Graylog 3's new Event Notification system.

Only supports v3.3

I noticed that the docs claim the updated plugin supports v3.1 and later.

From testing both 3.1 and 3.2, the "PagerDuty Notification" type never appears when creating a new notification.

It's only available on v3.3+

At the very least the docs need updated, but if the intention was indeed for 3.1 and upwards to be supported, a wee bit extra digging will be required.

graylog2.conf setting http_proxy_uri ignored

It seems like the pagerduty alert plugin is not respecting the http_proxy_uri setting from graylog2.conf.

When I try to send a DummyAlert using the web interface or the REST browser, the request hangs with no response. This is the same behaviour when I try to download a file from the public internet. (These servers require a proxy to make any http connections beyond our walls.)

I can replicate this behaviour on the command line using curl to send an alert to pagerduty. Before executing export http_proxy=http://my.proxy.com:8080/, the request will hang forever. After setting the proxy, the request successfully creates an alert in pagerduty.

Due to the nature of information logged to our servers it is important that we control how these machines access the internet. If application level proxying is available, it is much preferred to setting the proxy server globally.

I'm not a Java developer, but it looks like the http_proxy_uri setting is accessible through the graylog2.BaseConfiguration class, and a quick check for existence would allow it to be used when the URL is made here.

A presumably relevant SO post can be found here: How do I make HttpUrlConnection use a Proxy?

Proxy config ignored

Looks like the updated plugin doesn't adhere to proxy settings.

I'm assuming similar to what was reporting in issue #2

Not working

Hi there, I have successfully installed this plugin and added my PagerDuty service key to the configuration. I then set up a test stream with a max. of 1 message in 10 minutes - in the Graylog2 web interface the stream shows that it is in ALERT state, but I have not received any PagerDuty incident notifications. What could I be missing?

See message details in incident?

Hi, I'd really like to see the message details in the incident message on PD, since sometimes it is critical, but most of the times the message can wait a while.

Is this possible?

Receiving message details

When events are posted to pager duty they don't contain any message information. How do we enable this?