Graylog API log parser to discord
Graylog does a good job as a standalone syslog server but I found a shortcoming where it wasn’t able to send alerts to discord. So, I took on the challenge to dive into python3 and learn all about docker.
The script loops on an interval doing api calls to graylog checking for the SEARCH_QUERY that you provide. For example you can specify any search query that you can make through graylog and get that data back to whatever discord CHANNEL you choose.
Use docker pull Docker.
docker pull mikehanson/graycordVariables that can be passed to docker img.
PASSWORD - Graylog password
USERNAME - Graylog username
HOSTNAME - Graylog server ip/hostname
TOKEN - Discord token
CHANNEL - Discord channel ID
PORT - Graylog port (ie. 9000)
SEARCH_QUERY - Graylog Search query. Anything you can search on via graylog UI
INTERVAL - API call in seconds. Default is 10 sudo docker run -e PASSWORD="passwordForGrayLog" -e HOSTNAME='ip/hostname for graylog' -e TOKEN='discord-bot-token' docker_img_name
Fortigate Logs:
1. Admin login events - 'logdesc:"Admin login successful"'
2. View logs rated critical - 'level:\"critical\"'
3. Multiple different logs - 'logdesc:"Admin login successful" OR action:\\"tunnel\\-up\\" OR level:\"critical\"'https://docs.docker.com/get-docker/
https://hub.docker.com/r/mikehanson/graycord
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.