Welcome to This Week in Log Management!
Every week we get many great questions through support, the community, social media, and our weekly demo. On Fridays, I like to share the most common questions and answers, tips, insights, a closer look at Graylog, interviews, etc.
If you have any questions for me, drop them on Twitter, and I’ll do my best to fold them into upcoming Friday posts. Our handle is @graylog2.
Is there a way to silence alerts temporarily?
Yes, there is the ability to silence or disable alerts in Graylog. There are times in IT environments where you know you are going to generate specific events in your network. As an example, you are patching servers, upgrading hardware components, and many other things. These types of activities are very common during maintenance windows. If you have created Event Definitions in Graylog to send alerts for specific occurrences of activity like servers rebooting, network switches going down, or many other types of notifications, you will want to pause (silence) these alerts, not triggering unnecessary notifications.
In your Graylog Alerts, under Event Definitions, you have a drop-down “more” button, and this allows you to disable each event definition. The most important events you would plan to disable would be the types of events you know you are going to trigger during maintenance windows that have notifications enabled in them. Once your maintenance activity has been completed, you could then re-enable your events that have notifications.
You will need to understand if you have built event definitions that have timed correlation events in them. For example, if you were able to complete a certain level of maintenance activity in a short window of time. Next, you then prematurely re-enabled your event definitions which you could have cascading events in that magic window that may trigger notifications. Understanding your event definition configurations is very important, so you do not trigger improper notifications during maintenance windows.
For More Information:
Detecting Security Vulnerabilities with Alerts is a great example of alerts and configuration that you may not want to pause. What do you think? Give us a shout-out!
Thanks for joining us, and Happy Logging With Graylog!