GrayCord Link to heading

Graylog API log parser to discord

Graylog + Discord = GrayCord Link to heading

Why? Link to heading

Graylog does a good job as a standalone syslog server but I found a shortcoming where it wasn’t able to send alerts to discord. So, I took on the challenge to dive into python3 and learn all about docker.

How does it work? Link to heading

The script loops on an interval doing api calls to graylog checking for the SEARCH_QUERY that you provide. For example you can specify any search query that you can make through graylog and get that data back to whatever discord CHANNEL you choose.

Installation Link to heading

Use docker pull Docker.

docker pull mikehanson/graycord

Usage Link to heading

Variables that can be passed to docker img.

PASSWORD        - Graylog password
USERNAME        - Graylog username 
HOSTNAME        - Graylog server ip/hostname
TOKEN           - Discord token
CHANNEL         - Discord channel ID
PORT            - Graylog port (ie. 9000)
SEARCH_QUERY    - Graylog Search query. Anything you can search on via graylog UI
INTERVAL        - API call in seconds. Default is 10 

Example Link to heading

sudo docker run -e PASSWORD="passwordForGrayLog" -e HOSTNAME='ip/hostname for graylog' -e TOKEN='discord-bot-token' docker_img_name

Search Query Examples Link to heading

Fortigate Logs: 

1. Admin login events       - 'logdesc:"Admin login successful"'
2. View logs rated critical - 'level:\"critical\"'
3.  Multiple different logs  - 'logdesc:"Admin login successful" OR action:\\"tunnel\\-up\\" OR level:\"critical\"'

Github Repo Link to heading

DockerHub Link to heading

Contributing Link to heading

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License Link to heading