Logstash conf file for Email Alert

Hi,

Can anyone help me with this I have created two conf file under /etc/logstash/conf.d/

1. syslog.conf === Working fine

input {
    beats {
        port => "5044"
    }
}
filter {
    grok {
        match => { "message" => "%{SYSLOGLINE}"}

    }
    geoip {
        source => "clientip"
    }
}
output {
    elasticsearch {
    hosts => [ "192.168.0.119:9200" ]
    user => "${ES_USER}"
    password => "${ES_PWD}"
   }
}

2. Output.conf for Email alert but not working .

if  "ERROR" in [LEVEL]
{
elasticsearch {
  hosts=>"192.168.0.119:9200"
  user =>"${ES_USER}"
  password =>"${ES_PWD}"
  }
  }
  email {
        options => [ "smtpIporHost", "smtp.gmail.com",
         "port", "587",
         "userName", "username",
         "password", "Password",
         "authenticationType", "plain",
         "starttls","true"
           ]
            from => "transmitter"
            subject => "logstash alert"
            to => "receiver"
            via => "smtp"
            body => "Here is the event line that occured: %{message}"
       }
stdout { }
}

Request if anyone can help me to get this work.

Regards,
Ravi

What exactly does "not working" mean? Are you getting error messages on either the logstash or SMTP server side?

Hi Badger,

Thanks for the reply..
No email receiving for logstash when we use above setting.

for your information I am using ELK with basic license.
just wanted know the steps which I am following is correct for receiving email notification or is there any other way to get email notification in ELK with Basic license.

Please suggest for the same and if possible please share the steps.

Regards,
Ravi

Hi,

Please help me to configure the same.

Regards,
Ravi

Hi,

Can anyone help me to configure the same.

Regards,
Ravi

Hi,

Can any one help me on this?
email alert with logstash pipeline already using logstash for syslog.

Regards,
Ravi

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.