Syslog alerting with InfluxDB and Logstash

Irek Romaniuk
Feb 2, 2017 · 3 min read

$ iquery-notify -h
Copyright 2017 @IrekRomaniuk. All rights reserved.
Usage of iquery-notify:
-db string
Database name (default “syslog”)
-from string
Email from (default “logstash@”)
-password string
Password (default “password”)
-time int
time back in minutes (default 1)
-to string
Email to (default “me@”)
-url string
InfluxDB url (default “http://influx:8086”)
-user string
Username (default “firewall”)
-v Prints current version

$ docker ps | grep “influx\|logstash”
… prod-logstash ... … … 0.0.0.0:11514->11514/udp logstash-prod
… influxdb … … … 0.0.0.0:8083->8083/tcp, 0.0.0.0:8086->8086/tcp influx

$ docker network ls | grep influx
… influx bridge local

$ syslog-generator -h
Copyright 2017 @IrekRomaniuk. All rights reserved.
Usage of syslog-generator:
-count int
Number of syslog messages to send (default 1)
-ip string
Syslog server IP address (default “10.34.1.100”)
-port string
Port (default “11666”)
-protocol string
Protocol (default “tcp”)
-sleep int
Sleep time between syslog messages in sec (default 1)

$syslog-generator -port=”11514" -protocol=”udp” -count=20

> SELECT count(SrcIP) FROM logstash WHERE Rule=’G0s9J4jAU3' AND time > ‘2017–01–31 19:29:54’
name: logstash
time count
— — — — -
2017–01–31T19:29:54.000000001Z 20

Irek Romaniuk

Written by

Here are my ‘nanonotes’, excuse the brevity and typos. I’m based in RI, working as security and automation engineer for a fin-tech company in Boston.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade