Current state of Graylog Icinga integration

I just revisited the Graylog ↔ Icigna2 topic and wanted to share my results with the community.

Icinga2 to Graylog

GelfWriter

:white_check_mark: Loging Icinga 2 data to Graylog works great with the GelfWriter .

rsyslog

:white_check_mark: Sending device logs of Icinga2 cluster nodes with rsyslog is easy.

Graylog to Icinga2

Push

graylog-plugin-icinga

:cross_mark: Icinga Plugin for Graylog from GitHub - Icinga/graylog-plugin-icinga: An output plugin for integrating Icinga with Graylog. looks dead (last commit 7 years ago) and crashes Graylog 6.2.1

This makes me sad as I would very much prefer this approach!

Pull

check-graylog2-stream

:cross_mark: check-graylog2-stream as officially linked by Icinga Integrations - Extend with Grafana & Many More looks dead (last commit 9 years ago) and didn’t work with Graylog 6.2.1 (or I’m to stupid to set it up - no verbose and debug arguments)
I got no further then:

  • UNKNOWN: Got wrong return code from Graylog2 API, please check all command line parameters
  • UNKNOWN: Can not connect to Graylog2 API

graylog-alerts-to-icinga

:white_check_mark: graylog-alerts-to-icinga from GitHub - sowoi/graylog-alerts-to-icinga: Monitor graylog alerts with icinga2 looks alive-ish (last commit 2 years ago) and I got it to work after adding a port argument.

Icinga Web 2 Graylog Module

:cross_mark: Missing!
It would be great if the host tab would have a logs widget like LibreNMS has on the device overview page.
A direct link into Graylog with a preconfigured search would also be very nice and easy to implement as the URLs look like this https://graylog.example.com/search?q=source%3Aictmirrorlp02.example.com&rangetype=relative&from=300

If you have any insights or know about plugins I missed, I would like to read your reply.

3 Likes

Hi @rivad, I am not using Graylog at all and just wanted to thank you for testing and putting all of this here.
:slight_smile:

1 Like

Am i missing something or would this be possible with a Host/Service Action?

No you don’t but with a Host/Service action, you just create a blind link into nothingness for hosts/services that have nothing in Graylog. Only attaching the action based on a variable like vars.graylog_query could help to mitigate this.
If you use a module, the on opening a host or service, the hook could start querying Graylog and only display the widget and link if something was found.