Continuous, automatic monitoring of our devices (Part 3)

After demonstrating in part 2 the generation of alarm messages for certain events in the system log, we proceed in this blog post to the definition of emails and their configuration on the website.
As stated before in part 2, notifications per email need to be activated first in the server configuration.

How to achieve that, how this works and which parameters are required is described by Graylog:

These are the default settings in the example on the website:

  • transport_email_enabled = false
  • transport_email_hostname =
  • transport_email_port = 587
  • transport_email_use_auth = true
  • transport_email_use_tls = true

        • Enable SMTP with STARTTLS for encrypted connections.

  • transport_email_use_ssl = false

        • Enable SMTP over SSL (SMTPS) for encrypted connections.

  • transport_email_auth_username =
  • transport_email_auth_password = secret
  • transport_email_subject_prefix = [graylog]
  • transport_email_from_email =

It is recommended to keep the website open and to start the configuration of the Graylog server on the command line with the following command:

sudo nano /etc/graylog/server/server.conf

Using “CTRL+W”, one can search for transport_email.

Konfiguration Graylog-Server

These are the parameters for the email notification. However, these are still commented out. The number sign, also known as hashtag, serves to identify comments in configuration files. The following characters are therefore not used by the server. Nevertheless, a user can read these when editing.
Thus, a user can structure the file, give hints or activate respectively deactivate functions with this comment function.

In the command line window, this may look as shown here.

Kommandozeile Graylog

The password is blackened out here.

Save your modifications with “CTRL+O” and close the editor with “CTRL+X”.

The service needs to be restarted for the modifications to take effect. Use this command in the command line:

sudo systemctl restart graylog-server.service

With the following command one can check if the service is running again:

sudo systemctl status graylog-server.service

Back on the website the configuration of the email notification can be completed. Create a new notification and pick email as notification type. As sender insert the email address given in server.conf (transport_email_from_email). In my case The subject and the content of the email remain unchanged. An arbitrary recipient can be defined for the notification. In my case it is my email address

Add Notification2

When done, test the configuration with a test email.

Versenden Testmail

Now the configuration is accomplished and the notification can be tested.
Now return to your SSH session and generate again 5 unauthorized attempts to access the device as Root. The data need to be transmitted first which requires some time.

You will receive the email after about half a minute!


This example shows very well what is possible with Graylog even without an enterprise licence.
Likewise, one can generate alarms in case of M-Bus meters defying readout, unsuccessful reports or dial-in in the mobile network.


Similar Posts

Our new software features

read more

#wesolve – Training routines at solvimus GmbH

read more

Third party cookies & scripts

This site uses cookies. For optimal performance, smooth social media and promotional use, it is recommended that you agree to third party cookies and scripts. This may involve sharing information about your use of the third-party social media, advertising and analytics website.
For more information, see privacy policy and imprint.
Which cookies & scripts and the associated processing of your personal data do you agree with?

You can change your preferences anytime by visiting privacy policy.