Malcolm uses the Alerting plugins for OpenSearch and OpenSearch Dashboards. See Alerting in the OpenSearch documentation for usage instructions.
A fresh installation of Malcolm configures an example custom webhook destination named Malcolm API Loopback Webhook that directs the triggered alerts back into the Malcolm API to be reindexed as a session record with event.dataset
set to alerting
. The corresponding monitor Malcolm API Loopback Monitor is disabled by default, as users will likely want to configure the trigger conditions to suit individual needs. These examples are provided to illustrate how triggers and monitors can interact with a custom webhook to process alerts.
When using an email account to send alerts, users must authenticate each sender account before sending an email. The auth_setup
script can be used to securely store the email account credentials:
./scripts/auth_setup
Store administrator username/password for local Malcolm access? (Y/n): n
(Re)generate self-signed certificates for HTTPS access (Y/n): n
(Re)generate self-signed certificates for a remote log forwarder (Y/n): n
Will Malcolm be using an existing remote primary or secondary OpenSearch instance? (y/N): n
Store username/password for email alert sender account? (y/N): y
Email account username: [email protected]
[email protected] password:
[email protected] password (again):
Email alert sender account variables stored: opensearch.alerting.destination.email.destination_alpha.password, opensearch.alerting.destination.email.destination_alpha.username
(Re)generate internal passwords for NetBox (Y/n): n
This action should only be performed while Malcolm is stopped: otherwise the credentials will not be stored correctly.