Set up alerts to get notified about log events that matter.

Get emailed if a dictionary attack is under way or when critical errors are reported in your logs. Prevent system downtime by getting notified about issues before they become fatal.


Create Your Alerts

Go to the desired log and select Plus next to the Alerts tab. Specify options explained below and select Create new alert.

fatal_alert


Specify a pattern or tag category

Logentries allows you to specify a pattern that you should be alerted upon. Note patterns can be specified as keywords for exact matching, or as regular expressions (regular expressions should start with’/’) in the same way as when using the search bar. Learn more about specifying patterns.

You can also select a matched tag that you would like to be alerted on. For example you may want alerts to be sent for all ‘fatal’ events.


Specify limitations

Specify how often the event must occur before an alert is triggered. Also specify how often you would like to be notified. This allows you to avoid flooding your inbox with notifications and to get alerts when they really matter.

With the option It must match at least you can specify how many times the pattern MUST match in order to trigger the alert. The most common option Once triggers the alert on every occurrence. A more refined option 100x/hour specifies that the pattern must match at least 100 times in the last 60 minutes. The alert is triggered when our alert counter reaches this limit. However, note that it does not trigger again if the pattern is continually matched above the threshold: the counter must drop again below the limit, and then again over the threshold to be re-triggered. This allows us to avoid flooding you with alert reports.

Option Report this alert at most enables you to limit the amount of alert reports you receive. You can thus easily avoid getting flooded with reports of the same alert, while making sure you still get the most important ones.

All time specifications (last hour, last day), represent a sliding window. That means the time window specified is not fixed for the current hour or day, but instead it slides with the current time and refers to last 60 minutes or 24 hours. This is more convenient than a fixed-hour/day time specification: Attacks or errors do not respect hour or day boundaries!.


Specify notification style

Notifications can be sent by email, or you can specify a URL where the notification should be sent if you would rather use webhooks.

Webhook is POSTed information about the alert triggered in JSON format for easy parsing. Logentries sends webhooks to your server in real-time so your server does not need to poll for changes.


Patterns

Defining an Exact Match

files will alert on entries such as /media/files/doc Note exact matching will not match substrings like Myfiles

Regular Expressions

For regular expressions start the query with a slash /. Note using a slash / will also handling substrings. E.g. /file will alert on an exact match and substrings

Some useful patterns:

  • /.+@.+\.[a-z]+ Match an email
  • /\d{5,7} Match a 5-7 digit id
  • /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} Match any IP address

Check out pattern details

Back to Top