Skip to content

Routing Alerts

You can configure alert outputs to write only certain message types to their output. This allows for routing critical data like alerts and smart policy messages to a central system, such as a SIEM for triage, and less critical messages ,such as audit, to an archival store. By default alert outputs are setup to deliver alert and smart_policy messages, but this can be customized by adding a message_types key to the alert output definition.

Here's an example:

alert_output:
  outputs:
    # write all message types to standard out
    - type: stdout
      enabled: true
      template: 'Alert triggered: {{ .StrategyName}}'
      message_types:
      - alert
      - smart_policy
      - audit