Skip to content
Last update: 2022-05-25

Routing Alerts

You can configure alert outputs to write only certain message types to their output. This allows for routing critical data like alerts and smart policy messages to a central system, such as a SIEM for triage, and less critical messages ,such as audit, to an archival store. By default alert outputs are setup to deliver alert and smart_policy messages, but this can be customized by adding a message_types key to the alert output definition.

Here's an example:

    # write all message types to standard out
    - type: stdout
      enabled: true
      template: 'Alert triggered: {{ .StrategyName}}'
      - alert
      - smart_policy
      - audit
Back to top