GLPI Connector Pipelines functions

Version Compatibility

Installation

Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.

Restart graylog-server and you are done.

Configuration

In the configuration tab of Graylog, you will have to provide:

• GLPI API URL
• GLPI User API Token
• GLPI APP Token
• Cache Heap Size
• Cache TTL

You may have to change the order into "Message Processors Configuration". Just switch between "Message Filter Chain" and "Pipeline Processor"

Usage

To search into the Computer category for the source field and display all fields, create a pipeline function like:

rule "GLPIComputer"
when
  has_field("source")
then
  let computer = GLPI(to_string($message.source), "Computer", "");
  let computer_fieds = key_value(computer);
  set_fields(computer_fieds, "Computer-");
end

If you want to do the same search but displaying only the field called OSName, create a pipeline function like:

rule "GLPIComputer"
when
  has_field("source")
then
  let computer = GLPI(to_string($message.source), "Computer", "OSName");
  let computer_fieds = key_value(computer);
  set_fields(computer_fieds, "Computer-");
end

Build

This project is using Maven 3 and requires Java 8 or higher.

• Clone this repository.
• Run mvn package to build a JAR file.
• Optional: Run mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package respectively.
• Copy generated JAR file in target directory to your Graylog plugin directory.
• Restart the Graylog.

License

This plugin is released under version 3.0 of the GNU General Public License.