Filter alerts based on event type

[sgtwtf]

I would love this even more if i could make the email alerts for startup events go to a different email than if an event was triggered.

Autorun prompt during setup or firstrun would be very useful.

[jayjb]

Hi @sgtwtf,

Ye its a known issue that we need to sort. We handle it on the commercial side by filtering logtypes (i.e. if log is from http about a login, then alert rather than alert on all logs).

Ill add it to our update list (otherwise a PR is always welcome!)

[sgtwtf]

PR? Is that product request? Is there a place I can submit that for you? From: JayJB <notifications@github.com> Sent: Monday, August 31, 2020 10:11 AM To: thinkst/opencanary <opencanary@noreply.github.com> Cc: sgtwtf <sgtwtf@gmail.com>; Mention <mention@noreply.github.com> Subject: Re: [thinkst/opencanary] Feature requests (#91) Hi @sgtwtf <https://github.com/sgtwtf> , Ye its a known issue that we need to sort. We handle it on the commercial side by filtering logtypes (i.e. if log is from http about a login, then alert rather than alert on all logs). Ill add it to our update list (otherwise a PR is always welcome!) — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#91 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABZHX5FPNFTSURV4HCKSK23SDPKQVANCNFSM4QIIJM6Q> . <https://github.com/notifications/beacon/ABZHX5BNV4IZMJIWKEDBITTSDPKQVA5CNFSM4QIIJM62YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFDB2JIA.gif>

[jayjb]

Hi @sgtwtf,

Ah sorry I shouldve explained it. I meant a "Pull Request". So all the code Opencanary uses is in this repository. If you find that you have some time and would like to contribute to this project, you can clone the Opencanary repository, make the changes that you would find useful, and submit them to me as a PR (Pull Request).

Let me know if this is something you would be keen to try.

[mgabor3141]

Logtype based filtering has since been added.

Add the following to your root config object to filter all startup related messages from the logs and only log actual alerts. This filters these messages from the terminal logs as well unfortunately, but that's still better than spamming emails (for example) on every startup.

    "logtype.ignorelist": [ 1000, 1001, 1002, 1003, 1004, 1005, 1006 ],

Here's the relevant source code where the logtypes are defined: https://github.com/thinkst/opencanary/blob/master/opencanary/logger.py#L56

Writing this here as this info was rather hard to find, and someone could stumble onto this thread looking for this.