Real-time log alerting for VictoriaLogs with full log context in notifications.
Valerter streams logs from VictoriaLogs in real-time and sends notifications with the actual log line plus extracted context (host, site, service, port, user, etc.). The goal is to put the key debugging context in the alert itself (full log line + fields), so you can start investigating right away.
Some alerts are about trends ("how many errors over 5 minutes"). Others are about a critical event that just happened and requires immediate action.
Valerter is built for the second category: must-not-miss events where you want the full raw log line and enough context to act immediately—without jumping into a log explorer first.
Use Valerter when the question is:
- "Do I need to act on this immediately?"
- "What exactly happened (full log line) and where?"
Examples:
- "BPDU Guard triggered: port disabled on CORE-SW-01 Gi1/0/24"
- "Disk I/O error on db-prod-01: sda sector 22563104"
- "OOM killer on worker-03: killed process nginx (pid 2603)"
| Valerter | |
|---|---|
| Mode | Real-time streaming |
| VictoriaLogs API | /tail |
| Alert content | Full log line + extracted context |
| Typical latency | < 5 seconds |
See Cisco Switches example for a complete implementation.
- One Valerter for every VictoriaLogs you run. Tail prod, staging, per-region or per-tenant backends from a single instance; pin rules to a specific source or fan out across all of them, with isolated reconnects, per-source metrics, and a
vl_sourcelabel everywhere - Multi-channel notifications — Webhook (PagerDuty, Slack, Discord), Email SMTP, Mattermost, Telegram
- Full log context — Alerts include the actual log line and extracted fields
- Intelligent throttling — Avoid alert spam with per-key rate limiting
- Real-time alerting — Less than 5 seconds from log event to notification
- Declarative rules — YAML configuration with regex/JSON parsing
- Multi-file config — Split rules/templates/notifiers across
rules.d/,templates.d/,notifiers.d/ - Prometheus metrics — Built-in
/metricsendpoint for monitoring
# Install
curl -LO https://github.com/fxthiry/valerter/releases/latest/download/valerter_latest_amd64.deb
sudo dpkg -i valerter_latest_amd64.deb
# Configure
sudo vim /etc/valerter/config.yaml
# Start
sudo systemctl start valerter
sudo systemctl enable valerter# Download (x86_64, or aarch64 for ARM)
curl -LO https://github.com/fxthiry/valerter/releases/latest/download/valerter-linux-x86_64.tar.gz
tar -xzf valerter-linux-x86_64.tar.gz
cd valerter-linux-x86_64
# Validate and run
./valerter --validate -c config.example.yaml
./valerter -c config.example.yamlFor production installation with systemd, see Getting Started.
Example configuration:
victorialogs:
default:
url: "http://victorialogs:9428" # replace with your VictoriaLogs host
notifiers:
mattermost-ops:
type: mattermost
webhook_url: "https://mattermost.example.com/hooks/your-webhook-id" # replace with your real webhook
defaults:
throttle:
count: 5
window: 60s
timestamp_timezone: "UTC"
templates:
error_alert:
title: "Error detected"
body: "{{ _msg }}"
rules:
- name: "error_logs"
query: '_msg:~"(error|failed|critical)"' # adjust to match the events you care about
parser:
regex: '(?P<message>.*)'
notify:
template: "error_alert"
destinations:
- "mattermost-ops"Upgrading from v1.x? The config schema and Prometheus metrics changed in v2.0.0. See MIGRATION.md for the full guide.
- Getting Started — Installation and first setup
- Configuration — Full configuration reference
- Notifiers — Webhook, Email, Mattermost, Telegram setup
- Metrics — Prometheus metrics and alerting rules
- Performance — Benchmarks and capacity planning
- Architecture — How Valerter works
- Examples — Real-world configurations
- Multi-source example — Tail several VictoriaLogs backends from one Valerter instance
Contributions are welcome! See CONTRIBUTING.md for guidelines.
Apache License 2.0 — See LICENSE for details.
