Real-time log alerting for VictoriaLogs with full log context in notifications.
Valerter streams logs from VictoriaLogs in real-time and sends notifications with the actual log line plus extracted context (host, site, service, port, user, etc.). The goal is to put the key debugging context in the alert itself (full log line + fields), so you can start investigating right away.
Some alerts are about trends ("how many errors over 5 minutes"). Others are about a critical event that just happened and requires immediate action.
Valerter is built for the second category: must-not-miss events where you want the full raw log line and enough context to act immediately—without jumping into a log explorer first.
Use Valerter when the question is:
- "Do I need to act on this immediately?"
- "What exactly happened (full log line) and where?"
Examples:
- "BPDU Guard triggered: port disabled on CORE-SW-01 Gi1/0/24"
- "Disk I/O error on db-prod-01: sda sector 22563104"
- "OOM killer on worker-03: killed process nginx (pid 2603)"
| Valerter | |
|---|---|
| Mode | Real-time streaming |
| VictoriaLogs API | /tail |
| Alert content | Full log line + extracted context |
| Typical latency | < 5 seconds |
See Cisco Switches example for a complete implementation.
- Multi-channel notifications — Webhook (PagerDuty, Slack, Discord), Email SMTP, Mattermost
- Full log context — Alerts include the actual log line and extracted fields
- Intelligent throttling — Avoid alert spam with per-key rate limiting
- Real-time alerting — Less than 5 seconds from log event to notification
- Declarative rules — YAML configuration with regex/JSON parsing
- Multi-file config — Split rules/templates/notifiers across
rules.d/,templates.d/,notifiers.d/ - Prometheus metrics — Built-in
/metricsendpoint for monitoring
# Install
curl -LO https://github.com/fxthiry/valerter/releases/latest/download/valerter_latest_amd64.deb
sudo dpkg -i valerter_latest_amd64.deb
# Configure
sudo vim /etc/valerter/config.yaml
# Start
sudo systemctl start valerter
sudo systemctl enable valerter# Download (x86_64, or aarch64 for ARM)
curl -LO https://github.com/fxthiry/valerter/releases/latest/download/valerter-linux-x86_64.tar.gz
tar -xzf valerter-linux-x86_64.tar.gz
cd valerter-linux-x86_64
# Validate and run
./valerter --validate -c config.example.yaml
./valerter -c config.example.yamlFor production installation with systemd, see Getting Started.
Example configuration:
victorialogs:
url: "http://victorialogs:9428"
notifiers:
mattermost-ops:
type: mattermost
webhook_url: "https://mattermost.example.com/hooks/your-webhook-id"
defaults:
throttle:
count: 5
window: 60s
timestamp_timezone: "UTC"
templates:
error_alert:
title: "Error detected"
body: "{{ _msg }}"
rules:
- name: "error_logs"
query: '_msg:~"(error|failed|critical)"'
parser:
regex: '(?P<message>.*)'
notify:
template: "error_alert"
destinations:
- "mattermost-ops"- Getting Started — Installation and first setup
- Configuration — Full configuration reference
- Notifiers — Webhook, Email, Mattermost setup
- Metrics — Prometheus metrics and alerting rules
- Performance — Benchmarks and capacity planning
- Architecture — How Valerter works
- Examples — Real-world configurations
Contributions are welcome! See CONTRIBUTING.md for guidelines.
Apache License 2.0 — See LICENSE for details.