Valerter

Real-time log alerting for VictoriaLogs with full log context in notifications.

What is Valerter?

Valerter streams logs from VictoriaLogs in real-time and sends notifications with the actual log line plus extracted context (host, site, service, port, user, etc.). The goal is to put the key debugging context in the alert itself (full log line + fields), so you can start investigating right away.

Pipeline: VictoriaLogs → Parse → Throttle → Template → Notify

Why Valerter?

Some alerts are about trends (“how many errors over 5 minutes”). Others are about a critical event that just happened and requires immediate action.

Valerter is built for the second category: must-not-miss events where you want the full raw log line and enough context to act immediately—without jumping into a log explorer first.

When Valerter is the right tool

Use Valerter when the question is:

“Do I need to act on this immediately?”
“What exactly happened (full log line) and where?”

Examples:

“BPDU Guard triggered: port disabled on CORE-SW-01 Gi1/0/24”
“Disk I/O error on db-prod-01: sda sector 22563104”
“OOM killer on worker-03: killed process nginx (pid 2603)”

	Valerter
Mode	Real-time streaming
VictoriaLogs API	`/tail`
Alert content	Full log line + extracted context
Typical latency	< 5 seconds

See Cisco Switches example for a complete implementation.

Features

Multi-channel notifications — Webhook (PagerDuty, Slack, Discord), Email SMTP, Mattermost
Full log context — Alerts include the actual log line and extracted fields
Intelligent throttling — Avoid alert spam with per-key rate limiting
Real-time alerting — Less than 5 seconds from log event to notification
Declarative rules — YAML configuration with regex/JSON parsing
Multi-file config — Split rules/templates/notifiers across rules.d/, templates.d/, notifiers.d/
Prometheus metrics — Built-in /metrics endpoint for monitoring

Quick Start

Debian/Ubuntu (.deb)

# Install
curl -LO https://github.com/fxthiry/valerter/releases/latest/download/valerter_latest_amd64.deb
sudo dpkg -i valerter_latest_amd64.deb

# Configure
sudo vim /etc/valerter/config.yaml

# Start
sudo systemctl start valerter
sudo systemctl enable valerter

Static Binary

# Download (x86_64, or aarch64 for ARM)
curl -LO https://github.com/fxthiry/valerter/releases/latest/download/valerter-linux-x86_64.tar.gz
tar -xzf valerter-linux-x86_64.tar.gz
cd valerter-linux-x86_64

# Validate and run
./valerter --validate -c config.example.yaml
./valerter -c config.example.yaml

For production installation with systemd, see Getting Started.

Example configuration:

victorialogs:
  url: "http://victorialogs:9428"

notifiers:
  mattermost-ops:
    type: mattermost
    webhook_url: "https://mattermost.example.com/hooks/your-webhook-id"

defaults:
  throttle:
    count: 5
    window: 60s
  timestamp_timezone: "UTC"

templates:
  error_alert:
    title: "Error detected"
    body: ""

rules:
  - name: "error_logs"
    query: '_msg:~"(error|failed|critical)"'
    parser:
      regex: '(?P<message>.*)'
    notify:
      template: "error_alert"
      destinations:
        - "mattermost-ops"

Documentation

Getting Started — Installation and first setup
Configuration — Full configuration reference
Notifiers — Webhook, Email, Mattermost setup
Metrics — Prometheus metrics and alerting rules
Performance — Benchmarks and capacity planning
Architecture — How Valerter works
Examples — Real-world configurations

Contributing

Contributions are welcome! See CONTRIBUTING.md for guidelines.

License

Apache License 2.0 — See LICENSE for details.

This site is open source. Improve this page.