Closed berekese closed 7 years ago
Hi, I have this entry on graylog:
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.X.X user=root
I have created a rule in Aggregate with this: http://i65.tinypic.com/2s6txxk.jpg
But I don't receive any email. However if I test emails I receive it without problems, how could I debug it?
Test email: ########## Alert Description: Dummy alert to test notifications Date: 2017-07-19T05:49:14.840Z Stream ID: 5937b0300a975a01cf533226 Stream title: SSH Stream description: SSH Alert Condition Title: Test Alert Stream URL: http://192.168.X.X/streams/5937b0300a975a01cf533226/messages?rangetype=absolute&from=2017-07-19T05:44:14.840Z&to=2017-07-19T05:49:14.840Z&q=*
Triggered condition: 5f40df8b-b1a3-4226-97a3-2c3d610602dc:dummy={Dummy alert to test notifications}, stream:={5937b0300a975a01cf533226: "SSH"} ##########
Hi, I have this entry on graylog:
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.X.X user=root
I have created a rule in Aggregate with this: http://i65.tinypic.com/2s6txxk.jpg
But I don't receive any email. However if I test emails I receive it without problems, how could I debug it?
Test email: ########## Alert Description: Dummy alert to test notifications Date: 2017-07-19T05:49:14.840Z Stream ID: 5937b0300a975a01cf533226 Stream title: SSH Stream description: SSH Alert Condition Title: Test Alert Stream URL: http://192.168.X.X/streams/5937b0300a975a01cf533226/messages?rangetype=absolute&from=2017-07-19T05:44:14.840Z&to=2017-07-19T05:49:14.840Z&q=*
Triggered condition: 5f40df8b-b1a3-4226-97a3-2c3d610602dc:dummy={Dummy alert to test notifications}, stream:={5937b0300a975a01cf533226: "SSH"} ##########