i created a stream that successfully fetch the logs. But whenever i create alert it throws the error – Condition was not satisfied and an Alert would not be triggered
And so i am unable to set notification and get mail for the logs.
Thanks
Hello && Welcome
For us to help you further we need some more information about your environment. For better understanding take a look here.
- What kind of input did you use for this stream?
- Could you show your configurations input? This will tell me what kind of fields your using.
- What is this stream for (Linux, Windows, etc…)?
- How did you create this alert?
- What steps did you take in this processes?
- Could you show how you configured the trigger? Unfortunately this does not have a lot of information needed to help troubleshooting your issue.
- Have you checked all your log files on this server that may pertain to this issue?
- If so, could you post you log files and when you do please use the Markup, Thanks.
- How did you configure you notification template?
- Did you check you log files for this issue?
- Do you see errors/warning on the Web UI?
- If so, what does it show?
Thanks for you help and support
Before answer if you can tell me the proper step to set the graylog alert to get email for the logs to my email, i don’t have a mail server still i want to get log mails.
Need—
- I need to get the mail of my linux server log which i added.
- Proper step and every Arguments pass to the streams, alert condition and notification.
- If there is need to create another indices rather than default on then also the detailed step to create indices.
Before I created the stream i created indices with the name linux logs.
System info-----
NAME=“Ubuntu”
VERSION=“18.04.5 LTS (Bionic Beaver)”
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME=“Ubuntu 18.04.5 LTS”
VERSION_ID=“18.04”
Please post your SMTP config in graylog server.conf. Probably you didn’t setup it correctly, or your firewall is blocking port 465 to internet.
Try these:
- Change
transport_email_from_email =to your real gmail email adress (same as used intransport_email_auth_username - Check that your firewall don’t block port 587/tcp to smtp.gmail.com from graylog box
- Enable Less secure apps in google settings if not enabled
Less secure apps & your Google Account - Google Account Help - If you use MFA (2-step verification), use App password instead of normal password
Sign in with App Passwords - Google Account Help
can you also guide me to configure the streams, alert and notification to get mail from graylog.
thanks
Don’t forget to also change Sender (optional) field in alert notification settings to real email address.
Still I don’t know where you have a problem, where include error message.
graylog not responded.
failed!
Hello,
If this is NOT a production server, instead of using Google have you tried to use “sendmail” or postfix on you graylog server instead of Google.
For example to simplify things I installed “sendmail”. Simple instructions to follow.
After Sendmail was started and enabled on my server I configured my Graylog Server config like this.
transport_email_enabled = true
transport_email_hostname = localhost
tansport_email_port = 25
transport_email_subject_prefix = [graylog]
transport_email_from_email = root@graylog-lab.com
transport_email_web_interface_url = https://8.8.8.8:9000
Last I configured my firewall to all mail port through
sudo ufw allow 25/tcp
Once your able to send mail you can fine tune your configuration to a more secure settings.
I assume your Graylog server will not start? If so, show us you configurations you made so we could identify any misconfigurations in your Graylog config file. If your having issues, showing your Log files would be appreciated.
If this is not the route you prefer then I would highly suggest you look over the links provided by @shoothub again. I believe you may have missed something.
Firewall is already disabled.
Hello,
To be honest that really doesn’t help troubleshoot your issue.
Might find your answer here.
Hope that helps
Thanks for help
I got mail but also get a eroor like this—
(javax.mail.internet.AddressException: Missing final ‘@domain’ in string ``“abhinav.pandey@tech-bridge.biz”’’)
Hello
These may solve you issue.