First of all,
Graylog 2.4.6+ceaa7e4 (Oracle Corporation 1.8.0_73 on Linux 4.9.0-4-amd64)
Secund of all, i’ve configured my graylog with streams that match a specific IP address. Then i’ve configured alerts to match specific words (“Accepted”, to match SSH logins)
Then i SSH my server, at 4pm. I can see in Graylog my ssh login, at 4pm.
I will receive the mail only at 6pm, tellimg me that there has been a match “Accepted” at 4pm.
Did I misconfigure something ?
Thank you for your tips!