Please i would be grateful if someone help me in " email alert " in the case of email alert in graylog 2.5, why the email does not send automaticcally when the action is triggered ….I receive the email if I do a " test alert "
You ask questions without offering background information.
- What configuration do you have in your server.conf (located at /etc/graylog/server/ by default on my Ubuntu) file that is related to e-mail? (post it)
- What is the configuration for the alert you are testing? (post it)
- Have you tested to see if your e-mail server will send/receive e-mail coming from the Graylog server (Telnet from Graylog server to e-mail server port 25 and run commands to send a test e-mail)
Whenever you post a question, you should say what you have looked and and tried, show what your current related configs are and post relevant log entries.
in centos 7 /etc/graylog/server/server.conf
I want to be notified automatically with email when there is a connection ssh failed to my VM zabbix
can i use AlertManager
Have you configured an alert condition or just the alert notification?
If you haven’t configured the alert condition, you won’t get an email because there is no alert being triggered.
Hi @Ponet Yes, you’re right , check with me please if i well configured the alert condition
Are you sure that the failed authentication messages are being routed into the “alert zabbix” stream?
The example message screenshot you posted in an earlier reply only appears to be in the “All Messages” stream.
In your example message, the field
full_message doesn’t exist.
Try with the field set to
Yes… Notice the message in the second section “This message would not be routed to this stream.”
You need to update the stream rule. It is looking for “Failed password” in the field
full_message. It isn’t going to match on your desired message because it doesn’t have a
Update your stream rule to check the
message field for the value “Failed password”.
Look at the actual rule. "Field
full_message must contain
When that rule tests against your message, it evaluates to false because the message does not contain the field
full_message. This means the message will not be routed into the stream.
Update that rule so that it is checking the
Your rule should then say: "Field
message must contain
Yes. Change the ‘Field’ value from
No. Please re-read what I wrote.
This is very simple. I cannot explain any better than I already have.
sorry bro ! I change the field " Value " ??