Hello everyone,
Please i would be grateful if someone help me in " email alert " in the case of email alert in graylog 2.5, why the email does not send automaticcally when the action is triggered ….I receive the email if I do a " test alert "
You ask questions without offering background information.
- What configuration do you have in your server.conf (located at /etc/graylog/server/ by default on my Ubuntu) file that is related to e-mail? (post it)
- What is the configuration for the alert you are testing? (post it)
- Have you tested to see if your e-mail server will send/receive e-mail coming from the Graylog server (Telnet from Graylog server to e-mail server port 25 and run commands to send a test e-mail)
Whenever you post a question, you should say what you have looked and and tried, show what your current related configs are and post relevant log entries.
in centos 7 /etc/graylog/server/server.conf
I want to be notified automatically with email when there is a connection ssh failed to my VM zabbix
can i use AlertManager
Have you configured an alert condition or just the alert notification?
If you haven’t configured the alert condition, you won’t get an email because there is no alert being triggered.
Are you sure that the failed authentication messages are being routed into the “alert zabbix” stream?
The example message screenshot you posted in an earlier reply only appears to be in the “All Messages” stream.
In your example message, the field full_message
doesn’t exist.
Try with the field set to message
.
Yes… Notice the message in the second section “This message would not be routed to this stream.”
You need to update the stream rule. It is looking for “Failed password” in the field full_message
. It isn’t going to match on your desired message because it doesn’t have a full_message
field.
Update your stream rule to check the message
field for the value “Failed password”.
Look at the actual rule. "Field full_message
must contain Failed password
".
When that rule tests against your message, it evaluates to false because the message does not contain the field full_message
. This means the message will not be routed into the stream.
Update that rule so that it is checking the message
field.
Your rule should then say: "Field message
must contain Failed password
"
Yes. Change the ‘Field’ value from full_message
to message
.
No. Please re-read what I wrote.
This is very simple. I cannot explain any better than I already have.
sorry bro ! I change the field " Value " ??