Hi,
You need to set the "frequency" attribute in rule 5712 to "1", this
attribute set the number of time (+2) that a rule needs to match to fire an
alert, by default the 5712 will show an alert when the 5710 appears at
least 8 times, changing to "1" will fire at 3th attempt. Please check
HI,
I set the email notify level to 3, and try to login into serverA through
ssh, It's work, I receive the email alert.
Thank you!
And I've other question, I want block the user ip when the user login
failed more then 3 times with ssh, then block the ip of user, I use 5712,
but it did not
Hi,
The email notification is triggered when an alert reach or overpass the
level defined in (by default is set to level 7),
setting this option to level 3 will send you email notifications for
successful logins attempts.
* option reference:*
