Folks, I was playing with Graylog for some of log uses cases i had
1 ) alert user if there are multiple login failures within say 2 mins, and in the meanwhile say withing next 1 - 2 mins of occurence of this event , alert user if there is any configuration change. I was able to write a search rule on the web interface for login violation, but din't find a way to club the 2 event with one for co-relation. Can somebody help to know, how do we co-relate two different events with the search rule, is it possible with Graylog ? --Cheers, Cyberjog -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f891177e-668e-4318-a98f-ee6711685310%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
