*2016-05-12 14:19:48.000* May 12 15:19:48 localhost sshd[25142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.30.4.10 user=root *2016-05-12 14:03:12.000* May 12 15:03:12 localhost sshd[24470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.30.4.10 user=root *2016-05-12 14:03:03.000* May 12 15:03:03 localhost sshd[24468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.30.4.10 user=root *2016-05-12 13:55:46.000* May 12 14:55:46 localhost sshd[1737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.30.4.10 user=root
here are my current configuration timings Time configuration Dealing with timezones can be confusing. Here you can see the timezone applied to different components of your system. You can check timezone settings of specific graylog-server nodes on their respective detail page. User *admin*: 2016-05-12 15:30:22.375 +00:00Your web browser:2016-05-12 15:30:22.830 +00:00Web interface default JDK/JRE: 2016-05-12 15:30:22.375 +00:00Web interface configuration: 2016-05-12 15:30:22.375 +00:00Graylog master server: 2016-05-12 15:30:22.375 +00:00 Time difference is about 2 hours i don't know what is happening here. The alert condition that i am running on is Field content value condition Alert is triggered when messages matching <type:"syslog"> are received.Grace period: 0 minutes. Including last message in alert notification. if the alert condition is set to Message count condition Alert is triggered when there is more than 1 message in the last 120 minutes. Grace period: 0 minutes. Including last message in alert notification. it will work but i get 10-12 emails of the same alert. Can anyone help me on this ? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/22eed039-5c7f-44b3-ba7b-e8cea7a8bf97%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.