Hi, make sure that the system time and the hardware clock of the machine running Graylog is correct (properly synced and in the correct timezone).
Cheers, Jochen On Thursday, 12 May 2016 17:37:07 UTC+2, chrom...@gmail.com wrote: > > *2016-05-12 14:19:48.000* > May 12 15:19:48 localhost sshd[25142]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.30.4.10 user=root > *2016-05-12 14:03:12.000* > May 12 15:03:12 localhost sshd[24470]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.30.4.10 user=root > *2016-05-12 14:03:03.000* > May 12 15:03:03 localhost sshd[24468]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.30.4.10 user=root > *2016-05-12 13:55:46.000* > May 12 14:55:46 localhost sshd[1737]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.30.4.10 user=root > > > here are my current configuration timings > > Time configuration > > Dealing with timezones can be confusing. Here you can see the timezone > applied to different components of your system. You can check timezone > settings of specific graylog-server nodes on their respective detail page. > User *admin*: 2016-05-12 15:30:22.375 +00:00Your web browser:2016-05-12 > 15:30:22.830 +00:00Web interface default JDK/JRE: 2016-05-12 15:30:22.375 > +00:00Web interface configuration: 2016-05-12 15:30:22.375 +00:00Graylog > master server: 2016-05-12 15:30:22.375 +00:00 > > > Time difference is about 2 hours i don't know what is happening here. > > > The alert condition that i am running on is Field content value condition > Alert is triggered when messages matching <type:"syslog"> are > received.Grace period: 0 minutes. Including last message in alert > notification. > > > if the alert condition is set to > Message count condition > Alert is triggered when there is more than 1 message in the last 120 > minutes. Grace period: 0 minutes. Including last message in alert > notification. > > it will work but i get 10-12 emails of the same alert. > > > Can anyone help me on this ? > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/08781806-f96a-4b6a-b601-6694ff68f832%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
