Hello,
I'm trying to setup a stream that will email an alert whenever there is a
failed ssh attempt.
Under the stream rule i have:
Field: message
Type: match regular expression
Value: Failed password for.+ from .+
That doesn't seem to work.
Any help would be appreciated.
Thanks
--
Thanks Marius, that seemed to do that trick.
On Wednesday, November 30, 2016 at 4:34:10 AM UTC-5, Marius Sturm wrote:
>
> Hi Marvin,
> the tags are used to define which configuration should be applied to a
> host. So it's up to you to add the tag to the collector_sidecar.yml
> file. Afterwards
