Hi,
I have item on template:
log[/var/log/auth.log.1,Accepted,UTF-8]
and I have trigger for this:
{Other alerts:log[/var/log/auth.log.1,Accepted,UTF-8].str(Accepted)}=1
Now when someone login to ssh I receive e-mail for example:
1. SSH Login (XXX:log[/var/log/auth.log.1,Accepted,UTF-8]): Jan 8 13:17:15 XXX sshd[23854]: Accepted publickey for root from 111.111.111.111 port 58183 ssh2
2. SSH Login (XXX:log[/var/log/auth.log.1,Accepted,UTF-8]): Jan 8 13:17:15 XXX sshd[23854]: Accepted publickey for root from 222.222.222.222 port 58183 ssh2
Question,
How can I exclude IP address from example 2 for email sending?
I mean I want to know only if someone login to ssh from unknown IP address.
I have item on template:
log[/var/log/auth.log.1,Accepted,UTF-8]
and I have trigger for this:
{Other alerts:log[/var/log/auth.log.1,Accepted,UTF-8].str(Accepted)}=1
Now when someone login to ssh I receive e-mail for example:
1. SSH Login (XXX:log[/var/log/auth.log.1,Accepted,UTF-8]): Jan 8 13:17:15 XXX sshd[23854]: Accepted publickey for root from 111.111.111.111 port 58183 ssh2
2. SSH Login (XXX:log[/var/log/auth.log.1,Accepted,UTF-8]): Jan 8 13:17:15 XXX sshd[23854]: Accepted publickey for root from 222.222.222.222 port 58183 ssh2
Question,
How can I exclude IP address from example 2 for email sending?
I mean I want to know only if someone login to ssh from unknown IP address.