I set below script at Trigger.
-----------------
{<hostname>:log[/var/log/secure,"Accepted password for root from"].nodata(60)}=0
and
{<hostname>:log[/var/log/secure,"Accepted password for root from"].iregexp("<allowed IP address>")}=0
-----------------
But I receive email when <hostname> is accessed by client of allowed IP address.
I attached screen capture for Trigger's config and received email.
Please teach me improve idea.
-----------------
{<hostname>:log[/var/log/secure,"Accepted password for root from"].nodata(60)}=0
and
{<hostname>:log[/var/log/secure,"Accepted password for root from"].iregexp("<allowed IP address>")}=0
-----------------
But I receive email when <hostname> is accessed by client of allowed IP address.
I attached screen capture for Trigger's config and received email.
Please teach me improve idea.