Hi,
I wonder if anybody can help with this minor issue?
I'm succesfully using rsyslog to filter out messages from a firewall so only the stuff I'm interested in goes into the log file I'm monitoring.
The result is my network engineers receive an email whenever someone logs on and makes changes or we get an unexpected attack. The only problem is the Trigger always shows as a problem regardless of how long ago the entry hit the log file.
What I'd like to do is send the email but then reset the trigger to OK.
Can anybody suggest a way of doing this?
Cheers
Andy
I wonder if anybody can help with this minor issue?
I'm succesfully using rsyslog to filter out messages from a firewall so only the stuff I'm interested in goes into the log file I'm monitoring.
The result is my network engineers receive an email whenever someone logs on and makes changes or we get an unexpected attack. The only problem is the Trigger always shows as a problem regardless of how long ago the entry hit the log file.
What I'd like to do is send the email but then reset the trigger to OK.
Can anybody suggest a way of doing this?
Cheers
Andy
Comment