Hi All,
Can someone please help me with this.
I’m creating a rule on my syslog.
the alert is for Auth Failure for Mails so under syslog.msg but I need to filter the msg
at the moment this is what I’m getting on the Alert
do_auth : auth failure: [user=xx] [service=smtp] [realm=xx] [mech=pam] [reason=PAM auth error]
and I want the alert to only give this
user=xx
Thanks All