Alerting

Alert not Emailing

kholleran
Communicator

Hello,

I have an SMTP server that is unauthenticated. I have the server IP set up in Splunk Manager. I used this on a test splunk server within the same subnet (windows 2003 32 bit box) just fine.

However, my production box is not emailing (64 bit Win 2008 server - firewall opened for SMTP). I see the server connect to the mail server, then it disconnects without sending a message. My alert search criteria is returning results and should be emailing.

From mail Server:

07/28/2010 10:23:02 AM SMTP Server: SPLUNK_SERVER connected 07/28/2010 10:23:02 AM SMTP Server: SPLUNK_SERVER disconnected. 0 message[s] received

Is there anywhere else i can look? Is there a log file from Splunk that would clue me into what is happening when it is connecting to my mail server?

Thanks.

Kevin

Tags (1)
1 Solution

the_wolverine
Champion

Check the $SPLUNK_HOME/var/lib/splunk/python.log for errors related to email/smtp.

View solution in original post

kholleran
Communicator

Thanks! That had what I needed and found that the messages were being rejected as SPAM.... funny that the mail server log didn't say that....

Thanks again!

0 Karma

the_wolverine
Champion

Check the $SPLUNK_HOME/var/lib/splunk/python.log for errors related to email/smtp.

kholleran
Communicator

Note: the Splunk server and the mail server are on different subnets where as the test server that worked was on the same subnet. Not sure if that will make a difference.

Thanks for any help.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...