Alerting

Alert not Emailing

kholleran
Communicator

Hello,

I have an SMTP server that is unauthenticated. I have the server IP set up in Splunk Manager. I used this on a test splunk server within the same subnet (windows 2003 32 bit box) just fine.

However, my production box is not emailing (64 bit Win 2008 server - firewall opened for SMTP). I see the server connect to the mail server, then it disconnects without sending a message. My alert search criteria is returning results and should be emailing.

From mail Server:

07/28/2010 10:23:02 AM SMTP Server: SPLUNK_SERVER connected 07/28/2010 10:23:02 AM SMTP Server: SPLUNK_SERVER disconnected. 0 message[s] received

Is there anywhere else i can look? Is there a log file from Splunk that would clue me into what is happening when it is connecting to my mail server?

Thanks.

Kevin

Tags (1)
1 Solution

the_wolverine
Champion

Check the $SPLUNK_HOME/var/lib/splunk/python.log for errors related to email/smtp.

View solution in original post

kholleran
Communicator

Thanks! That had what I needed and found that the messages were being rejected as SPAM.... funny that the mail server log didn't say that....

Thanks again!

0 Karma

the_wolverine
Champion

Check the $SPLUNK_HOME/var/lib/splunk/python.log for errors related to email/smtp.

kholleran
Communicator

Note: the Splunk server and the mail server are on different subnets where as the test server that worked was on the same subnet. Not sure if that will make a difference.

Thanks for any help.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...