feature: Added syslog auth failure to alert_rules.json (#6847)

2024-10-07 16:52:45 +00:00 · 2017-06-17 09:03:18 -05:00
parent 7a87f12380
commit 09103b2067
1 changed files with 6 additions and 0 deletions
--- a/misc/alert_rules.json
+++ b/misc/alert_rules.json
@@ -102,6 +102,12 @@
    "rule": "%wireless_sensors.sensor_class = 'clients' && %wireless_sensors.sensor_current >= %wireless_sensors.sensor_limit && %wireless_sensors.sensor_alert = \"1\" && %macros.device_up = \"1\"",
    "name": "Too many wireless clients"
  },
+  
+  {
+    "rule": "%syslog.timestamp > = %macros.past_5m && %syslog.msg ~ \"@authentication failure@\"",
+    "name": "Syslog, Authentication failure on Device"
+  },
+  
  {
    "rule": "Service warning",
    "name": "%services.service_status = \"1\""