Alerting

Alert not Emailing

kholleran
Communicator

Hello,

I have an SMTP server that is unauthenticated. I have the server IP set up in Splunk Manager. I used this on a test splunk server within the same subnet (windows 2003 32 bit box) just fine.

However, my production box is not emailing (64 bit Win 2008 server - firewall opened for SMTP). I see the server connect to the mail server, then it disconnects without sending a message. My alert search criteria is returning results and should be emailing.

From mail Server:

07/28/2010 10:23:02 AM SMTP Server: SPLUNK_SERVER connected 07/28/2010 10:23:02 AM SMTP Server: SPLUNK_SERVER disconnected. 0 message[s] received

Is there anywhere else i can look? Is there a log file from Splunk that would clue me into what is happening when it is connecting to my mail server?

Thanks.

Kevin

Tags (1)
1 Solution

the_wolverine
Champion

Check the $SPLUNK_HOME/var/lib/splunk/python.log for errors related to email/smtp.

View solution in original post

kholleran
Communicator

Thanks! That had what I needed and found that the messages were being rejected as SPAM.... funny that the mail server log didn't say that....

Thanks again!

0 Karma

the_wolverine
Champion

Check the $SPLUNK_HOME/var/lib/splunk/python.log for errors related to email/smtp.

kholleran
Communicator

Note: the Splunk server and the mail server are on different subnets where as the test server that worked was on the same subnet. Not sure if that will make a difference.

Thanks for any help.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...