Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

splunk email alerts failing on send

buckmaster60
New Member
‎12-15-2011 07:24 AM

Testing splunk monitoring, alerts, notifications before purchase. Looking for a tool to monitor a large hosting facility. Monitoring vSphere 5, virtual machines, switches, routers, physical boxes to start with.

Running Splunk 4.2.5, using Zimbra email server. I'm able to use vCenter to send alerts, use the Basebaord Management Console on the ESX servers to send alerts no problem. I created an account splunk.events on the Zimbra server. Can log into Zimbra as splunk.events and send email. However, splunk is failing to send alert emails? The log /opt/splunk/var/log/splunk has the following error "ERROR SMTP AUTH EXTENSION NOT SUPPORTED BY SERVER WHILE SENDING TO". I can't figure out why it's failing on SMTP when my other systems are able to send alerts?

Thanks

Tags (3)
0 Karma
Reply

gavind
Explorer
‎03-29-2013 11:32 AM

I had this issue once. Try to stop "sendmail" service. It's posing a service port conflict.

0 Karma
Reply

buckmaster60
New Member
‎01-02-2012 05:51 AM

Thanks for the responses. I have setup the fields in the Splunk Manager for email. I can log into Zimbra as splunk.events and send email manually. I guess I'm missing something simple. My other alerting accounts on vCenter and ESX can send alerts with no problems. I wonder how splunk is different?

0 Karma
Reply

RubenOlsen
Path Finder
‎12-28-2011 04:06 AM

Have you by any chance set up authentication in the Splunk Manager > System settings > Email alert settings dialogue? I.e. entered anything in the Username and Password fields?

Based on the error message you posted, it seems that the error message is coming from Zimbra, and that Zimbra is not configures to support authentication by SMTP.

Unless your organization is extremely security conscious with regards to how the internal networks components are set up - any kind of SMTP authentication is probably turned off.

\Ruben

Reply

buckmaster60
New Member
‎12-27-2011 12:38 PM

I guess splunk does not monitor these post?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...