{Template System Logs:log[/var/log/secure,(Failed|failed|Error|err)].str(Failed)}=1 or {Template System Logs:log[/var/log/secure,(Failed|failed|Error|err)].str(failed)}=1 or {Template System Logs:log[/var/log/secure,(Failed|failed|Error|err)].str(Error)}=1 or {Template System Logs:log[/var/log/secure,(Failed|failed|Error|err)].str(err)}=1 and {Template System Logs:log[/var/log/secure,(Failed|failed|Error|err)].nodata(60)}=0当出现failed,Failed,Error,err关键字解发告警,并且在60秒内未匹配到关键字告警恢复
log[/var/log/secure,"Error|err|Failed|failed",,,,,,]
/var/log/secure日志监控