I have configured Kiwi syslog to send error logs from servers however there is one device that is configured to receive syslog and write to file but there are not alerts set up to send email yet i am seeing this
PI Message to: firstname.lastname@example.org
PI Message from: email@example.com
PI Subject: Syslog message from 10.10.0.1
PI Date: Wed, 02 Dec 2020 18:27:53 -0500
PI Mail error: SMTP protocol error. 550 5.1.0 Sender is not allowed to send from xxx.com (R2).
10.10.0.1 is not configured to send any email alerts. How do i stop this queue , syslog is getting flooded and preventing other emails from being sent.
If that message is from a remote server(not the Kiwi server) then there is something that is trying to send email. If that is the Kiwi server the email address being used doesn't have the permissions to send email through that SMTP server.
You can set a rule in Kiwi to 'drop' those messages by matching on some unique text in the message and then using the 'stop processing' action.
The best solution is always to fix it at the source but if that can't be done the filter could be a workaround.
It definitely is something else that is trying to send the email but why is kiwi logging it? The email in the kiwi syslog is configured to use a different email server and email address to send outbound email.
Kiwi can be setup in the following sections to send emails to specific addresses:
If you've checked all of those locations and no email addresses have been configured, I believe it's safe to say that Kiwi is not the culprit sending emails.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.